4、etcd的备份与恢复
1. 考题内容:
2. 答题思路:
1、ssh到有etcdctl、etcdutl命令的节点
2、备份时注意添加证书并保证路径正确
3、备份完可以验证下
4、恢复备份时要停服务,恢复备份后重启kubelet
题型是一样的,我考的证书的路径是
ca证书:/etc/kubernetes/pki/etcd/ca.crt
客户端证书:/etc/kubernetes/pki/etcd/peer.crt
客户端秘钥:/etc/kubernetes/pki/etcd/peer.key
其他都一模一样。
3. 官网地址:
https://kubernetes.io/zh-cn/docs/tasks/administer-cluster/configure-upgrade-etcd/
4. 考题答案:
切换环境
kubectl config use-context k8s
#按题目要求ssh到有etcdctl、etcdutl命令的节点
ssh k8s-node-0
备份
# 1).备份命令
ETCDCTL_API=3 etcdctl --endpoints 127.0.0.1:2379 \
--cacert=/etc/kubernetes/pki/etcd/ca.crt \
--cert=/etc/kubernetes/pki/etcd/peer.crt \
--key=/etc/kubernetes/pki/etcd/peer.key \
snapshot save /srv/data/etcd-snapshot.db
# 2).验证备份的快照
etcdutl --write-out=table snapshot status /srv/data/etcd-snapshot.db
恢复
# 1).创建/opt/backup目录
mkdir /opt/backup
# 2).备份集群的yaml文件,同时也停止这些服务
mv /etc/kubernetes/manifests/* /opt/backup/
# 3).恢复备份
ETCDCTL_API=3 etcdctl --endpoints 127.0.0.1:2379 \
--cert=/etc/kubernetes/pki/etcd/server.crt \
--key=/etc/kubernetes/pki/etcd/server.key \
--cacert=/etc/kubernetes/pki/etcd/ca.crt \
--data-dir /var/lib/etcd-restore snapshot restore /data/backup/etcd-snapshot-previous.db
# 4).修改etcd.yaml
vim /opt/backup/etcd.yaml
...
volumes:
- hostPath:
path: /etc/kubernetes/ki/etcd
type: DirectoryOrCreate
name: etcd-certs
- hostPath:
path: /var/lib/etcd-restore # 将volume 配置的 path:/var/lib/etcd 改成 /var/lib/etcd-restore
# 5).恢复备份的yaml文件
mv /opt/backup/* /etc/kubernetes/manifests/
# 6).重启kubelet
systemctl restart kubelet
5. 验证:
# 1).检查集群环境etcd的状态
kubectl get pod -A
# 2).检查etcd恢复目录是否有数据
ls /var/lib/etcd-restore