第一章:基于二进制部署的etcd集群备份恢复
注意:备份ETCD集群时,只需要备份一个ETCD就行,恢复时,拿同一份备份数据恢复
注意:ETCD 不同的版本的 etcdctl 命令不一样,但大致差不多,本文备份使用 napshot save , 每次备份一个节点就行
手动执行备份命令:
[root@k8s-master1-60 data]# etcdctl --endpoints="https://172.30.42.60:2379" --cert=/etc/etcd/ssl/etcd.pem --key=/etc/etcd/ssl/etcd-key.pem --cacert=/etc/etcd/ssl/etcd-ca.pem snapshot save /data/etcd_back/`date +%Y-%m-%d`-etcd_back.db
使用shell脚本定时备份:
#!/bin/bash
date;
CACERT="/etc/etcd/ssl/etcd-ca.pem"
CERT="/etc/etcd/ssl/etcd.pem"
EKY="/etc/etcd/ssl/etcd-key.pem"
ENDPOINTS="https://172.30.42.60:2379"
ETCDCTL_API=3 etcdctl \
--cacert="${CACERT}" --cert="${CERT}" --key="${EKY}" \
--endpoints=${ENDPOINTS} \
snapshot save /data/etcd_back/`date +%Y-%m-%d`-etcd_back.db
# 备份保留7天
find /data/etcd_back/ -name *.db -mtime +7 -exec rm -f {} \;
恢复步骤:
准备工作
停止所有 Master 上 kube-apiserver 服务
$ systemctl stop kube-apiserver
# 确认 kube-apiserver 服务是否停止
$ ps -ef | grep kube-apiserver
停止集群中所有 ETCD 服务
$ systemctl stop etcd
备份所有 ETCD 存储目录下数据
$ mv /var/lib/etcd/ /var/lib/etcd.bak
$ ETCDCTL_API=3 etcdctl snapshot restore /data/etcd_back/2025-06-23-etcd_back.db \
--name etcd1 \
--initial-cluster "etcd1=https://172.30.42.60:2380,etcd2=https://172.30.42.61:2380,etcd3=https://172.30.42.62:2380" \
--initial-cluster-token etcd-cluster \
--initial-advertise-peer-urls https://172.30.42.60:2380 \
--data-dir=/var/lib/etcd
其它节点拷贝备份文件/data/etcd_back/2025-06-23-etcd_back.db
恢复步骤和master1节点上一样
master2
$ ETCDCTL_API=3 etcdctl snapshot restore /data/etcd_back/2025-06-23-etcd_back.db \
--name etcd2 \
--initial-cluster "etcd1=https://172.30.42.60:2380,etcd2=https://172.30.42.61:2380,etcd3=https://172.30.42.62:2380" \
--initial-cluster-token etcd-cluster \
--initial-advertise-peer-urls https://172.30.42.61:2380 \
--data-dir=/var/lib/etcd
master3
$ ETCDCTL_API=3 etcdctl snapshot restore /data/etcd_back/2025-06-23-etcd_back.db \
--name etcd3 \
--initial-cluster "etcd1=https://172.30.42.60:2380,etcd2=https://172.30.42.61:2380,etcd3=https://172.30.42.62:2380" \
--initial-cluster-token etcd-cluster \
--initial-advertise-peer-urls https://172.30.42.62:2380 \
--data-dir=/var/lib/etcd
上面三台 ETCD 都恢复完成后,依次登陆三台机器启动 ETCD
$ systemctl start etcd
三台 ETCD 启动完成,检查 ETCD 集群状态
/usr/local/bin/etcdctl --write-out=table --endpoints="https://172.30.42.60:2379,https://172.30.42.61:2379,https://172.30.42.62:2379" --cert=/etc/etcd/ssl/etcd.pem --key=/etc/etcd/ssl/etcd-key.pem --cacert=/etc/etcd/ssl/etcd-ca.pem endpoint status
三台 ETCD 全部健康,分别到每台 Master 启动 kube-apiserver
$ systemctl start kube-apiserver
检查 Kubernetes 集群是否恢复正常
$ kubectl get cs第二章:基于kubeadm部署的集群ETCD备份恢复
1、从容器中把etcdctl工具复制出来到主机中的/usr/local/bin目录下
docker cp $(docker ps | grep -v etcd-mirror | grep -w etcd | awk '{print $1}'):/usr/local/bin/etcdctl /usr/local/bin/
2、手动备份备份ETCD
etcdctl --endpoints="https://127.0.0.1:2379" --cert="/etc/kubernetes/pki/etcd/server.crt" --key="/etc/kubernetes/pki/etcd/server.key" --cacert="/etc/kubernetes/pki/etcd/ca.crt" snapshot save /data/etcd_back/`date +%Y-%m-%d`-etcd_back.db
3、恢复步骤操作
传输备份文件到其它两个master节点
scp /data/etcd_back/2025-06-25-etcd_back.db root@10.1.20.201:/data/etcd_back/
scp /data/etcd_back/2025-06-25-etcd_back.db root@10.1.20.202:/data/etcd_back/
master1步骤:
# 备份现有etcd数据目录
[root@rocky-k8s-master1-200 ~]# tar -zcvf /data/etcd_back/etcd_Old-`date +%Y-%m-%d`.tar.gz /var/lib/etcd/
[root@rocky-k8s-master1-200 ~]# mv /var/lib/etcd/ /var/lib/etcd-$(date +%F-%H-%M-%S)-backup/
# 停止ETCD和apiserver
[root@rocky-k8s-master1-200 ~]# mv /etc/kubernetes/manifests/etcd.yaml /opt/
# 恢复数据
[root@rocky-k8s-master1-200 ~]# ETCDCTL_API=3 etcdctl snapshot restore /data/etcd_back/2025-06-25-etcd_back.db \
--cacert=/etc/kubernetes/pki/etcd/ca.crt \
--cert=/etc/kubernetes/pki/etcd/server.crt \
--key=/etc/kubernetes/pki/etcd/server.key \
--data-dir=/var/lib/etcd/ \
--endpoints=https://127.0.0.1:2379 \
--initial-cluster=rocky-k8s-master1-200=https://10.1.20.200:2380,rocky-k8s-master2-201=https://10.1.20.201:2380,rocky-k8s-master3-202=https://10.1.20.202:2380 \
--name=rocky-k8s-master1-200 \
--initial-advertise-peer-urls=https://10.1.20.200:2380
# 注意:主机名和IP按需修改(修改成自己的环境的主机名和IP)
master2步骤:
# 备份现有etcd数据目录
[root@rocky-k8s-master2-201 ~]# tar -zcvf /data/etcd_back/etcd_Old-`date +%Y-%m-%d`.tar.gz /var/lib/etcd/
[root@rocky-k8s-master2-201 ~]# mv /var/lib/etcd/ /var/lib/etcd-$(date +%F-%H-%M-%S)-backup/
# 停止ETCD和apiserver
[root@rocky-k8s-master2-201 ~]# mv /etc/kubernetes/manifests/etcd.yaml /opt/
# 恢复数据
[root@rocky-k8s-master2-201 ~]# ETCDCTL_API=3 etcdctl snapshot restore /data/etcd_back/2025-06-25-etcd_back.db \
--cacert=/etc/kubernetes/pki/etcd/ca.crt \
--cert=/etc/kubernetes/pki/etcd/server.crt \
--key=/etc/kubernetes/pki/etcd/server.key \
--data-dir=/var/lib/etcd/ \
--endpoints=https://127.0.0.1:2379 \
--initial-cluster=rocky-k8s-master1-200=https://10.1.20.200:2380,rocky-k8s-master2-201=https://10.1.20.201:2380,rocky-k8s-master3-202=https://10.1.20.202:2380 \
--name=rocky-k8s-master2-201 \
--initial-advertise-peer-urls=https://10.1.20.201:2380
#注意:主机名和IP按需修改(修改成自己的环境的主机名和IP)
master3步骤:
# 备份现有etcd数据目录
[root@rocky-k8s-master3-202 ~]# tar -zcvf /data/etcd_back/etcd_Old-`date +%Y-%m-%d`.tar.gz /var/lib/etcd/
[root@rocky-k8s-master3-202 ~]# mv /var/lib/etcd/ /var/lib/etcd-$(date +%F-%H-%M-%S)-backup/
# 停止ETCD和apiserver
[root@rocky-k8s-master3-202 ~]# mv /etc/kubernetes/manifests/etcd.yaml /opt/
# 恢复数据
[root@rocky-k8s-master3-202 ~]# ETCDCTL_API=3 etcdctl snapshot restore /data/etcd_back/2025-06-25-etcd_back.db \
--cacert=/etc/kubernetes/pki/etcd/ca.crt \
--cert=/etc/kubernetes/pki/etcd/server.crt \
--key=/etc/kubernetes/pki/etcd/server.key \
--data-dir=/var/lib/etcd/ \
--endpoints=https://127.0.0.1:2379 \
--initial-cluster=rocky-k8s-master1-200=https://10.1.20.200:2380,rocky-k8s-master2-201=https://10.1.20.201:2380,rocky-k8s-master3-202=https://10.1.20.202:2380 \
--name=rocky-k8s-master3-202 \
--initial-advertise-peer-urls=https://10.1.20.202:2380
#注意:主机名和IP按需修改(修改成自己的环境的主机名和IP)