CKA 模拟真题 Killer.sh | Question 25 | Etcd Snapshot Save and Restore

Task weight: 8%

Use context: kubectl config use-context k8s-c3-CCC

Make a backup of etcd running on cluster3-controlplane1 and save it on the controlplane node at /tmp/etcd-backup.db .

Then create a Pod of your kind in the cluster.

Finally restore the backup, confirm the cluster is still working and that the created Pod is no longer with us.

译文:

对在cluster3-controlplane1上运行的etcd做一个备份，并将其保存在控制机节点上的 /tmp/etcd-backup.db 。

然后在集群中创建一个你喜欢的Pod。

最后恢复备份，确认集群仍在工作，并且创建的Pod已经不在我们身边。

解答:

kubectl config use-context k8s-c3-CCC

远程连接cluster3-controlplane1后 检查etcd配置文件,查找证书文件等

ssh cluster3-controlplane1
root@cluster3-controlplane1:~# cat /etc/kubernetes/manifests/kube-apiserver.yaml | grep etcd

备份etcd

root@cluster3-controlplane1:~# ETCDCTL_API=3 etcdctl snapshot save /tmp/etcd-backup.db \
--endpoints https://127.0.0.1:2379 \
--cacert /etc/kubernetes/pki/etcd/ca.crt \
--cert /etc/kubernetes/pki/etcd/server.crt \
--key /etc/kubernetes/pki/etcd/server.key

恢复etcd

创建pod

root@cluster3-controlplane1:~# kubectl run test --image=nginx
root@cluster3-controlplane1:~# kubectl get pod -l run=test -w

停止所有控制面板组件

root@cluster3-controlplane1:~# cd /etc/kubernetes/manifests/

root@cluster3-controlplane1:/etc/kubernetes/manifests# mv * ..

恢复etcd

root@cluster3-controlplane1:~# ETCDCTL_API=3 etcdctl snapshot restore /tmp/etcd-backup.db \
--endpoints https://127.0.0.1:2379 \
--data-dir /var/lib/etcd-backup \
--cacert /etc/kubernetes/pki/etcd/ca.crt \
--cert /etc/kubernetes/pki/etcd/server.crt \
--key /etc/kubernetes/pki/etcd/server.key

编辑etcd文件

root@cluster3-controlplane1:~# vim /etc/kubernetes/etcd.yaml

etcd.yaml

# /etc/kubernetes/etcd.yaml
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    component: etcd
    tier: control-plane
  name: etcd
  namespace: kube-system
spec:
...
    - mountPath: /etc/kubernetes/pki/etcd
      name: etcd-certs
  hostNetwork: true
  priorityClassName: system-cluster-critical
  volumes:
  - hostPath:
      path: /etc/kubernetes/pki/etcd
      type: DirectoryOrCreate
    name: etcd-certs
  - hostPath:
      path: /var/lib/etcd-backup                # change
      type: DirectoryOrCreate
    name: etcd-data
status: {}

恢复yaml文件,并检查容器和pod

root@cluster3-controlplane1:/etc/kubernetes/manifests# mv ../*.yaml .

root@cluster3-controlplane1:/etc/kubernetes/manifests# watch crictl ps
root@cluster3-controlplane1:~# kubectl get pod -l run=test