Kubernetes Cluster ETCD Backup
ETCD Backup
Let us take a look at all the current running resources in our cluster.
lab@k8s1:~$ kubectl get all -A
NAMESPACE NAME READY STATUS RESTARTS AGE
default pod/web-79d88c97d6-4w4nl 1/1 Running 0 12h
default pod/web-79d88c97d6-7ktck 1/1 Running 0 12h
default pod/web-79d88c97d6-8tvsk 1/1 Running 0 12h
default pod/web-79d88c97d6-96sd9 1/1 Running 0 12h
default pod/web-79d88c97d6-9tzlh 1/1 Running 0 12h
default pod/web-79d88c97d6-brtgx 1/1 Running 0 12h
default pod/web-79d88c97d6-kngc4 1/1 Running 0 12h
default pod/web-79d88c97d6-p5vfg 1/1 Running 0 12h
default pod/web-79d88c97d6-rbhpr 1/1 Running 0 12h
kube-system pod/coredns-78fcd69978-cvpx2 1/1 Running 0 13h
kube-system pod/coredns-78fcd69978-hf5sj 1/1 Running 0 12h
kube-system pod/etcd-k8s1 1/1 Running 1 17h
kube-system pod/kube-apiserver-k8s1 1/1 Running 1 17h
kube-system pod/kube-controller-manager-k8s1 1/1 Running 0 17h
kube-system pod/kube-flannel-ds-lhcwb 1/1 Running 0 16h
kube-system pod/kube-flannel-ds-ph9gg 1/1 Running 0 15h
kube-system pod/kube-flannel-ds-xm28z 1/1 Running 0 14h
kube-system pod/kube-proxy-brrvs 1/1 Running 0 17h
kube-system pod/kube-proxy-cdl2t 1/1 Running 0 15h
kube-system pod/kube-proxy-v8r74 1/1 Running 0 14h
kube-system pod/kube-scheduler-k8s1 1/1 Running 1 17h
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 17h
kube-system service/kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 17h
NAMESPACE NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
kube-system daemonset.apps/kube-flannel-ds 3 3 3 3 3 <none> 16h
kube-system daemonset.apps/kube-proxy 3 3 3 3 3 kubernetes.io/os=linux 17h
NAMESPACE NAME READY UP-TO-DATE AVAILABLE AGE
default deployment.apps/web 9/9 9 9 13h
kube-system deployment.apps/coredns 2/2 2 2 17h
NAMESPACE NAME DESIRED CURRENT READY AGE
default replicaset.apps/web-79d88c97d6 9 9 9 13h
kube-system replicaset.apps/coredns-78fcd69978 2 2 2 17h
lab@k8s1:~$
There are two deployments, two replicates, two daemonsets, two services, and 21 pods in total. We can take a backup of this database (etcd) and restore it if needed.
First, let us check the ETCD version that is currently in use in the cluster.
lab@k8s1:~$ kubectl -n kube-system describe pods etcd-k8s1
Name: etcd-k8s1
Namespace: kube-system
Priority: 2000001000
Priority Class Name: system-node-critical
Node: k8s1/10.210.40.172
Start Time: Tue, 29 Mar 2022 11:14:08 -0700
Labels: component=etcd
tier=control-plane
Annotations: kubeadm.kubernetes.io/etcd.advertise-client-urls: https://192.168.100.1:2379
kubernetes.io/config.hash: 91e64623622aeb865a09c79cf82eb4a5
kubernetes.io/config.mirror: 91e64623622aeb865a09c79cf82eb4a5
kubernetes.io/config.seen: 2022-03-29T07:16:25.772358879-07:00
kubernetes.io/config.source: file
seccomp.security.alpha.kubernetes.io/pod: runtime/default
Status: Running
IP: 10.210.40.172
IPs:
IP: 10.210.40.172
Controlled By: Node/k8s1
Containers:
etcd:
Container ID: docker://8d902a4981fbf57e35c080db6f69608ba6e8e40596409358a75ffe8f6b85e78d
Image: k8s.gcr.io/etcd:3.5.0-0
Image ID: docker-pullable://k8s.gcr.io/etcd@sha256:9ce33ba33d8e738a5b85ed50b5080ac746deceed4a7496c550927a7a19ca3b6d
Port: <none>
Host Port: <none>
Command:
etcd
--advertise-client-urls=https://192.168.100.1:2379
--cert-file=/etc/kubernetes/pki/etcd/server.crt
--client-cert-auth=true
--data-dir=/var/lib/etcd
--initial-advertise-peer-urls=https://192.168.100.1:2380
--initial-cluster=k8s1=https://192.168.100.1:2380
--key-file=/etc/kubernetes/pki/etcd/server.key
--listen-client-urls=https://127.0.0.1:2379,https://192.168.100.1:2379
--listen-metrics-urls=http://127.0.0.1:2381
--listen-peer-urls=https://192.168.100.1:2380
--name=k8s1
--peer-cert-file=/etc/kubernetes/pki/etcd/peer.crt
--peer-client-cert-auth=true
--peer-key-file=/etc/kubernetes/pki/etcd/peer.key
--peer-trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt
--snapshot-count=10000
--trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt
State: Running
Started: Tue, 29 Mar 2022 07:16:17 -0700
Ready: True
Restart Count: 1
Requests:
cpu: 100m
memory: 100Mi
Liveness: http-get http://127.0.0.1:2381/health delay=10s timeout=15s period=10s #success=1 #failure=8
Startup: http-get http://127.0.0.1:2381/health delay=10s timeout=15s period=10s #success=1 #failure=24
Environment: <none>
Mounts:
/etc/kubernetes/pki/etcd from etcd-certs (rw)
/var/lib/etcd from etcd-data (rw)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
etcd-certs:
Type: HostPath (bare host directory volume)
Path: /etc/kubernetes/pki/etcd
HostPathType: DirectoryOrCreate
etcd-data:
Type: HostPath (bare host directory volume)
Path: /var/lib/etcd
HostPathType: DirectoryOrCreate
QoS Class: Burstable
Node-Selectors: <none>
Tolerations: :NoExecute op=Exists
Events: <none>
lab@k8s1:~$
From the Image section, we can see k8s.gcr.io/etcd:3.5.0-0
and ETCD is listening on port 2379
.
ETCD Server certificate file is stored at --cert-file=/etc/kubernetes/pki/etcd/server.crt
and CA Certificate is at --trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt
.
To work with ETCD, we need an utility called etcdctl
.
lab@k8s1:~$ etcdctl -h
Command 'etcdctl' not found, but can be installed with:
sudo apt install etcd-client
lab@k8s1:~$
Let us install it now.
lab@k8s1:~$ sudo apt install etcd-client
[sudo] password for lab:
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following package was automatically installed and is no longer required:
libfwupdplugin1
Use 'sudo apt autoremove' to remove it.
The following NEW packages will be installed:
etcd-client
0 upgraded, 1 newly installed, 0 to remove and 7 not upgraded.
Need to get 4563 kB of archives.
After this operation, 17.2 MB of additional disk space will be used.
Get:1 http://us.archive.ubuntu.com/ubuntu focal/universe amd64 etcd-client amd64 3.2.26+dfsg-6 [4563 kB]
Fetched 4563 kB in 1s (4735 kB/s)
Selecting previously unselected package etcd-client.
(Reading database ... 216135 files and directories currently installed.)
Preparing to unpack .../etcd-client_3.2.26+dfsg-6_amd64.deb ...
Unpacking etcd-client (3.2.26+dfsg-6) ...
Setting up etcd-client (3.2.26+dfsg-6) ...
Processing triggers for man-db (2.9.1-1) ...
lab@k8s1:~$
Let us take a snapshot of the ETCD database, using the builtin snapshot functionality, we need to specify a location.
lab@k8s1:~$ etcdctl -h
NAME:
etcdctl - A simple command line client for etcd.
WARNING:
Environment variable ETCDCTL_API is not set; defaults to etcdctl v2.
Set environment variable ETCDCTL_API=3 to use v3 API or ETCDCTL_API=2 to use v2 API.
USAGE:
etcdctl [global options] command [command options] [arguments...]
VERSION:
3.2.26
COMMANDS:
backup backup an etcd directory
cluster-health check the health of the etcd cluster
mk make a new key with a given value
mkdir make a new directory
rm remove a key or a directory
rmdir removes the key if it is an empty directory or a key-value pair
get retrieve the value of a key
ls retrieve a directory
set set the value of a key
setdir create a new directory or update an existing directory TTL
update update an existing key with a given value
updatedir update an existing directory
watch watch a key for changes
exec-watch watch a key for changes and exec an executable
member member add, remove and list subcommands
user user add, grant and revoke subcommands
role role add, grant and revoke subcommands
auth overall auth controls
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--debug output cURL commands which can be used to reproduce the request
--no-sync don't synchronize cluster information before sending request
--output simple, -o simple output response in the given format (simple, `extended` or `json`) (default: "simple")
--discovery-srv value, -D value domain name to query for SRV records describing cluster endpoints
--insecure-discovery accept insecure SRV records describing cluster endpoints
--peers value, -C value DEPRECATED - "--endpoints" should be used instead
--endpoint value DEPRECATED - "--endpoints" should be used instead
--endpoints value a comma-delimited list of machine addresses in the cluster (default: "http://127.0.0.1:2379,http://127.0.0.1:4001")
--cert-file value identify HTTPS client using this SSL certificate file
--key-file value identify HTTPS client using this SSL key file
--ca-file value verify certificates of HTTPS-enabled servers using this CA bundle
--username value, -u value provide username[:password] and prompt if password is not supplied.
--timeout value connection timeout per request (default: 2s)
--total-timeout value timeout for the command execution (except watch) (default: 5s)
--help, -h show help
--version, -v print the version
lab@k8s1:~$
As seen in the WARNING, we need to set environment variable ETCDCTL_API=3
while working with v3.
Lets explore the snapshot
options
lab@k8s1:~$ ETCDCTL_API=3 etcdctl snapshot -h
NAME:
snapshot - Manages etcd node snapshots
USAGE:
etcdctl snapshot <subcommand> [flags]
API VERSION:
3.2
COMMANDS:
restore Restores an etcd member snapshot to an etcd directory
save Stores an etcd node backend snapshot to a given file
status Gets backend snapshot status of a given file
OPTIONS:
-h, --help[=false] help for snapshot
GLOBAL OPTIONS:
--cacert="" verify certificates of TLS-enabled secure servers using this CA bundle
--cert="" identify secure client using this TLS certificate file
--command-timeout=5s timeout for short running command (excluding dial timeout)
--debug[=false] enable client-side debug logging
--dial-timeout=2s dial timeout for client connections
--endpoints=[127.0.0.1:2379] gRPC endpoints
--hex[=false] print byte strings as hex encoded strings
--insecure-skip-tls-verify[=false] skip server certificate verification
--insecure-transport[=true] disable transport security for client connections
--key="" identify secure client using this TLS key file
--user="" username[:password] for authentication (prompt if password is not supplied)
-w, --write-out="simple" set the output format (fields, json, protobuf, simple, table)
lab@k8s1:~$
We can take a snapshot by specifying the endpoint, certificates etc as shown below:
ETCDCTL_API=3 etcdctl --endpoints=https://127.0.0.1:2379 \
--cacert=<trusted-ca-file> --cert=<cert-file> --key=<key-file> \
snapshot save <backup-file-location>
where trusted-ca-file
, cert-file
and key-file
can be obtained from the description of the etcd
Pod.
lab@k8s1:~$ sudo ETCDCTL_API=3 etcdctl --endpoints=127.0.0.1:2379 --cert=/etc/kubernetes/pki/etcd/server.crt --cacert=/etc/kubernetes/pki/etcd/ca.crt --key=/etc/kubernetes/pki/etcd/server.key snapshot save /opt/snapshot-backup.db
[sudo] password for lab:
Snapshot saved at /opt/snapshot-backup.db
lab@k8s1:~$
Verify the snapshot status
lab@k8s1:~$ sudo ETCDCTL_API=3 etcdctl --endpoints=127.0.0.1:2379 --cert=/etc/kubernetes/pki/etcd/server.crt --cacert=/etc/kubernetes/pki/etcd/ca.crt --key=/etc/kubernetes/pki/etcd/server.key snapshot status /opt/snapshot-backup.db
2140355a, 91968, 1163, 2.2 MB
lab@k8s1:~$
Same output in a table fashion, with --write-out=table
option
lab@k8s1:~$ sudo ETCDCTL_API=3 etcdctl --endpoints=127.0.0.1:2379 --cert=/etc/kubernetes/pki/etcd/server.crt --cacert=/etc/kubernetes/pki/etcd/ca.crt --key=/etc/kubernetes/pki/etcd/server.key snapshot status /opt/snapshot-backup.db --write-out=table
+----------+----------+------------+------------+
| HASH | REVISION | TOTAL KEYS | TOTAL SIZE |
+----------+----------+------------+------------+
| 2140355a | 91968 | 1163 | 2.2 MB |
+----------+----------+------------+------------+
lab@k8s1:~$
To mimic some crash of this cluster, let us delete the deployment (and all associated resources)
lab@k8s1:~$ kubectl delete deployment web
deployment.apps "web" deleted
lab@k8s1:~$ kubectl get pods
NAME READY STATUS RESTARTS AGE
web-79d88c97d6-p5vfg 1/1 Terminating 0 14h
lab@k8s1:~$ kubectl get pods
No resources found in default namespace.
lab@k8s1:~$
So, at the moment, we have No resources found in default namespace.
How can we restore this cluster? Luckily, we have a snapshot, right? Lets use it to restore.
lab@k8s1:~$ sudo ETCDCTL_API=3 etcdctl snapshot restore --data-dir=/var/lib/etcd-old-copy /opt/snapshot-backup.db
[sudo] password for lab:
Error: expected sha256 [121 49 82 41 127 17 108 224 104 202 28 46 0 145 49 221 234 71 99 210 185 176 191 126 38 217 143 170 228 223 79 127], got [84 157 250 180 184 168 7 99 44 43 8 22 51 253 10 140 54 78 152 222 239 28 99 93 236 125 236 175 74 88 153 54]
lab@k8s1:~$
Though, there is some error related to checksum (I am not sure why this error!), snapshot seems to be copied to the location given in --data-dir
.
lab@k8s1:~$ sudo ls -la /var/lib/etcd-old-copy/member/snap/db
-rw------- 1 root root 2203648 Mar 30 02:17 /var/lib/etcd-old-copy/member/snap/db
lab@k8s1:~$
Just this restore option alone will not help, as seen below.
lab@k8s1:~$ kubectl get pods
No resources found in default namespace.
lab@k8s1:~$
We need to update the ETCD config to use this restored directory (/var/lib/etcd-old-copy
in our case)
As we know, etcd is a static pod, we can find the manifest files in /etc/kubernetes/manifests/
folder.
lab@k8s1:~$ sudo vi /etc/kubernetes/manifests/etcd.yaml
lab@k8s1:~$ sudo cat /etc/kubernetes/manifests/etcd.yaml
apiVersion: v1
kind: Pod
metadata:
annotations:
kubeadm.kubernetes.io/etcd.advertise-client-urls: https://192.168.100.1:2379
creationTimestamp: null
labels:
component: etcd
tier: control-plane
name: etcd
namespace: kube-system
spec:
containers:
- command:
- etcd
- --advertise-client-urls=https://192.168.100.1:2379
- --cert-file=/etc/kubernetes/pki/etcd/server.crt
- --client-cert-auth=true
- --data-dir=/var/lib/etcd
- --initial-advertise-peer-urls=https://192.168.100.1:2380
- --initial-cluster=k8s1=https://192.168.100.1:2380
- --key-file=/etc/kubernetes/pki/etcd/server.key
- --listen-client-urls=https://127.0.0.1:2379,https://192.168.100.1:2379
- --listen-metrics-urls=http://127.0.0.1:2381
- --listen-peer-urls=https://192.168.100.1:2380
- --name=k8s1
- --peer-cert-file=/etc/kubernetes/pki/etcd/peer.crt
- --peer-client-cert-auth=true
- --peer-key-file=/etc/kubernetes/pki/etcd/peer.key
- --peer-trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt
- --snapshot-count=10000
- --trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt
image: k8s.gcr.io/etcd:3.5.0-0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 8
httpGet:
host: 127.0.0.1
path: /health
port: 2381
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 15
name: etcd
resources:
requests:
cpu: 100m
memory: 100Mi
startupProbe:
failureThreshold: 24
httpGet:
host: 127.0.0.1
path: /health
port: 2381
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 15
volumeMounts:
- mountPath: /var/lib/etcd
name: etcd-data
- mountPath: /etc/kubernetes/pki/etcd
name: etcd-certs
hostNetwork: true
priorityClassName: system-node-critical
securityContext:
seccompProfile:
type: RuntimeDefault
volumes:
- hostPath:
path: /etc/kubernetes/pki/etcd
type: DirectoryOrCreate
name: etcd-certs
- hostPath:
path: /var/lib/etcd-old-copy
type: DirectoryOrCreate
name: etcd-data
status: {}
lab@k8s1:~$
We have changed the hostPath of the volume
named etch-data
with a new value of /var/lib/etcd-old-copy
.
Just make this one change, save the manifest file.
We can see that, all the pods from the web deployment are back!
lab@k8s1:~$ kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
web-79d88c97d6-4w4nl 1/1 Running 0 15h 10.244.2.14 k8s2 <none> <none>
web-79d88c97d6-7ktck 1/1 Running 0 15h 10.244.2.15 k8s2 <none> <none>
web-79d88c97d6-8tvsk 1/1 Running 0 14h 10.244.3.10 k8s3 <none> <none>
web-79d88c97d6-96sd9 1/1 Running 0 15h 10.244.2.12 k8s2 <none> <none>
web-79d88c97d6-9tzlh 1/1 Running 0 15h 10.244.2.11 k8s2 <none> <none>
web-79d88c97d6-brtgx 1/1 Running 0 14h 10.244.3.9 k8s3 <none> <none>
web-79d88c97d6-kngc4 1/1 Running 0 15h 10.244.2.10 k8s2 <none> <none>
web-79d88c97d6-p5vfg 1/1 Running 0 15h 10.244.2.13 k8s2 <none> <none>
web-79d88c97d6-rbhpr 1/1 Running 0 14h 10.244.3.11 k8s3 <none> <none>
lab@k8s1:~$
After some time, I have verified all resources.
lab@k8s1:~$ kubectl get deploy
NAME READY UP-TO-DATE AVAILABLE AGE
web 9/9 9 9 16h
lab@k8s1:~$ kubectl get all -A
NAMESPACE NAME READY STATUS RESTARTS AGE
default pod/web-79d88c97d6-4w4nl 1/1 Running 0 15h
default pod/web-79d88c97d6-7ktck 1/1 Running 0 15h
default pod/web-79d88c97d6-8tvsk 1/1 Running 0 15h
default pod/web-79d88c97d6-96sd9 1/1 Running 0 15h
default pod/web-79d88c97d6-9tzlh 1/1 Running 0 15h
default pod/web-79d88c97d6-brtgx 1/1 Running 0 15h
default pod/web-79d88c97d6-kngc4 1/1 Running 0 15h
default pod/web-79d88c97d6-p5vfg 1/1 Running 0 15h
default pod/web-79d88c97d6-rbhpr 1/1 Running 0 15h
kube-system pod/coredns-78fcd69978-cvpx2 1/1 Running 0 15h
kube-system pod/coredns-78fcd69978-hf5sj 1/1 Running 0 15h
kube-system pod/etcd-k8s1 1/1 Running 1 20h
kube-system pod/kube-apiserver-k8s1 1/1 Running 1 20h
kube-system pod/kube-controller-manager-k8s1 1/1 Running 0 20h
kube-system pod/kube-flannel-ds-lhcwb 1/1 Running 0 19h
kube-system pod/kube-flannel-ds-ph9gg 1/1 Running 0 18h
kube-system pod/kube-flannel-ds-xm28z 1/1 Running 0 17h
kube-system pod/kube-proxy-brrvs 1/1 Running 0 20h
kube-system pod/kube-proxy-cdl2t 1/1 Running 0 18h
kube-system pod/kube-proxy-v8r74 1/1 Running 0 17h
kube-system pod/kube-scheduler-k8s1 1/1 Running 1 20h
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 20h
kube-system service/kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 20h
NAMESPACE NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
kube-system daemonset.apps/kube-flannel-ds 3 3 3 3 3 <none> 19h
kube-system daemonset.apps/kube-proxy 3 3 3 3 3 kubernetes.io/os=linux 20h
NAMESPACE NAME READY UP-TO-DATE AVAILABLE AGE
default deployment.apps/web 9/9 9 9 16h
kube-system deployment.apps/coredns 2/2 2 2 20h
NAMESPACE NAME DESIRED CURRENT READY AGE
default replicaset.apps/web-79d88c97d6 9 9 9 16h
kube-system replicaset.apps/coredns-78fcd69978 2 2 2 20h
lab@k8s1:~$
lab@k8s1:~$ kubectl -n kube-system describe pods etcd-k8s1
Name: etcd-k8s1
Namespace: kube-system
Priority: 2000001000
Priority Class Name: system-node-critical
Node: k8s1/10.210.40.172
Start Time: Tue, 29 Mar 2022 11:14:08 -0700
Labels: component=etcd
tier=control-plane
Annotations: kubeadm.kubernetes.io/etcd.advertise-client-urls: https://192.168.100.1:2379
kubernetes.io/config.hash: 91e64623622aeb865a09c79cf82eb4a5
kubernetes.io/config.mirror: 91e64623622aeb865a09c79cf82eb4a5
kubernetes.io/config.seen: 2022-03-29T07:16:25.772358879-07:00
kubernetes.io/config.source: file
seccomp.security.alpha.kubernetes.io/pod: runtime/default
Status: Running
IP: 10.210.40.172
IPs:
IP: 10.210.40.172
Controlled By: Node/k8s1
Containers:
etcd:
Container ID: docker://8d902a4981fbf57e35c080db6f69608ba6e8e40596409358a75ffe8f6b85e78d
Image: k8s.gcr.io/etcd:3.5.0-0
Image ID: docker-pullable://k8s.gcr.io/etcd@sha256:9ce33ba33d8e738a5b85ed50b5080ac746deceed4a7496c550927a7a19ca3b6d
Port: <none>
Host Port: <none>
Command:
etcd
--advertise-client-urls=https://192.168.100.1:2379
--cert-file=/etc/kubernetes/pki/etcd/server.crt
--client-cert-auth=true
--data-dir=/var/lib/etcd
--initial-advertise-peer-urls=https://192.168.100.1:2380
--initial-cluster=k8s1=https://192.168.100.1:2380
--key-file=/etc/kubernetes/pki/etcd/server.key
--listen-client-urls=https://127.0.0.1:2379,https://192.168.100.1:2379
--listen-metrics-urls=http://127.0.0.1:2381
--listen-peer-urls=https://192.168.100.1:2380
--name=k8s1
--peer-cert-file=/etc/kubernetes/pki/etcd/peer.crt
--peer-client-cert-auth=true
--peer-key-file=/etc/kubernetes/pki/etcd/peer.key
--peer-trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt
--snapshot-count=10000
--trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt
State: Running
Started: Tue, 29 Mar 2022 07:16:17 -0700
Ready: True
Restart Count: 1
Requests:
cpu: 100m
memory: 100Mi
Liveness: http-get http://127.0.0.1:2381/health delay=10s timeout=15s period=10s #success=1 #failure=8
Startup: http-get http://127.0.0.1:2381/health delay=10s timeout=15s period=10s #success=1 #failure=24
Environment: <none>
Mounts:
/etc/kubernetes/pki/etcd from etcd-certs (rw)
/var/lib/etcd from etcd-data (rw)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
etcd-certs:
Type: HostPath (bare host directory volume)
Path: /etc/kubernetes/pki/etcd
HostPathType: DirectoryOrCreate
etcd-data:
Type: HostPath (bare host directory volume)
Path: /var/lib/etcd
HostPathType: DirectoryOrCreate
QoS Class: Burstable
Node-Selectors: <none>
Tolerations: :NoExecute op=Exists
Events: <none>
lab@k8s1:~$
I was expecting the updated path for the ` etcd-data in the above output, but still it shows the original path
/var/lib/etcd`, though YAML manifest file is changed.
This concludes our discussion on ETCD Backup.