Etcd Backup and Restore (1)
Cheedge LeeTable of contents
1. Backup Etcd
1.1 SSH to node
ssh controlplane
(Optional) Check etcd
kubectl get pods -n kube-system | grep etcd-controlplane
1.2 Set env var
Set Environment Variables for etcdctl Ensure you have the correct etcdctl environment variables configured.
export ETCDCTL_API=3
export ETCDCTL_CACERT=/etc/kubernetes/pki/etcd/ca.crt
export ETCDCTL_CERT=/etc/kubernetes/pki/etcd/server.crt
export ETCDCTL_KEY=/etc/kubernetes/pki/etcd/server.key
export ETCDCTL_ENDPOINTS=https://127.0.0.1:2379
/etc/kubernetes/pki/etcd/ca.crt: This is the default location for the Certificate Authority (CA) file used by etcd./etc/kubernetes/pki/etcd/server.crt: This is the default location for the server certificate for etcd./etc/kubernetes/pki/etcd/server.key: This is the default location for the private key of the etcd server. Alternatively, you can use it as option parameters in next stepsetcdctl(oretcdutl) command.
1.2.1 Certs locations
If you did not use kubeadm to set up the cluster or have a custom setup, the certificates might be stored in different locations. You can verify the actual locations of these files by inspecting the etcd pod manifest or configuration:
- Check it in manifests file
cat /etc/kubernetes/manifests/etcd.yaml | grep -E 'cert|key|trusted-ca'
then confirm they are exactly exist.
- Update the path
Update the ETCDCTL_CACERT, ETCDCTL_CERT, and ETCDCTL_KEY environment variables with the correct paths, and confirm connectivity using the etcdctl endpoint health command:
etcdctl endpoint health
1.3 Backup
etcdctl snapshot save /opt/cluster_backup.db > /opt/backup.txt 2>&1
if you don't have the authority operate in /opt, please add sudo before
write the data to
backup.txtand redirection std error to output2>&1is not a reqirement here, just make you can see more details. The/opt/backup.txtwill record the info like:
{"level":"info","ts":1735315811.940276,"caller":"snapshot/v3_snapshot.go:68","msg":"created temporary db file","path":"/opt/cluster_backup.db.part"}
{"level":"info","ts":1735315811.953612,"logger":"client","caller":"v3/maintenance.go:211","msg":"opened snapshot stream; downloading"}
{"level":"info","ts":1735315811.9553618,"caller":"snapshot/v3_snapshot.go:76","msg":"fetching snapshot","endpoint":"https://127.0.0.1:2379"}
{"level":"info","ts":1735315812.18442,"logger":"client","caller":"v3/maintenance.go:219","msg":"completed snapshot read; closing"}
{"level":"info","ts":1735315812.1998074,"caller":"snapshot/v3_snapshot.go:91","msg":"fetched snapshot","endpoint":"https://127.0.0.1:2379","size":"7.1 MB","took":"now"}
{"level":"info","ts":1735315812.200861,"caller":"snapshot/v3_snapshot.go:100","msg":"saved","path":"/opt/cluster_backup.db"}
2. Reference
Subscribe to my newsletter
Read articles from Cheedge Lee directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
Cheedge Lee
Cheedge Lee
Some blogs are from my previous blogs, even though I have renovated and checked before migration, but there may be still some parts out of date. (https://blog.sina.com.cn/u/1784323047 or https://blog.csdn.net/li_6698230?type=blog, if they're still accessible.)