Making a snapshot of etcd to backup Kubernetes

(written by lawrence krubner, however indented passages are often quotes). You can contact lawrence at: lawrence@krubner.com, or follow me on Twitter.

Interesting, but I worry about the complexity of what is going on here:

etcd snapshot explanation

The second command needs a bit more explaining. First of all, the idea is to create a snapshot of the etcd database. This is done by communicating with the running etcd instance in Kubernetes and asking it to create a snapshot. The reason for the very long command is basically to avoid messing with etcd running in Kubernetes as much as possible. We are launching a separate container using the same docker image that kubeadm used for setting up the cluster (k8s.gcr.io/etcd-amd64:3.2.18). But in order to communicate with the etcd pod in Kubernetes, we need to:

Use the host network in order to access 127.0.0.1:2379, where etcd is exposed (–network host)

Mount the backup folder where we want to save the snapshot (-v $(pwd)/backup:/backup)

Mount the folder containing the certificates needed to access etcd (-v /etc/kubernetes/pki/etcd:/etc/kubernetes/pki/etcd)

Specify the correct etcd API version as environment variable (–env ETCDCTL_API=3)

The actual command for creating a snapshot (etcdctl snapshot save /backup/etcd-snapshot-latest.db)

Some flags for the etcdctl command

Specify where to connect to (–endpoints=https://127.0.0.1:2379)

Specify certificates to use (–cacert=…, –cert=…, –key=…)

So we start a docker container with the etcdctl tool installed. We tell it to create a snapshot of the etcd instance running in the Kubernetes cluster and store it in a backup folder that we mount from the host.

Post external references

  1. 1
    https://elastisys.com/2018/12/10/backup-kubernetes-how-and-why/
Source