标签：kubernetes Kubernetes ETCDCTL 192.168 etc etcd pki 备份

使用etcdctl备份与恢复

使用etcdctl备份与恢复

简介

**etcdctl** 是用于管理和操作 etcd 数据库的命令行工具。etcd 是一个高可用的分布式键值存储系统，广泛用于存储和管理配置数据。etcdctl 提供了备份和恢复 etcd 数据库的功能，这对于数据保护和系统迁移至关重要

本次 etcd 集群由三个节点组成，采用高可用配置。备份操作只需在任意一个节点上进行，因为所有节点的数据是同步的。然而，恢复数据时需要在每个节点上进行恢复操作。

集群信息

安装方式	版本
kubeadm	1.23.17

etcdctl安装

下载

wget https://gh.monlor.com/https://github.com/etcd-io/etcd/releases/download/v3.4.30/etcd-v3.4.30-linux-amd64.tar.gz

安装

tar -zxf etcd-v3.4.30-linux-amd64.tar.gz
mv etcd-v3.4.30-linux-amd64/etcdctl /usr/local/bin
chmod +x /usr/local/bin/

同步到其他节点

scp -r  /usr/local/bin/etcdctl  master02:/usr/local/bin/
scp -r  /usr/local/bin/etcdctl  master03:/usr/local/bin/

配置环境变量

vi ~/.bashrc
export ETCDCTL_API=3
export ETCDCTL_CACERT=/etc/kubernetes/pki/etcd/ca.crt
export ETCDCTL_CERT=/etc/kubernetes/pki/etcd/peer.crt
export ETCDCTL_KEY=/etc/kubernetes/pki/etcd/peer.key
export ETCDCTL_ENDPOINTS=192.168.1.31:2379,192.168.1.32:2379,192.168.1.33:2379

source ~/.bashrc

查看集群状态

ETCDCTL_API=3 \
ETCDCTL_CACERT=/etc/kubernetes/pki/etcd/ca.crt \
ETCDCTL_CERT=/etc/kubernetes/pki/etcd/peer.crt \
ETCDCTL_KEY=/etc/kubernetes/pki/etcd/peer.key \
ETCDCTL_ENDPOINTS=192.168.1.161:2379,192.168.1.162:2379,192.168.1.163:2379 \
etcdctl --write-out=table endpoint health

#执行结果
+--------------------+--------+-------------+-------+
|      ENDPOINT      | HEALTH |    TOOK     | ERROR |
+--------------------+--------+-------------+-------+
| 192.168.1.162:2379 |   true | 14.612588ms |       |
| 192.168.1.161:2379 |   true | 21.240783ms |       |
| 192.168.1.163:2379 |   true | 20.533771ms |       |
+--------------------+--------+-------------+-------+

查看所有key

ETCDCTL_API=3 \
ETCDCTL_CACERT=/etc/kubernetes/pki/etcd/ca.crt \
ETCDCTL_CERT=/etc/kubernetes/pki/etcd/peer.crt \
ETCDCTL_KEY=/etc/kubernetes/pki/etcd/peer.key \
ETCDCTL_ENDPOINTS=192.168.1.161:2379,192.168.1.162:2379,192.168.1.163:2379 \
etcdctl get /  --prefix --keys-only

查看指定key

ETCDCTL_API=3 \
ETCDCTL_CACERT=/etc/kubernetes/pki/etcd/ca.crt \
ETCDCTL_CERT=/etc/kubernetes/pki/etcd/peer.crt \
ETCDCTL_KEY=/etc/kubernetes/pki/etcd/peer.key \
ETCDCTL_ENDPOINTS=192.168.1.161:2379,192.168.1.162:2379,192.168.1.163:2379 \
etcdctl get /registry/namespaces/default

备份

所有节点创建备份目录


mkdir -p /opt/etcd_backup/

备份etcd数据

注意：etcdctl 进行快照操作时必须连接到 一个特定的 etcd 节点，而不是多个节点，否则会出现 snapshot must be requested to one selected node”的错误如下所示

指定单个节点备份

ETCDCTL_API=3 \
ETCDCTL_CACERT=/etc/kubernetes/pki/etcd/ca.crt \
ETCDCTL_CERT=/etc/kubernetes/pki/etcd/peer.crt \
ETCDCTL_KEY=/etc/kubernetes/pki/etcd/peer.key \
ETCDCTL_ENDPOINTS=192.168.1.161:2379 \
etcdctl snapshot save /opt/etcd_backup/snap-etcd-$(date +%F-%H-%M-%S).db

快照已成功保存到指定路径 /opt/etcd_backup/snap-etcd-2024-09-06-10-21-42.db

恢复

删除资源

我们删除掉defualt下和ops下的资源

[root@master01 ~]# kubectl delete deployments.apps  nginx
deployment.apps "nginx" deleted
[root@master01 ~]# kubectl -n ops delete deployments.apps redis-single 
deployment.apps "redis-single" deleted

所有master节点停止etcd

mv /etc/kubernetes/manifests/etcd.yaml /home/

所有master节点备份原有数据

[root@master01 home]# mv /var/lib/etcd/ /var/lib/etcd-$(date +%F-%H-%M-%S)-backup/
[root@master01 home]# ls /var/lib/etcd-2024-09-06-10-45-19-backup
member

master01恢复

ETCDCTL_API=3 etcdctl snapshot restore  /opt/etcd_backup/snap-etcd-2024-09-06-11-12-02.db \
--cacert=/etc/kubernetes/pki/etcd/ca.crt  \
--cert=/etc/kubernetes/pki/etcd/server.crt \
--key=/etc/kubernetes/pki/etcd/server.key  \
--data-dir=/var/lib/etcd/   \
--endpoints=https://127.0.0.1:2379 \
--initial-cluster=master01=https://192.168.1.161:2380,master02=https://192.168.1.162:2380,master03=https://192.168.1.163:2380 \
--name=master01 \
--initial-advertise-peer-urls=https://192.168.1.161:2380

恢复成功如下

[root@master01 ~]# ls /var/lib/etcd
member

发送快照文件到其他master节点

scp  /opt/etcd_backup/snap-etcd-2024-09-06-11-12-02.db   master02:/opt/etcd_backup/
scp  /opt/etcd_backup/snap-etcd-2024-09-06-11-12-02.db   master03:/opt/etcd_backup/

master02恢复

注意修改主机名称和urls地址

ETCDCTL_API=3 etcdctl snapshot restore  /opt/etcd_backup/snap-etcd-2024-09-06-11-12-02.db \
--cacert=/etc/kubernetes/pki/etcd/ca.crt  \
--cert=/etc/kubernetes/pki/etcd/server.crt \
--key=/etc/kubernetes/pki/etcd/server.key  \
--data-dir=/var/lib/etcd/   \
--endpoints=https://127.0.0.1:2379 \
--initial-cluster=master01=https://192.168.1.161:2380,master02=https://192.168.1.162:2380,master03=https://192.168.1.163:2380 \
--name=master02 \
--initial-advertise-peer-urls=https://192.168.1.162:2380

master03恢复

ETCDCTL_API=3 etcdctl snapshot restore  /opt/etcd_backup/snap-etcd-2024-09-06-11-12-02.db \
--cacert=/etc/kubernetes/pki/etcd/ca.crt  \
--cert=/etc/kubernetes/pki/etcd/server.crt \
--key=/etc/kubernetes/pki/etcd/server.key  \
--data-dir=/var/lib/etcd/   \
--endpoints=https://127.0.0.1:2379 \
--initial-cluster=master01=https://192.168.1.161:2380,master02=https://192.168.1.162:2380,master03=https://192.168.1.163:2380 \
--name=master03 \
--initial-advertise-peer-urls=https://192.168.1.163:2380

所有节点启动etcd

mv /home/etcd.yaml  /etc/kubernetes/manifests/

验证

可以看到我们删除的资源已经恢复了

增加备份脚本

[root@master01 scpipt]# cat etcd_backup.sh 
#!/bin/bash

# 定义环境变量
ETCDCTL_API=3
ETCD_CACERT="/etc/kubernetes/pki/etcd/ca.crt"
ETCD_CERT="/etc/kubernetes/pki/etcd/peer.crt"
ETCD_KEY="/etc/kubernetes/pki/etcd/peer.key"
ETCD_ENDPOINTS="192.168.1.161:2379"  # 可以根据需要添加更多端点

# 定义备份目录和文件名
BACKUP_DIR="/opt/etcd_backup"
BACKUP_FILE="snap-etcd-$(date +%F-%H-%M-%S).db"
BACKUP_PATH="${BACKUP_DIR}/${BACKUP_FILE}"

# 创建备份目录（如果不存在）
mkdir -p "${BACKUP_DIR}"

# 执行备份操作
ETCDCTL_CACERT="${ETCD_CACERT}" \
ETCDCTL_CERT="${ETCD_CERT}" \
ETCDCTL_KEY="${ETCD_KEY}" \
ETCDCTL_ENDPOINTS="${ETCD_ENDPOINTS}" \
etcdctl snapshot save "${BACKUP_PATH}"

# 检查备份是否成功
if [ $? -eq 0 ]; then
    echo "Backup successfully created at ${BACKUP_PATH}"
else
    echo "Backup failed"
    exit 1
fi

每周三晚上12点执行备份脚本：

[root@master01 scpipt]# crontab -e
0 0 * * 4 /scpipt/etcd_backup.sh

标签：kubernetes,Kubernetes,ETCDCTL,192.168,etc,etcd,pki,备份
From： https://www.cnblogs.com/Unstoppable9527/p/18399967

Kubernetes-etcd备份恢复