Kubernetes-etcd备份恢复

  • etcd备份
* apt install etcd-client -y
root@k8s:/tmp# cat /etc/kubernetes/manifests/etcd.yaml 
apiVersion: v1
kind: Pod
metadata:
  annotations:
    kubeadm.kubernetes.io/etcd.advertise-client-urls: https://10.250.101.60:2379
  creationTimestamp: null
  labels:
    component: etcd
    tier: control-plane
  name: etcd
  namespace: kube-system
spec:
  containers:
  - command:
    - etcd
    - --advertise-client-urls=https://10.250.101.60:2379
    - --cert-file=/etc/kubernetes/pki/etcd/server.crt  # 服务证书
    - --client-cert-auth=true
    - --data-dir=/var/lib/etcd
    - --initial-advertise-peer-urls=https://10.250.101.60:2380
    - --initial-cluster=k8s=https://10.250.101.60:2380
    - --key-file=/etc/kubernetes/pki/etcd/server.key  # 密钥
    - --listen-client-urls=https://127.0.0.1:2379,https://10.250.101.60:2379
    - --listen-metrics-urls=http://127.0.0.1:2381
    - --listen-peer-urls=https://10.250.101.60:2380
    - --name=k8s
    - --peer-cert-file=/etc/kubernetes/pki/etcd/peer.crt
    - --peer-client-cert-auth=true
    - --peer-key-file=/etc/kubernetes/pki/etcd/peer.key
    - --peer-trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt
    - --snapshot-count=10000
    - --trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt # CA证书
    image: registry.aliyuncs.com/google_containers/etcd:3.4.3-0
    imagePullPolicy: IfNotPresent
  • 修改etcd api版本
export ETCDCTL_API=3 # 默认版本为2,无对应命令
  • 备份
cd /etc/kubernetes/pki/etcd/
etcdctl snapshot save --endpoints=https://10.250.101.60:2379 --cacert=ca.crt --key=server.key --cert=server.crt /tmp/etcd.backup
* etcd备份需要使用到证书
  • etcd恢复
cd /etc/kubernetes/pki/etcd/
etcdctl snapshot restore --endpoints=https://10.250.101.60:2379 --cacert=ca.crt --key=server.key --cert=server.crt /tmp/etcd.backup
posted @ 2021-03-15 15:58  独孤云翔  阅读(49)  评论(0)    收藏  举报