Making a snapshot of etcd to backup Kubernetes

(written by lawrence krubner, however indented passages are often quotes). You can contact lawrence at:, or follow me on Twitter.

Interesting, but I worry about the complexity of what is going on here:

etcd snapshot explanation

The second command needs a bit more explaining. First of all, the idea is to create a snapshot of the etcd database. This is done by communicating with the running etcd instance in Kubernetes and asking it to create a snapshot. The reason for the very long command is basically to avoid messing with etcd running in Kubernetes as much as possible. We are launching a separate container using the same docker image that kubeadm used for setting up the cluster ( But in order to communicate with the etcd pod in Kubernetes, we need to:

Use the host network in order to access, where etcd is exposed (–network host)

Mount the backup folder where we want to save the snapshot (-v $(pwd)/backup:/backup)

Mount the folder containing the certificates needed to access etcd (-v /etc/kubernetes/pki/etcd:/etc/kubernetes/pki/etcd)

Specify the correct etcd API version as environment variable (–env ETCDCTL_API=3)

The actual command for creating a snapshot (etcdctl snapshot save /backup/etcd-snapshot-latest.db)

Some flags for the etcdctl command

Specify where to connect to (–endpoints=

Specify certificates to use (–cacert=…, –cert=…, –key=…)

So we start a docker container with the etcdctl tool installed. We tell it to create a snapshot of the etcd instance running in the Kubernetes cluster and store it in a backup folder that we mount from the host.

Post external references

  1. 1