Sure shot Question 2: Kubernetes ETCD Backup and restore

  • admin
  • Jan 30, 2025 05:16 PM

Question Format

 

Create a snapshot of ETCD and save it to /root/backup/etcd-backup-new.db. you can use the below certificates for taking the snapshot

CA certificate: /root/certificates/ca.crt

Client certificate: /root/certificates/server.crt key: /root/certificates/server.key

restore an old snapshot located at / root/backup/etcd-backup-old.db to /var/lib/etcd-backup

 

Introduction

etcd is a key-value store that serves as the backend for Kubernetes, storing cluster state and configuration data. Regular backups of etcd are essential to prevent data loss in case of failures. This guide explains how to create an etcd snapshot and restore an older snapshot using the official etcd tools.

 

Prerequisites

 

Ensure you have access to the etcd cluster and the necessary certificates for authentication. The following certificates are required:

CA Certificate: /root/certificates/ca.crt

Client Certificate: /root/certificates/server.crt

Client Key: /root/certificates/server.key

Step 1: Create an etcd Snapshot

To create a snapshot of etcd and save it to /root/backup/etcd-backup-new.db, use the following command:

ETCDCTL_API=3 etcdctl snapshot save /root/backup/etcd-backup-new.db

 --cacert=/root/certificates/ca.crt 

 --cert=/root/certificates/server.crt 

 --key=/root/certificates/server.key

Explanation

ETCDCTL_API=3 ensures you are using etcd v3 API.

snapshot save is the command to create a snapshot.

--cacert, --cert, and --key authenticate the request using the provided certificates.

The snapshot is saved to /root/backup/etcd-backup-new.db

 

Step 2: Restore an Old etcd Snapshot

To restore an old etcd snapshot located at /root/backup/etcd-backup-old.db to /var/lib/etcd-backup, use the following command:

ETCDCTL_API=3 etcdctl snapshot restore /root/backup/etcd-backup-old.db 

 --data-dir /var/lib/etcd-backup

 

Explanation

snapshot restore is used to restore an etcd backup.

--data-dir specifies the directory where the restored data should be stored.

 

Step 3: Configure etcd to Use the Restored Data

After restoring the snapshot, you need to configure etcd to use the new data directory.

Stop the running etcd service:

  1. systemctl stop etcd

Replace the existing data directory with the restored one:

  1. mv /var/lib/etcd /var/lib/etcd-old mv /var/lib/etcd-backup /var/lib/etcd

Restart the etcd service:

  1. systemctl start etcd

Verification

To verify that etcd is running correctly with the restored data, use:

ETCDCTL_API=3 etcdctl endpoint status --write-out=table 

 --cacert=/root/certificates/ca.crt 

 --cert=/root/certificates/server.crt 

 --key=/root/certificates/server.key

This should display information about the running etcd cluster.

Conclusion

Regularly taking etcd snapshots ensures that your Kubernetes cluster state is protected. In case of data corruption or failure, restoring from a snapshot can quickly bring back cluster stability. Following this guide, you should now be able to confidently create and restore etcd snapshots.