Added scenario for ETCD backup and restore

cka/1.cluster_architecture_installation_configuration.md

@@ -46,5 +46,5 @@ Refer [Upgrading Kubeadm Clusters](../topics/cluster_upgrade.md)
 
 <br />
 
-Refer [Backing up ETCD Cluster](https://kubernetes.io/docs/tasks/administer-cluster/configure-upgrade-etcd/#backing-up-an-etcd-cluster) & [Restoring ETCD Cluster](https://kubernetes.io/docs/tasks/administer-cluster/configure-upgrade-etcd/#restoring-an-etcd-cluster)
+Refer [ETCD](./topics/etcd.md)
 

topics/README.md

@@ -13,6 +13,7 @@ Topics cover test exercises for each topics
  - [ConfigMaps](./configmaps.md)  
  - [DaemonSets](./daemonsets.md)
  - [Deployments](./deployments.md)  
+ - [ETCD](./etcd.md)
  - [Falco](./falco.md)
  - [Ingress](./ingress.md) 
  - [Init Containers](../init_containers.md) 

topics/etcd.md

@@ -0,0 +1,67 @@
+# ETCD
+
+### Check the version of ETCD
+
+```bash
+kubectl get pod etcd-controlplane  -n kube-system -o yaml | grep image
+# image: k8s.gcr.io/etcd:3.4.3-0
+```
+
+## Backup and Restore
+Refer [Backing up ETCD Cluster](https://kubernetes.io/docs/tasks/administer-cluster/configure-upgrade-etcd/#backing-up-an-etcd-cluster) & [Restoring ETCD Cluster](https://kubernetes.io/docs/tasks/administer-cluster/configure-upgrade-etcd/#restoring-an-etcd-cluster)
+
+#### Create a snapshot of the etcd instance running at https://127.0.0.1:2379, saving the snapshot to the file path /opt/snapshot-pre-boot.db. Restore the snapshot. The following TLS certificates/key are supplied for connecting to the server with etcdctl:
+ - CA certificate: /etc/kubernetes/pki/etcd/ca.crt
+ - Client certificate: /etc/kubernetes/pki/etcd/server.crt
+ - Client key: /etc/kubernetes/pki/etcd/server.key
+
+
+#### Backup ETCD
+
+<!-- snap install etcd         # version 3.4.5, or
+apt  install etcd-client -->
+
+```bash
+ETCDCTL_API=3 etcdctl --endpoints=https://[127.0.0.1]:2379 --cacert=/etc/kubernetes/pki/etcd/ca.crt \
+     --cert=/etc/kubernetes/pki/etcd/server.crt --key=/etc/kubernetes/pki/etcd/server.key \
+          snapshot save /opt/snapshot-pre-boot.db
+# Snapshot saved at /opt/snapshot-pre-boot.db
+```
+
+#### Restore ETCD Snapshot to a new folder
+
+```bash
+ETCDCTL_API=3 etcdctl --endpoints=https://[127.0.0.1]:2379 --cacert=/etc/kubernetes/pki/etcd/ca.crt \
+     --name=master \
+     --cert=/etc/kubernetes/pki/etcd/server.crt --key=/etc/kubernetes/pki/etcd/server.key \
+     --data-dir /var/lib/etcd-from-backup \
+     --initial-cluster=master=https://127.0.0.1:2380 \
+     --initial-cluster-token etcd-cluster-1 \
+     --initial-advertise-peer-urls=https://127.0.0.1:2380 \
+     snapshot restore /opt/snapshot-pre-boot.db
+# 2021-12-21 13:56:56.460862 I | mvcc: restore compact to 1288
+# 2021-12-21 13:56:56.716540 I | etcdserver/membership: added member e92d66acd89ecf29 [https://127.0.0.1:2380] to cluster 7581d6eb2d25405b
+```
+
+ #### Modify /etc/kubernetes/manifests/etcd.yaml
+
+```bash
+ # Update --data-dir to use new target location
+ --data-dir=/var/lib/etcd-from-backup
+
+# Update new initial-cluster-token to specify new cluster
+ --initial-cluster-token=etcd-cluster-1
+
+# Update volumes and volume mounts to point to new path
+      volumeMounts:
+          - mountPath: /var/lib/etcd-from-backup
+            name: etcd-data
+          - mountPath: /etc/kubernetes/pki/etcd
+            name: etcd-certs
+   volumes:
+   - hostPath:
+       path: /var/lib/etcd-from-backup
+       type: DirectoryOrCreate
+     name: etcd-data
+```
+

topics/volumes.md

@@ -74,6 +74,8 @@ kubectl exec nginx-4 -- cat /secret/DB_HOST  # verify env variables
 
 ### Create the redis pod with `redis` image with volume `redis-storage` as ephemeral storage mounted at `/data/redis`.
 
+<details><summary>show</summary><p>
+
 ```yaml
 cat << EOF > redis.yaml
 apiVersion: v1
@@ -95,6 +97,46 @@ EOF
 kubectl apply -f redis.yaml
 ```
 
+</p></details>
+
+<br />
+
+### Create a pod as follows: 
+ - Name: non-persistent-redis
+ - container Image:redis
+ - Volume with name: cache-control
+ - Mount path: /data/redis
+ - The pod should launch in the staging namespace and the volume must not be persistent.
+
+<details><summary>show</summary><p>
+
+```yaml
+kubectl create namespace staging
+
+cat << EOF > non-persistent-redis.yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: non-persistent-redis
+  namespace: staging
+spec:
+  containers:
+  - name: redis
+    image: redis
+    volumeMounts:
+    - name: cache-control
+      mountPath: /data/redis
+  volumes:
+  - name: cache-control
+    emptyDir: {}
+EOF
+
+kubectl apply -f non-persistent-redis.yaml
+```
+
+</p></details>
+
+<br />
 
 ### Create the following
  - PV `task-pv-volume` with storage `10Mi`, Access Mode `ReadWriteOnce` on hostpath `/mnt/data`.   
@@ -149,7 +191,6 @@ kubectl get pvc
 kubectl get pv # check status bound
 #NAME             CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS   CLAIM                   STORAGECLASS   REASON   AGE
 #task-pv-volume   10Mi       RWO            Retain           Bound    default/task-pv-claim   manual                  64s
-
 ```
 
 ```yaml