Skip to main content
HashnodeMaxat Akbanov's blogMaxat Akbanov's blog

Command Palette

Search for a command to run...

How to backup and restore etcd data in Kubernetes cluster

Updated
2 min read
How to backup and restore etcd data in Kubernetes cluster
M
Maxat Akbanov

Hey, I'm a postgraduate in Cyber Security with practical experience in Software Engineering and DevOps Operations. The top player on TryHackMe platform, multilingual speaker (Kazakh, Russian, English, Spanish, and Turkish), curios person, bookworm, geek, sports lover, and just a good guy to speak with!

Part of serieskubernetes

Overview:

This post shows the general process of how to backup and restore the etcd backend data in Kubernetes

Backup etcd data

  1. Set etcd API version and check if etcdctl can communicate with the etcd server by requesting the cluster name:
    ETCDCTL_API=3 etcdctl get cluster.name \
--endpoints=https://[private_ip_address]:2379 \
--cacert=~/[path_to_the_.pem_file] \
--cert=~/[path_to_the_.crt_file] \
--key=~[path_to_the_.key_file]
  2. Perform the backup:
    ETCDCTL_API=3 etcdctl snapshot save [path_where_to_save_backup.db_file] \
--endpoints=https://[private_ip_address]:2379 \
--cacert=~/[path_to_the_.pem_file] \
--cert=~/[path_to_the_.crt_file] \
--key=~[path_to_the_.key_file]

Restore etcd data

  1. To restore etcd data use:
    sudo ETCDCTL_API=3 etcdctl snapshot restore [path_to_the_backup_file] \
--initial-cluster etcd-restore=https://[private_ip_of_the_etcd_server]:2380 \
--initial-advertise-peer-urls https://[private_ip_of_the_etcd_server]:2380 \
--name etcd-restore \
--data-dir /var/lib/etcd
  2. This operation temporarily creates the etcd cluster node
  3. Check that data is restored:
    sudo ls /var/lib/etcd
  4. When restored all data is owned by root, fix this by:
    sudo chown -R etcd:etcd /var/lib/etcd
  5. Start the etcd:
    sudo systemctl start etcd
  6. Check that etcd server is up and running by requesting the cluster name:
    ETCDCTL_API=3 etcdctl get cluster.name \
--endpoints=https://[private_ip_address]:2379 \
--cacert=~/[path_to_the_.pem_file] \
--cert=~/[path_to_the_.crt_file] \
--key=~[path_to_the_.key_file]

[Optional - dangerous]:

For testing purposes you can train the migration process on the same cluster by deleting the etcd data:

  1. Stop the etcd backend:
    sudo systemctl stop etcd
  2. Delete the etcd data:
    sudo rm -rf /var/lib/etcd

Notes

  1. etcdctl - is a command-line client to interact with Kubernetes backend storage etcd.
  2. --endpoints - flag specifies the URL address of the etcd server
  3. --cacert - specifies the public certificate for the certificate authority
  4. --cert - specifies the client certificate
  5. --key - specifies the certificate key

Reference:

  1. Interacting with etcd
  2. How to Backup and Restore Kubernetes ETCD database [Step by Step]
#kubernetes#devops

kubernetes

Part 15 of 18
Up next

How to upgrade Kubernetes cluster with kubeadm

Overview: Testbed scheme: The overall steps to upgrade Kubernetes cluster are: Upgrade all nodes from v1.23.0 --> v1.24.1 To see the latest kubeadm releases go to https://kubernetes.io/releases/ Upgrade Kubernetes control plane Upgrade worker nodes...

More from this blog

M

Maxat Akbanov's blog

259 posts

Postgraduate in Cyber Security with experience in Software Engineering and DevOps Operations.