etcd 备份还原

etcd 备份还原

1. 查看 etcdctl 是否已经安装

# quick check if etcdctl is available or not
ETCDCTL_API=3 etcdctl --help | head

2. 安装 etcdctl

# 获取 etcd 版本信息
kubectl exec -it etcd-master -n kube-system -- /bin/sh -c 'ETCDCTL_API=3 /usr/local/bin/etcd --version' | head

# 下载
export RELEASE="3.4.3"
https://github.com/etcd-io/etcd/releases/download/v${RELEASE}/etcd-v${RELEASE}-linux-amd64.tar.gz

# 解压
tar -zxvf etcd-v${RELEASE}-linux-amd64.tar.gz

# 将 etcdctl 拷贝到 、usr/local/bin 目录
cd etcd-v${RELEASE}-linux-amd64
cp etcdctl /usr/local/bin

3. 备份

# create a secret
kubectl create secret generic test-secret \
 --from-literal=username='svcaccount' \
 --from-literal=password='password' 
 
 # Verify we are connecting to the right cluster ... define your endpoints and keys 
 ENDPOINT=https://127.0.0.1:2379
 ETCDCTL_API=3 etcdctl --endpoints=$ENDPOINT \
     --cacert=/etc/kubernetes/pki/etcd/ca.crt \
     --cert=/etc/kubernetes/pki/etcd/server.crt \
     --key=/etc/kubernetes/pki/etcd/server.key \
     member list

# Take the backup 
ETCDCTL_API=3 etcdctl --endpoints=$ENDPOINT \
     --cacert=/etc/kubernetes/pki/etcd/ca.crt \
     --cert=/etc/kubernetes/pki/etcd/server.crt \
     --key=/etc/kubernetes/pki/etcd/server.key \
    snapshot save /var/lib/dat-backup.db
 
 # Read the metadata from the backup/snapshot to print out the snapshot status 
 ETCDCTL_API=3 etcdctl --write-out=table snapshot status /var/lib/dat-backup.db

4. 还原

# Delete the secrets
 kubectl delete secret test-secret
 
 # Restore the backup 
  ETCDCTL_API=3 etcdctl snapshot restore /var/lib/dat-backup.db
  
  # Confirm our data is in the restore directory, you should see default.etcd 
  ls -l
  
  # Move the old etcd data to a safe location 
  mv /var/lib/etcd /var/lib/etcd.OLD
  
  # Restart the static pod for etcd 
  # if you use kubectl delete it will NOT restart the static pod as it is managed by the kubelet not a controller 
  docker ps | grep k8s_etcd
  CONTAINER_ID=$(docker ps | grep k8s_etcd | awk '{ print $1 }')
  echo $CONTAINER_ID
  
  # Stop the container from our etcd pod and move restored data into place
  docker stop $CONTAINER_ID
  rm -rf /var/lib/etcd/member
  mv ./default.etcd/member /var/lib/etcd