[CKA] 5일차 - 클러스터 관리 2(백업 및 복구)

backup

• resources

  kubectl get all --all-namespaces -o yaml > all-deploy-services.yaml

• etcd

  ETCDCTL_API=3 etcdctl snapshot save snapshot.db
  ETCDCTL_API-3 etcdctl snapshot restore sanpshot.db --data-dir /var/lib/etcd-from-backup

etcd 를 저장할 때는 항상 인증서 파일이 필요함

ETCDCTL_API=3 etcdctl \
  snapshot save snapshot.db \
  --endpoints=https://127.0.0.1:2379 \
  --cacert=/etc/etcd/ca.crt \
  --cert=/etc/etcd/etcd-server.crt \
  --key=/etcd/etcd/etcd-server.key

아래 4개의 항목은 반드시 지정이 되어야 함

--cacert                                                verify certificates of TLS-enabled secure servers using this CA bundle
--cert                                                    identify secure client using this TLS certificate file
--endpoints=[127.0.0.1:2379]          This is the default as ETCD is running on master node and exposed on localhost 2379.
--key                                                      identify secure client using this TLS key file

백업 매뉴얼

1. Get etcdctl utility if it's not already present.
go get github.com/coreos/etcd/etcdctl

2. Backup
ETCDCTL_API=3 etcdctl --endpoints=https://[127.0.0.1]:2379 --cacert=/etc/kubernetes/pki/etcd/ca.crt \
     --cert=/etc/kubernetes/pki/etcd/server.crt --key=/etc/kubernetes/pki/etcd/server.key \
          snapshot save /opt/snapshot-pre-boot.db

          -----------------------------

          Disaster Happens

          -----------------------------
3. Restore ETCD Snapshot to a new folder
ETCDCTL_API=3 etcdctl --endpoints=https://[127.0.0.1]:2379 --cacert=/etc/kubernetes/pki/etcd/ca.crt \
     --name=master \
     --cert=/etc/kubernetes/pki/etcd/server.crt --key=/etc/kubernetes/pki/etcd/server.key \
     --data-dir /var/lib/etcd-from-backup \
     --initial-cluster=master=https://127.0.0.1:2380 \
     --initial-cluster-token etcd-cluster-1 \
     --initial-advertise-peer-urls=https://127.0.0.1:2380 \
     snapshot restore /opt/snapshot-pre-boot.db

 4. Modify /etc/kubernetes/manifests/etcd.yaml
 Update --data-dir to use new target location
 --data-dir=/var/lib/etcd-from-backup

 Update new initial-cluster-token to specify new cluster
 --initial-cluster-token=etcd-cluster-1

 Update volumes and volume mounts to point to new path
      volumeMounts:
          - mountPath: /var/lib/etcd-from-backup
            name: etcd-data
          - mountPath: /etc/kubernetes/pki/etcd
            name: etcd-certs
   hostNetwork: true
   priorityClassName: system-cluster-critical
   volumes:
   - hostPath:
       path: /var/lib/etcd-from-backup
       type: DirectoryOrCreate
     name: etcd-data
   - hostPath:
       path: /etc/kubernetes/pki/etcd
       type: DirectoryOrCreate
     name: etcd-certs

references

• https://kubernetes.io/docs/tasks/administer-cluster/configure-upgrade-etcd/#backing-up-an-etcd-cluster
• https://github.com/etcd-io/website/blob/main/content/en/docs/v3.5/op-guide/recovery.md
• https://www.youtube.com/watch?v=qRPNuT080Hk