DEV Community

Cheedge Lee
Cheedge Lee

Posted on • Edited on • Originally published at notes-renovation.hashnode.dev

Etcd Backup and Restore (1)

1. Backup Etcd

1.1 SSH to node 

ssh controlplane
Enter fullscreen mode Exit fullscreen mode

(Optional) Check etcd 

kubectl get pods -n kube-system | grep etcd-controlplane
Enter fullscreen mode Exit fullscreen mode

1.2 Set env var

Set Environment Variables for etcdctl Ensure you have the correct etcdctl environment variables configured.

export ETCDCTL_API=3
export ETCDCTL_CACERT=/etc/kubernetes/pki/etcd/ca.crt
export ETCDCTL_CERT=/etc/kubernetes/pki/etcd/server.crt
export ETCDCTL_KEY=/etc/kubernetes/pki/etcd/server.key
export ETCDCTL_ENDPOINTS=https://127.0.0.1:2379
Enter fullscreen mode Exit fullscreen mode
  • /etc/kubernetes/pki/etcd/ca.crt: This is the default location for the Certificate Authority (CA) file used by etcd.
  • /etc/kubernetes/pki/etcd/server.crt: This is the default location for the server certificate for etcd.
  • /etc/kubernetes/pki/etcd/server.key: This is the default location for the private key of the etcd server. Alternatively, you can use it as option parameters in next steps etcdctl (or etcdutl) command.

1.2.1 Certs locations

If you did not use kubeadm to set up the cluster or have a custom setup, the certificates might be stored in different locations. You can verify the actual locations of these files by inspecting the etcd pod manifest or configuration:

  1. Check it in manifests file 
cat /etc/kubernetes/manifests/etcd.yaml | grep -E 'cert|key|trusted-ca'
Enter fullscreen mode Exit fullscreen mode

then confirm they are exactly exist.

  1. Update the path Update the ETCDCTL_CACERT, ETCDCTL_CERT, and ETCDCTL_KEY environment variables with the correct paths, and confirm connectivity using the etcdctl endpoint health command: 
etcdctl endpoint health
Enter fullscreen mode Exit fullscreen mode

1.3 Backup 

etcdctl snapshot save /opt/cluster_backup.db > /opt/backup.txt 2>&1
Enter fullscreen mode Exit fullscreen mode
  1. if you don't have the authority operate in /opt, please add sudo before
  2. write the data to backup.txt and redirection std error to output 2>&1 is not a reqirement here, just make you can see more details. The /opt/backup.txt will record the info like: 
{"level":"info","ts":1735315811.940276,"caller":"snapshot/v3_snapshot.go:68","msg":"created temporary db file","path":"/opt/cluster_backup.db.part"}
{"level":"info","ts":1735315811.953612,"logger":"client","caller":"v3/maintenance.go:211","msg":"opened snapshot stream; downloading"}
{"level":"info","ts":1735315811.9553618,"caller":"snapshot/v3_snapshot.go:76","msg":"fetching snapshot","endpoint":"https://127.0.0.1:2379"}
{"level":"info","ts":1735315812.18442,"logger":"client","caller":"v3/maintenance.go:219","msg":"completed snapshot read; closing"}
{"level":"info","ts":1735315812.1998074,"caller":"snapshot/v3_snapshot.go:91","msg":"fetched snapshot","endpoint":"https://127.0.0.1:2379","size":"7.1 MB","took":"now"}
{"level":"info","ts":1735315812.200861,"caller":"snapshot/v3_snapshot.go:100","msg":"saved","path":"/opt/cluster_backup.db"}
Enter fullscreen mode Exit fullscreen mode

3. Reference

Backing up an etcd cluster

Top comments (0)