Kubernetes 使用 Etcd 数据库实时存储集群中的数据,安全起见,一定要备份!
kubeadm部署方式:
备份:
ETCDCTL_API=3 etcdctl \
snapshot save snap.db \
--endpoints=https://127.0.0.1:2379 \
--cacert=/etc/kubernetes/pki/etcd/ca.crt \
--cert=/etc/kubernetes/pki/etcd/server.crt \
--key=/etc/kubernetes/pki/etcd/server.key
恢复:
1、先暂停kube-apiserver和etcd容器
mv /etc/kubernetes/manifests /etc/kubernetes/manifests.bak
mv /var/lib/etcd/ /var/lib/etcd.bak
2、恢复
ETCDCTL_API=3 etcdctl \
snapshot restore snap.db \
--data-dir=/var/lib/etcd
3、启动kube-apiserver和etcd容器
mv /etc/kubernetes/manifests.bak /etc/kubernetes/manifests
二进制部署备份,首先查看集群状态
[root@k8s-master-61 ~]# ETCDCTL_API=3 /opt/etcd/bin/etcdctl --cacert=/opt/etcd/ssl/ca.pem --cert=/opt/etcd/ssl/server.pem --key=/opt/etcd/ssl/server-key.pem --endpoints=https://10.12.12.61:2379,https://10.12.12.62:2379,https://10.12.12.63:2379 endpoint health --write-out=table
+--------------------------+--------+-------------+-------+
| ENDPOINT | HEALTH | TOOK | ERROR |
+--------------------------+--------+-------------+-------+
| https://10.12.12.63:2379 | true | 12.286566ms | |
| https://10.12.12.62:2379 | true | 12.177394ms | |
| https://10.12.12.61:2379 | true | 15.542936ms | |
+--------------------------+--------+-------------+-------+
数据备份
[root@k8s-master-61 ~]# ETCDCTL_API=3 /opt/etcd/bin/etcdctl snapshot save 2021-7-18-snap.db --endpoints=https://10.12.12.61:2379 --cacert=/opt/etcd/ssl/ca.pem --cert=/opt/etcd/ssl/server.pem --key=/opt/etcd/ssl/server-key.pem
{"level":"info","ts":1626570085.8857367,"caller":"snapshot/v3_snapshot.go:119","msg":"created temporary db file","path":"2021-7-18-snap.db.part"}
{"level":"info","ts":"2021-07-18T09:01:25.894+0800","caller":"clientv3/maintenance.go:200","msg":"opened snapshot stream; downloading"}
{"level":"info","ts":1626570085.894852,"caller":"snapshot/v3_snapshot.go:127","msg":"fetching snapshot","endpoint":"https://10.12.12.61:2379"}
{"level":"info","ts":"2021-07-18T09:01:26.065+0800","caller":"clientv3/maintenance.go:208","msg":"completed snapshot read; closing"}
{"level":"info","ts":1626570086.0860772,"caller":"snapshot/v3_snapshot.go:142","msg":"fetched snapshot","endpoint":"https://10.12.12.61:2379","size":"11 MB","took":0.200219118}
{"level":"info","ts":1626570086.0861554,"caller":"snapshot/v3_snapshot.go:152","msg":"saved","path":"2021-7-18-snap.db"}
Snapshot saved at 2021-7-18-snap.db
[root@k8s-master-61 ~]# ls 2021-7-18-snap.db
2021-7-18-snap.db
shell 脚本
[root@k8s-master-61 ~]# cat etcd_back.sh
#!/bin/bash
DA=$(date +%F)
path1=/data/etdcback
ETCDCTL_API=3 /opt/etcd/bin/etcdctl snapshot save ${path1}/${DA}-snap.db --endpoints=https://10.12.12.61:2379 --cacert=/opt/etcd/ssl/ca.pem --cert=/opt/etcd/ssl/server.pem --key=/opt/etcd/ssl/server-key.pem
cd $path1 && find . -mtime +2 -type f -exec rm -rf {} \;
数据恢复
恢复:
1、先暂停kube-apiserver和etcd
systemctl stop kube-apiserver
systemctl stop etcd
先备份etcd 的数据
mv /var/lib/etcd/default.etcd /var/lib/etcd/default.etcd.bak
在每个节点执行
etcd1
ETCDCTL_API=3 etcdctl snapshot restore snap.db \
--name etcd-1 \
--initial-cluster="etcd-1=https://10.12.12.61:2380,etcd-
2=https://10.12.12.62:2380,etcd-3=https://10.12.12.63:2380" \
--initial-cluster-token=etcd-cluster \
--initial-advertise-peer-urls=https://10.12.12.61:2380 \
--data-dir=/var/lib/etcd/default.etcd
etcd2
ETCDCTL_API=3 etcdctl snapshot restore snap.db \
--name etcd-2 \
--initial-cluster="etcd-1=https://10.12.12.61:2380,etcd-
2=https://10.12.12.62:2380,etcd-3=https://10.12.12.63:2380" \
--initial-cluster-token=etcd-cluster \
--initial-advertise-peer-urls=https://10.12.12.62:2380 \
--data-dir=/var/lib/etcd/default.etcd
etcd3
ETCDCTL_API=3 etcdctl snapshot restore snap.db \
--name etcd-3 \
--initial-cluster="etcd-1=https://10.12.12.61:2380,etcd-
2=https://10.12.12.62:2380,etcd-3=https://10.12.12.63:2380" \
--initial-cluster-token=etcd-cluster \
--initial-advertise-peer-urls=https://10.12.12.63:2380 \
--data-dir=/var/lib/etcd/default.etcd
启动kube-apiserver和etcd
systemctl start kube-apiserver
systemctl start etcd
再次查看集群状态
ETCDCTL_API=3 /opt/etcd/bin/etcdctl --cacert=/opt/etcd/ssl/ca.pem --cert=/opt/etcd/ssl/server.pem --key=/opt/etcd/ssl/server-key.pem --endpoints=https://10.12.12.61:2379,https://10.12.12.62:2379,https://10.12.12.63:2379 endpoint health --write-out=table