etcd数据备份
etcd备份可以实现K8S集群的备份,但是这种备份⼀般是全局的,可以恢复到集群某⼀时刻的状态,⽆ 法精确到恢复某⼀资源对象,⼀般使⽤快照的形式进⾏备份和恢复。
**如果在服务器执行的话不用加--cacert 一些参数如下**
# 列出成员
etcdctl member list
# 列出kubernetes数据
export ETCDCTL_API=3
etcdctl get / --prefix
#只列出key
etcdctl get / --prefix --keys-only
#备份数据
etcdctl snapshot save etcd_backup/$(date +%F)-k8s-snapshot.db
#恢复数据etcd集群一定要用一个备份snapshot去做恢复
etcdctl snapshot restore 2021-04-21-k8s-snapshot.db
# 备份
#!/usr/bin/env bash
date;
CACERT="/opt/kubernetes/ssl/ca.pem"
CERT="/opt/kubernetes/ssl/server.pem"
EKY="/opt/kubernetes/ssl/server-key.pem"
ENDPOINTS="192.168.1.36:2379"
ETCDCTL_API=3 etcdctl \
--cacert="${CACERT}" --cert="${CERT}" --key="${EKY}" \
--endpoints=${ENDPOINTS} \
snapshot save /data/etcd_backup_dir/etcd-snapshot-`date +%Y%m%d`.db
# 备份保留30天
find /data/etcd_backup_dir/ -name *.db -mtime +30 -exec rm -f {} \;
# 恢复
ETCDCTL_API=3 etcdctl snapshot restore /data/etcd_backup_dir/etcd-snapshot20191222.db \
--name etcd-0 \
--initial-cluster "etcd-0=https://192.168.1.36:2380,etcd1=https://192.168.1.37:2380,etcd-2=https://192.168.1.38:2380" \
--initial-cluster-token etcd-cluster \
--initial-advertise-peer-urls https://192.168.1.36:2380 \
--data-dir=/var/lib/etcd/default.etcd
不管是二进制还是kubeadm安装的Kubernetes,其备份主要是通过etcd的备份完成的。而恢复时,主要考虑的是整个顺序:停止kube-apiserver,停止etcd,恢复数据,启动etcd,启动kube-apiserver。
常用命令
ifconfig kube-ipvs0 down
ip addr del 10.139.3.22/32 dev kube-ipvs0
ip addr del 10.139.6.124/32 dev kube-ipvs0
ip addr del 10.139.6.222/32 dev kube-ipvs0
ifconfig kube-ipvs0 up
列出成员
etcdctl member list
只列出key
etcdctl get / --prefix --keys-only
删除key
etcdctl del ${path}
添加etcd到集群
etcdctl member add etcd-10.139.6.124 --peer-urls=http://10.139.6.124:4001
从集群删除etcd
etcdctl member remove ${ID}
指定endpoints
etcdctl --endpoints=http://10.139.3.22:3379 member list --write-out=table
etcdctl --endpoints=http://10.139.3.22:3379 member add eventetcd-10.139.6.124 --peer-urls=http://10.139.6.124:5001
etcdctl --endpoints=http://10.139.3.22:3379 member add eventetcd-10.139.6.124 --peer-urls=http://10.139.6.124:5001
etcdctl --endpoints=http://10.139.3.22:3379 member add eventetcd-10.139.6.222 --peer-urls=http://10.139.6.222:5001
指定证书访问
etcdctl --cacert=/etc/kubernetes/pki/etcd/ca.crt --cert=/etc/kubernetes/pki/etcd/server.crt --key=/etc/kubernetes/pki/etcd/server.key --endpoints=https://10.120.2.7:2379 member list --write-out=table
添加节点
etcdctl --cacert=/etc/kubernetes/pki/etcd/ca.crt --cert=/etc/kubernetes/pki/etcd/server.crt --key=/etc/kubernetes/pki/etcd/server.key --endpoints=https://10.120.2.7:2379 member add 120-4-7-sh-1037-b10.yidian.com --peer-urls=https://10.120.4.7:2380
--initial-cluster-state=existing参数说明:
用于指示本次是否为新建集群。有两个取值new和existing。如果填为existing,则该member启动时会尝试与其他member交互。
集群初次建立时,要填为new,集群运行过程中,一个member故障后恢复时填为existing ```