1. Backup
This pare can refer to my last post, here.
2. Restore
To follow the official procedure[1]:
"If any API servers are running in your cluster, you should not attempt to restore instances of etcd."
Therefore, for restoring an etcd backup, where we need to stop all API server instances, restore the etcd state, then restart the API servers:
- stop all API server instances
- restore state in all etcd instances
- restart all API server instances
2.1 Stop all API server instances
- check the api server
# check the api server $ k get pods -n kube-system NAME READY STATUS RESTARTS AGE calico-kube-controllers-94fb6bc47-wr56s 1/1 Running 5 (14m ago) 21d canal-cgrhr 2/2 Running 2 (60m ago) 21d canal-jb5rr 2/2 Running 2 (60m ago) 21d coredns-57888bfdc7-895dj 1/1 Running 1 (60m ago) 21d coredns-57888bfdc7-9rjt5 1/1 Running 1 (60m ago) 21d etcd-controlplane 1/1 Running 2 (60m ago) 21d kube-apiserver-controlplane 1/1 Running 0 21d kube-controller-manager-controlplane 1/1 Running 3 (17m ago) 21d kube-proxy-5xtp7 1/1 Running 1 (60m ago) 21d kube-proxy-bt2pv 1/1 Running 2 (60m ago) 21d kube-scheduler-controlplane 1/1 Running 3 (17m ago) 21d we can see kube-apiserver-controlplane is exist, so we need to stop this first.
- Move the
kube-apiservermanifest file to a temporary location to stop the API server:
sudo mv /etc/kubernetes/manifests/kube-apiserver.yaml /tmp/ To be notice, this will be essentially to plan for the temporary loss of kubectl functionality.
# temporary loss of kubectl functionality. controlplane $ k get pods -n kube-system The connection to the server 172.30.1.2:6443 was refused - did you specify the right host or port? However, as we see above, stopping the API server makes kubectl unusable, because kubectl communicates with the API server. Once the API server is stopped, kubectl commands cannot be executed since the API server is no longer available to handle requests.
But because the kubelet watches the /etc/kubernetes/manifests directory for static pod definitions and removes the pod when the manifest file is removed or moved, therefore moving the kube-apiserver.yaml manifest to a temporary location can stop the API server in a kubeadm-based Kubernetes cluster.
But we can use crictl to Interact with Containers
If the cluster uses containerd, we can use crictl to interact with the containers:
crictl ps | grep kube-apiserver crictl stop <container-id> crictl rm <container-id> 2.2 Restore state in all etcd instances
sudo ETCDCTL_API=3 etcdctl snapshot restore /path/to/snapshot.db \ --data-dir=/var/lib/etcd_restore and then edit the /etc/kubernetes/manifests/etcd.yaml
volumes: - hostPath: path: /etc/kubernetes/pki/etcd type: DirectoryOrCreate name: etcd-certs - hostPath: path: /var/lib/etcd_restore # change here to etcd path in host machine type: DirectoryOrCreate name: etcd-data Here maybe confused, but we will talk it later. (here)
2.3 Restart all API server instances
sudo mv /tmp/kube-apiserver.yaml /etc/kubernetes/manifests/ Verify Cluster Health:
Use kubectl to check the state of the cluster after the API server is back up.
# check API server running kubectl get pods -n kube-system # check API server health kubectl get --raw /healthz 
Top comments (0)