1. 前言就像备份数据库一样,很多时候,我们也想对k8s资源配置进行备份。
1 kubectl get all --all-namespaces -o yaml > all-deploy-services.yaml
上面的方法,可以实现对k8s资源配置的备份。但是更好的办法,是对etcd进行备份。本文就学习一下k8s中etcd的备份和恢复方法。
2. 安装etcdctl1、查看etcd版本
1 2 3 kubectl get pod/etcd-$nodename -n kube-system -oyaml | grep image cat /etc/kubernetes/manifests/etcd.yaml | grep image
2、下载对应版本的etcdctl (这里以3.4.13为例)
1 2 3 4 wget https://github.com/etcd-io/etcd/releases/download/v3.4.13/etcd-v3.4.13-linux-amd64.tar.gz tar -xzvf etcd-v3.4.13-linux-amd64.tar.gz cp etcd-v3.4.13-linux-amd64/etcdctl /usr/local/bin/ln -s /usr/local/bin/etcdctl /usr/bin/etcdctl
3、测试
3. 查看etcd集群状态1 2 3 4 5 6 7 HOST_1=10.240.0.17 HOST_2=10.240.0.18 HOST_3=10.240.0.19 ENDPOINTS=$HOST_1 :2379,$HOST_2 :2379,$HOST_3 :2379 etcdctl --endpoints=$ENDPOINTS member list etcdctl --write-out=table --endpoints=$ENDPOINTS endpoint status etcdctl --endpoints=$ENDPOINTS endpoint health
4. 备份etcd数据1、查看配置
1 2 3 kubectl describe pod etcd-master -n kube-system | grep Command -i -A 20 cat /etc/kubernetes/manifests/etcd.yaml | grep Command -i -A 20
看到Command字段为:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 Command: etcd --advertise-client-urls=https://172.17.0.10:2379 --cert-file=/etc/kubernetes/pki/etcd/server.crt --client-cert-auth=true --data-dir=/var/lib/etcd --initial-advertise-peer-urls=https://172.17.0.10:2380 --initial-cluster=master=https://172.17.0.10:2380 --key-file=/etc/kubernetes/pki/etcd/server.key --listen-client-urls=https://127.0.0.1:2379,https://172.17.0.10:2379 --listen-metrics-urls=http://127.0.0.1:2381 --listen-peer-urls=https://172.17.0.10:2380 --name=master --peer-cert-file=/etc/kubernetes/pki/etcd/peer.crt --peer-client-cert-auth=true --peer-key-file=/etc/kubernetes/pki/etcd/peer.key --peer-trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt --snapshot-count=10000 --trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt
2、执行备份
1 2 3 4 5 6 ETCDCTL_API=3 etcdctl \ --endpoints=https://[127.0.0.1]:2379 \ --cacert=/etc/kubernetes/pki/etcd/ca.crt \ --cert=/etc/kubernetes/pki/etcd/server.crt \ --key=/etc/kubernetes/pki/etcd/server.key \ snapshot save /tmp/snapshot-pre-boot.db
3、查看备份
1 2 3 4 5 6 ETCDCTL_API=3 etcdctl \ --endpoints=https://[127.0.0.1]:2379 \ --cacert=/etc/kubernetes/pki/etcd/ca.crt \ --cert=/etc/kubernetes/pki/etcd/server.crt \ --key=/etc/kubernetes/pki/etcd/server.key \ snapshot status /tmp/snapshot-pre-boot.db -w table
5. 恢复etcd数据1、恢复etcd数据
1 2 3 4 5 6 7 8 9 10 11 ETCDCTL_API=3 etcdctl \ --endpoints=https://[127.0.0.1]:2379 \ --cacert=/etc/kubernetes/pki/etcd/ca.crt \ --cert=/etc/kubernetes/pki/etcd/server.crt \ --key=/etc/kubernetes/pki/etcd/server.key \ --initial-cluster=master=https://127.0.0.1:2380 \ --initial-cluster-token etcd-cluster-1 \ --initial-advertise-peer-urls=https://127.0.0.1:2380 \ --name=master \ --data-dir /var/lib/etcd-from-backup \ snapshot restore /tmp/snapshot-pre-boot.db
2、修改etcd.yaml
1 vim /etc/kubernetes/manifests/etcd.yaml
如下修改:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 --data-dir=/var/lib/etcd-from-backup --initial-cluster-token=etcd-cluster-1 volumeMounts: - mountPath: /var/lib/etcd-from-backup name: etcd-data - mountPath: /etc/kubernetes/pki/etcd name: etcd-certs hostNetwork: true priorityClassName: system-cluster-critical volumes: - hostPath: path: /var/lib/etcd-from-backup type: DirectoryOrCreate name: etcd-data - hostPath: path: /etc/kubernetes/pki/etcd type: DirectoryOrCreate name: etcd-certs
6. sealos + etcd如果是使用sealos安装的k8s集群,那么会有一个默认备份机制,etcd会定期备份到master节点的 /var/lib/etcd/member/snap
目录中。
如果想要手动执行备份,也是可以的:
1 2 3 4 5 6 7 8 kubectl exec -it etcd-k8s-master-0 -n kube-system -- /bin/sh ETCDCTL_API=3 /usr/local/bin/etcdctl \ --endpoints https://127.0.0.1:2379 \ --cacert=/etc/kubernetes/pki/etcd/ca.crt \ --cert=/etc/kubernetes/pki/etcd/server.crt \ --key=/etc/kubernetes/pki/etcd/server.key \ snapshot save /var/lib/etcd/etcd_backup.db