etcd 备份与恢复
复制代码
# 安装 etcdctl 命令
# 方式一:
docker cp $(docker ps | grep -v etcd-mirror | grep -w etcd| awk '{print $1}'):/usr/local/bin/etcdctl /usr/bin
# 方式二:
wget https://github.com/etcd-io/etcd/releases/download/v3.5.10/etcd-v3.5.10-linux-arm64.tar.gz
tar -xf etcd-v3.5.10-linux-arm64.tar.gz
cd etcd-v3.5.10-linux-amd64
cp etcd* /usr/sbin
# Kubernetes 集群备份主要是备份 ETCD 集群。而恢复时,主要考虑恢复整个顺序:
-------------- 停止kube-apiserver --> 停止ETCD --> 恢复数据 --> 启动ETCD --> 启动kube-apiserve ------------------
# 注意:备份ETCD集群时,只需要备份一个ETCD就行,恢复时,拿同一份备份数据恢复。
etcd备份
复制代码
# 单主节点脚本
vim etcd-bak.sh
#!/bin/bash
SNAPSHOT_DIR="/var/lib/etcd-bak"
SNAPSHOT_FILE="${SNAPSHOT_DIR}/etcd-snapshot-$(date +%F-%T).db"
mkdir -p "${SNAPSHOT_DIR}"
ETCDCTL_API=3 etcdctl snapshot save "${SNAPSHOT_FILE}" \
--endpoints="https://localhost:2379" \
--cacert="/etc/kubernetes/pki/etcd/ca.crt" \
--cert="/etc/kubernetes/pki/etcd/server.crt" \
--key="/etc/kubernetes/pki/etcd/server.key"
# 备份文件在/var/lib/etcd/member-bak
etcd 恢复
复制代码
# 所有服务配置文件存放位置 /etc/kubernetes/manifests
# 还原数据时需保证 apiServer 和 etcd 处于关闭状态,最简单的方式就是 mv manifests manifests_back
# 流程:
停止kube-apiserver --> 停止ETCD --> 恢复数据 --> 启动ETCD --> 启动kube-apiserve
# 如果是按照文档部署的话 停止kubelet 即可
systemctl stop kubelet
# 恢复数据
--data-dir指向的目录不能提前存在 需要提前删除 etcd目录
etcd-master 当前节点etcd名称
--initial-advertise-peer-urls 为当前节点地址
--initial-cluster-token 集群认证token
## 需要删除或者移走这个目录
rm -rf /var/lib/etcd
## 恢复
ETCDCTL_API=3 etcdctl --initial-cluster etcd-master=https://192.168.174.136:2380 --initial-advertise-peer-urls https://192.168.174.136:2380 --initial-cluster-token="k8s_etcd" snapshot restore /var/lib/etcd-bak/etcd-snapshot-2024-12-24-17:15:40.db --data-dir=/var/lib/etcd --name etcd-master
## /var/lib/etcd-bak/etcd-snapshot-2024-12-24-17:15:40.db 是刚刚备份的 etcd 名称
# 启动服务
systemctl start docker
systemctl start kubelet
# 查询服务
[root@k8s-master manifests]# docker ps -a | grep apiserver
2bc2506e093a 8a9000f98a52 "kube-apiserver --ad..." 2 minutes ago Up 2 minutes
2a6f45f0d783 registry.aliyuncs.com/google_containers/pause:3.9 "/pause" 2 minutes ago Up 2 minutes
[root@k8s-master manifests]# docker ps -a | grep etcd
829dbbfb08cf a0eed15eed44 "etcd --advertise-cl..." 23 hours ago Up 23 hours
6ce9f09a3996 registry.aliyuncs.com/google_containers/pause:3.9 "/pause" 23 hours ago Up 23 hours
