From 826a0aa18f7ea114d0889e331e3550bc1e6ecc37 Mon Sep 17 00:00:00 2001 From: Jayendra Patil Date: Tue, 21 Dec 2021 20:10:05 +0530 Subject: [PATCH] Added scenario for ETCD backup and restore --- ...architecture_installation_configuration.md | 2 +- topics/README.md | 1 + topics/etcd.md | 67 +++++++++++++++++++ topics/volumes.md | 43 +++++++++++- 4 files changed, 111 insertions(+), 2 deletions(-) create mode 100644 topics/etcd.md diff --git a/cka/1.cluster_architecture_installation_configuration.md b/cka/1.cluster_architecture_installation_configuration.md index 6a38cd0..f19b2cc 100644 --- a/cka/1.cluster_architecture_installation_configuration.md +++ b/cka/1.cluster_architecture_installation_configuration.md @@ -46,5 +46,5 @@ Refer [Upgrading Kubeadm Clusters](../topics/cluster_upgrade.md)
-Refer [Backing up ETCD Cluster](https://kubernetes.io/docs/tasks/administer-cluster/configure-upgrade-etcd/#backing-up-an-etcd-cluster) & [Restoring ETCD Cluster](https://kubernetes.io/docs/tasks/administer-cluster/configure-upgrade-etcd/#restoring-an-etcd-cluster) +Refer [ETCD](./topics/etcd.md) diff --git a/topics/README.md b/topics/README.md index 71d85f3..074663f 100644 --- a/topics/README.md +++ b/topics/README.md @@ -13,6 +13,7 @@ Topics cover test exercises for each topics - [ConfigMaps](./configmaps.md) - [DaemonSets](./daemonsets.md) - [Deployments](./deployments.md) + - [ETCD](./etcd.md) - [Falco](./falco.md) - [Ingress](./ingress.md) - [Init Containers](../init_containers.md) diff --git a/topics/etcd.md b/topics/etcd.md new file mode 100644 index 0000000..957c2a4 --- /dev/null +++ b/topics/etcd.md @@ -0,0 +1,67 @@ +# ETCD + +### Check the version of ETCD + +```bash +kubectl get pod etcd-controlplane -n kube-system -o yaml | grep image +# image: k8s.gcr.io/etcd:3.4.3-0 +``` + +## Backup and Restore +Refer [Backing up ETCD Cluster](https://kubernetes.io/docs/tasks/administer-cluster/configure-upgrade-etcd/#backing-up-an-etcd-cluster) & [Restoring ETCD Cluster](https://kubernetes.io/docs/tasks/administer-cluster/configure-upgrade-etcd/#restoring-an-etcd-cluster) + +#### Create a snapshot of the etcd instance running at https://127.0.0.1:2379, saving the snapshot to the file path /opt/snapshot-pre-boot.db. Restore the snapshot. The following TLS certificates/key are supplied for connecting to the server with etcdctl: + - CA certificate: /etc/kubernetes/pki/etcd/ca.crt + - Client certificate: /etc/kubernetes/pki/etcd/server.crt + - Client key: /etc/kubernetes/pki/etcd/server.key + + +#### Backup ETCD + + + +```bash +ETCDCTL_API=3 etcdctl --endpoints=https://[127.0.0.1]:2379 --cacert=/etc/kubernetes/pki/etcd/ca.crt \ + --cert=/etc/kubernetes/pki/etcd/server.crt --key=/etc/kubernetes/pki/etcd/server.key \ + snapshot save /opt/snapshot-pre-boot.db +# Snapshot saved at /opt/snapshot-pre-boot.db +``` + +#### Restore ETCD Snapshot to a new folder + +```bash +ETCDCTL_API=3 etcdctl --endpoints=https://[127.0.0.1]:2379 --cacert=/etc/kubernetes/pki/etcd/ca.crt \ + --name=master \ + --cert=/etc/kubernetes/pki/etcd/server.crt --key=/etc/kubernetes/pki/etcd/server.key \ + --data-dir /var/lib/etcd-from-backup \ + --initial-cluster=master=https://127.0.0.1:2380 \ + --initial-cluster-token etcd-cluster-1 \ + --initial-advertise-peer-urls=https://127.0.0.1:2380 \ + snapshot restore /opt/snapshot-pre-boot.db +# 2021-12-21 13:56:56.460862 I | mvcc: restore compact to 1288 +# 2021-12-21 13:56:56.716540 I | etcdserver/membership: added member e92d66acd89ecf29 [https://127.0.0.1:2380] to cluster 7581d6eb2d25405b +``` + + #### Modify /etc/kubernetes/manifests/etcd.yaml + +```bash + # Update --data-dir to use new target location + --data-dir=/var/lib/etcd-from-backup + +# Update new initial-cluster-token to specify new cluster + --initial-cluster-token=etcd-cluster-1 + +# Update volumes and volume mounts to point to new path + volumeMounts: + - mountPath: /var/lib/etcd-from-backup + name: etcd-data + - mountPath: /etc/kubernetes/pki/etcd + name: etcd-certs + volumes: + - hostPath: + path: /var/lib/etcd-from-backup + type: DirectoryOrCreate + name: etcd-data +``` + diff --git a/topics/volumes.md b/topics/volumes.md index 93952f2..ab7ad39 100644 --- a/topics/volumes.md +++ b/topics/volumes.md @@ -74,6 +74,8 @@ kubectl exec nginx-4 -- cat /secret/DB_HOST # verify env variables ### Create the redis pod with `redis` image with volume `redis-storage` as ephemeral storage mounted at `/data/redis`. +
show

+ ```yaml cat << EOF > redis.yaml apiVersion: v1 @@ -95,6 +97,46 @@ EOF kubectl apply -f redis.yaml ``` +

+ +
+ +### Create a pod as follows: + - Name: non-persistent-redis + - container Image:redis + - Volume with name: cache-control + - Mount path: /data/redis + - The pod should launch in the staging namespace and the volume must not be persistent. + +
show

+ +```yaml +kubectl create namespace staging + +cat << EOF > non-persistent-redis.yaml +apiVersion: v1 +kind: Pod +metadata: + name: non-persistent-redis + namespace: staging +spec: + containers: + - name: redis + image: redis + volumeMounts: + - name: cache-control + mountPath: /data/redis + volumes: + - name: cache-control + emptyDir: {} +EOF + +kubectl apply -f non-persistent-redis.yaml +``` + +

+ +
### Create the following - PV `task-pv-volume` with storage `10Mi`, Access Mode `ReadWriteOnce` on hostpath `/mnt/data`. @@ -149,7 +191,6 @@ kubectl get pvc kubectl get pv # check status bound #NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE #task-pv-volume 10Mi RWO Retain Bound default/task-pv-claim manual 64s - ``` ```yaml