kubernetes etcd数据备份与恢复

etcd数据备份

etcd备份可以实现K8S集群的备份,但是这种备份⼀般是全局的,可以恢复到集群某⼀时刻的状态,⽆ 法精确到恢复某⼀资源对象,⼀般使⽤快照的形式进⾏备份和恢复。

**如果在服务器执行的话不用加--cacert 一些参数如下**
# 列出成员
etcdctl member list

# 列出kubernetes数据
export ETCDCTL_API=3
etcdctl get / --prefix 
#只列出key
etcdctl get / --prefix --keys-only

#备份数据
etcdctl snapshot save etcd_backup/$(date +%F)-k8s-snapshot.db

#恢复数据etcd集群一定要用一个备份snapshot去做恢复
etcdctl snapshot restore 2021-04-21-k8s-snapshot.db

# 备份
#!/usr/bin/env bash
date;
CACERT="/opt/kubernetes/ssl/ca.pem"
CERT="/opt/kubernetes/ssl/server.pem"
EKY="/opt/kubernetes/ssl/server-key.pem"
ENDPOINTS="192.168.1.36:2379"

ETCDCTL_API=3 etcdctl \
--cacert="${CACERT}" --cert="${CERT}" --key="${EKY}" \
--endpoints=${ENDPOINTS} \
snapshot save /data/etcd_backup_dir/etcd-snapshot-`date +%Y%m%d`.db

# 备份保留30天
find /data/etcd_backup_dir/ -name *.db -mtime +30 -exec rm -f {} \;


# 恢复
ETCDCTL_API=3 etcdctl snapshot restore /data/etcd_backup_dir/etcd-snapshot20191222.db \
 --name etcd-0 \
 --initial-cluster "etcd-0=https://192.168.1.36:2380,etcd1=https://192.168.1.37:2380,etcd-2=https://192.168.1.38:2380" \
 --initial-cluster-token etcd-cluster \
 --initial-advertise-peer-urls https://192.168.1.36:2380 \
 --data-dir=/var/lib/etcd/default.etcd

不管是二进制还是kubeadm安装的Kubernetes,其备份主要是通过etcd的备份完成的。而恢复时,主要考虑的是整个顺序:停止kube-apiserver,停止etcd,恢复数据,启动etcd,启动kube-apiserver。

常用命令



ifconfig  kube-ipvs0 down
ip addr del 10.139.3.22/32 dev kube-ipvs0
ip addr del 10.139.6.124/32 dev kube-ipvs0
ip addr del 10.139.6.222/32 dev kube-ipvs0
ifconfig  kube-ipvs0 up

列出成员
etcdctl member list

只列出key
etcdctl get / --prefix --keys-only

删除key
etcdctl del ${path}


添加etcd到集群
etcdctl member  add etcd-10.139.6.124 --peer-urls=http://10.139.6.124:4001

从集群删除etcd
etcdctl  member remove ${ID}


指定endpoints
etcdctl --endpoints=http://10.139.3.22:3379   member list --write-out=table


etcdctl --endpoints=http://10.139.3.22:3379 member add eventetcd-10.139.6.124  --peer-urls=http://10.139.6.124:5001
etcdctl --endpoints=http://10.139.3.22:3379 member add eventetcd-10.139.6.124  --peer-urls=http://10.139.6.124:5001
etcdctl --endpoints=http://10.139.3.22:3379 member add eventetcd-10.139.6.222  --peer-urls=http://10.139.6.222:5001


指定证书访问
etcdctl --cacert=/etc/kubernetes/pki/etcd/ca.crt  --cert=/etc/kubernetes/pki/etcd/server.crt --key=/etc/kubernetes/pki/etcd/server.key --endpoints=https://10.120.2.7:2379  member list --write-out=table

添加节点
etcdctl --cacert=/etc/kubernetes/pki/etcd/ca.crt  --cert=/etc/kubernetes/pki/etcd/server.crt --key=/etc/kubernetes/pki/etcd/server.key --endpoints=https://10.120.2.7:2379 member add 120-4-7-sh-1037-b10.yidian.com --peer-urls=https://10.120.4.7:2380

--initial-cluster-state=existing参数说明:


用于指示本次是否为新建集群。有两个取值new和existing。如果填为existing,则该member启动时会尝试与其他member交互。

集群初次建立时,要填为new,集群运行过程中,一个member故障后恢复时填为existing	```

你可能感兴趣的:(kubernetes,kubernetes,etcd,容器)