Dalam arsitektur Kubernetes, etcd merupakan bagian integral dari cluster. Semua objek cluster seperti API objects, object states, dan service discovery disimpan di etcd sehingga sangat disarankan untuk melalukan backup secara rutin agar membantu proses pemulihan jika terjadi insiden baik dari hardware atau software.
Kubernetes etcd Backup Using etcdctl #
Login ke node master / control plane.
Lalu download etcdctl melalui repo github etcd-io
wget https://github.com/etcd-io/etcd/releases/download/v3.4.27/etcd-v3.4.27-linux-amd64.tar.gz
Extract archive dan pindahkan file biner etcdctl ke /usr/local/bin/
tar -xaf etcd-v3.4.27-linux-amd64.tar.gz
cd etcd-v3.4.27-linux-amd64
mv etcdctl /usr/local/bin/
Untuk menggunakan etcdctl, diperlukan certificate beserta private key etcd yang bisa Anda temukan di /etc/kubernetes/manifests/etcd.yaml.
# cat /etc/kubernetes/manifests/etcd.yaml
...
spec:
containers:
- command:
- etcd
- --cert-file=/etc/kubernetes/pki/etcd/server.crt
- --key-file=/etc/kubernetes/pki/etcd/server.key
- --trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt
...
Tambahkan variable berikut pada shell environment
export ETCDCTL_CACERT=/etc/kubernetes/pki/etcd/ca.crt
export ETCDCTL_CERT=/etc/kubernetes/pki/etcd/server.crt
export ETCDCTL_KEY=/etc/kubernetes/pki/etcd/server.key
Tes untuk memastikan sudah terhubung ke etcd.
etcdctl endpoint health
127.0.0.1:2379 is healthy: successfully committed proposal: took = 7.192771ms
Buat folder untuk menyimpan backup etcd.
mkdir etcd
cd etcd
Ambil snapshot etcd dengan perintah.
etcdctl snapshot save backup.db
Cek status snapshot.
etcdctl --write-out=table snapshot status backup.db
+----------+----------+------------+------------+
| HASH | REVISION | TOTAL KEYS | TOTAL SIZE |
+----------+----------+------------+------------+
| 2ddb9172 | 97897 | 1497 | 24 MB |
+----------+----------+------------+------------+
Kubernetes etcd Restore Using Snapshot Backup #
Hapus atau rename folder etcd.
cd /var/lib/
mv etcd etcd-orig
Lalu restore etcd dengan perintah.
etcdctl snapshot restore --data-dir etcd /root/etcd/backup.db
{"level":"info","ts":1690686164.8587801,"caller":"snapshot/v3_snapshot.go:306","msg":"restoring snapshot","path":"/root/etcd/backup.db","wal-dir":"etcd/member/wal","data-dir":"etcd","snap-dir":"etcd/member/snap"}
{"level":"info","ts":1690686164.8927898,"caller":"mvcc/kvstore.go:388","msg":"restored last compact revision","meta-bucket-name":"meta","meta-bucket-name-key":"finishedCompactRev","restored-compact-revision":63305}
{"level":"info","ts":1690686164.9036953,"caller":"membership/cluster.go:392","msg":"added member","cluster-id":"cdf818194e3a8c32","local-member-id":"0","added-peer-id":"8e9e05c52164694d","added-peer-peer-urls":["http://localhost:2380"]}
{"level":"info","ts":1690686164.9086843,"caller":"snapshot/v3_snapshot.go:326","msg":"restored snapshot","path":"/root/etcd/backup.db","wal-dir":"etcd/member/wal","data-dir":"etcd","snap-dir":"etcd/member/snap"}
Cek ID container etcd.
crictl ps --name etcd
CONTAINER IMAGE CREATED STATE NAME ATTEMPT POD ID POD
4c7b96af61c12 86b6af7dd652c1b38118be1c338e9354b33469e69a218f7e290a0ca5304ad681 7 minutes ago Running etcd 10 49b4587e6ae44 etcd-man
Stop container etcd.
crictl stop 4c7b96af61c12
Tunggu beberapa saat sampai container etcd dibuat ulang.
etcdctl command usage #
Check performance etcd cluster
etcdctl check perf
Check status and health endpoint etcd
etcdctl endpoint health && etcdctl endpoint status
Get all keys
etcdctl get --prefix=true --keys-only /
Delete key
etcdctl del --prefix=true /registry/pods/site/demo-c96794899-sgcgz
Bisa untuk menghapus paksa pods atau membuat ulang pod jika menggunakan deployment {: .prompt-tip }