etcd快照(cka考试用会有这个题)

CKA考试中会有一题是关于etcd快照的‘。
因为我的高可用集群是用kubeadm安装的,内部etcd,
因为etcd快照备份需要证书的,我不知道证书在哪里怎么找呢?
查找一下使用ps查找一下etcd相关信息,自行过滤出etcd-cafile、etcd-certfile、etcd-keyfile
[root@master01 ~]# ps -ef | grep etcd
root 20497 8101 0 14:32 pts/1 00:00:00 grep --color=auto etcd
root 25350 25273 7 Mar24 ? 02:20:43 kube-apiserver --advertise-address=192.168.5.40 --allow-privileged=true --authorization-mode=Node,RBAC --client-ca-file=/etc/kubernetes/pki/ca.crt --enable-admission-plugins=NodeRestriction --enable-bootstrap-token-auth=true --etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key --etcd-servers=https://127.0.0.1:2379 --insecure-port=0 --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt --kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key --requestheader-allowed-names=front-proxy-client --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt --requestheader-extra-headers-prefix=X-Remote-Extra- --requestheader-group-headers=X-Remote-Group --requestheader-username-headers=X-Remote-User --secure-port=6443 --service-account-key-file=/etc/kubernetes/pki/sa.pub --service-cluster-ip-range=10.96.0.0/12 --tls-cert-file=/etc/kubernetes/pki/apiserver.crt --tls-private-key-file=/etc/kubernetes/pki/apiserver.key
root 25602 25517 8 Mar24 ? 02:31:38 etcd --advertise-client-urls=https://192.168.5.40:2379 --cert-file=/etc/kubernetes/pki/etcd/server.crt --client-cert-auth=true --data-dir=/var/lib/etcd --initial-advertise-peer-urls=https://192.168.5.40:2380 --initial-cluster=master01=https://192.168.5.40:2380 --key-file=/etc/kubernetes/pki/etcd/server.key --listen-client-urls=https://127.0.0.1:2379,https://192.168.5.40:2379 --listen-metrics-urls=http://127.0.0.1:2381 --listen-peer-urls=https://192.168.5.40:2380 --name=master01 --peer-cert-file=/etc/kubernetes/pki/etcd/peer.crt --peer-client-cert-auth=true --peer-key-file=/etc/kubernetes/pki/etcd/peer.key --peer-trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt --snapshot-count=10000 --trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt
[root@master01 ~]#

如何生成备份呢?参考官方的吧!!!!!
https://kubernetes.io/zh/docs/tasks/administer-cluster/configure-upgrade-etcd/#%e5%a4%87%e4%bb%bd-etcd-%e9%9b%86%e7%be%a4
开始备份:
etcdctl --endpoints=https://192.168.5.40:2379 --cacert=/etc/kubernetes/pki/etcd/ca.crt --cert=/etc/kubernetes/pki/apiserver-etcd-client.crt --key=/etc/kubernetes/pki/apiserver-etcd-client.key snapshot save snapshotdb

查看一下生成备份情况
etcdctl --write-out=table snapshot status snapshotdb

有可能cka考试的时候会让输出到指定文件
比如 我要输出到wy.txt文件

etcdctl --write-out=table snapshot status snapshotdb >wy.txt

你可能感兴趣的:(k8s)