02、常用命令

version: v3.4.17

查看集群状态

etcdctl --cert=/etc/kubernetes/pki/apiserver-etcd-client.crt --key=/etc/kubernetes/pki/apiserver-etcd-client.key --cacert=/etc/kubernetes/pki/etcd/ca.crt --endpoints=https://10.12.3.6:2379,https://10.12.3.7:2379,https://10.12.3.8:2379 endpoint health

查看所有的key

etcdctl --cert=/etc/kubernetes/pki/apiserver-etcd-client.crt --key=/etc/kubernetes/pki/apiserver-etcd-client.key --cacert=/etc/kubernetes/pki/etcd/ca.crt --endpoints=https://10.12.3.6:2379,https://10.12.3.7:2379,https://10.12.3.8:2379 get / --prefix --keys-only

参考文档：https://www.huweihuang.com/kubernetes-notes/etcd/etcdctl-v3.html

ETCD备份

ETCDCTL_API=3 etcdctl --cert=/etc/kubernetes/pki/apiserver-etcd-client.crt --key=/etc/kubernetes/pki/apiserver-etcd-client.key --cacert=/etc/kubernetes/pki/etcd/ca.crt --endpoints=https://10.12.3.6:2379,https://10.12.3.7:2379,https://10.12.3.8:2379  snapshot save /root/etcd-snapshot-`date +%Y%m%d`.db

备份脚本：

#!/usr/bin/env bash
date;
CACERT="/opt/kubernetes/ssl/ca.pem"
CERT="/opt/kubernetes/ssl/server.pem"
EKY="/opt/kubernetes/ssl/server-key.pem"
FILEPATH="/data/etcd_backup_dir"
ENDPOINTS="192.168.1.36:2379"
ETCDCTL_API=3 etcdctl \
--cacert="${CACERT}" --cert="${CERT}" --key="${EKY}" \
--endpoints=${ENDPOINTS} \
snapshot save $FILEPATH/etcd-snapshot-`date +%Y%m%d`.db
# 备份保留30天
find /data/etcd_backup_dir/ -name *.db -mtime +30 -exec rm -f {} \;

单点ETCD恢复备份（k8s）

#1、停止k8s master节点的集群服务组件
systemctl stop kubelet && systemctl stop docker
#2、检查是否还要docker容器启动着，等待容器全部停止
ps aux | grep docker
#etcd恢复
etcdctl snapshot restore /root/etcd-snapshot-v1.db --name v1 --data-dir=/home/etcd_data

集群模式恢复备份

准备工作

• 停止所有 Master 上 kube-apiserver 服务
• 停止集群中所有 ETCD 服务
• 移除所有 ETCD 存储目录下数据
• 拷贝 ETCD 备份快照

systemctl stop kubelet && docker rm -f $(docker ps -aq) && systemctl stop docker
mv /var/lib/etcd /var/lib/etcd.bak
# 从 k8s-master1 机器上拷贝备份 
$ scp /data/etcd_backup_dir/etcd-snapshot-20191222.db root@k8s-master2:/data/etcd_backup_dir/ 
$ scp /data/etcd_backup_dir/etcd-snapshot-20191222.db root@k8s-master3:/data/etcd_backup_dir/

# k8s-master1 机器上操作
$ ETCDCTL_API=3 etcdctl snapshot restore /data/etcd_backup_dir/etcd-snapshot-20191222.db \
  --name etcd-0 \
  --initial-cluster "etcd-0=https://192.168.1.36:2380,etcd-1=https://192.168.1.37:2380,etcd-2=https://192.168.1.38:2380" \
  --initial-cluster-token etcd-cluster \
  --initial-advertise-peer-urls https://192.168.1.36:2380 \
  --data-dir=/var/lib/etcd/default.etcd
# k8s-master2 机器上操作
$ ETCDCTL_API=3 etcdctl snapshot restore /data/etcd_backup_dir/etcd-snapshot-20191222.db \
  --name etcd-1 \
  --initial-cluster "etcd-0=https://192.168.1.36:2380,etcd-1=https://192.168.1.37:2380,etcd-2=https://192.168.1.38:2380"  \
  --initial-cluster-token etcd-cluster \
  --initial-advertise-peer-urls https://192.168.1.37:2380 \
  --data-dir=/var/lib/etcd/default.etcd
# k8s-master3 机器上操作
$ ETCDCTL_API=3 etcdctl snapshot restore /data/etcd_backup_dir/etcd-snapshot-20191222.db \
  --name etcd-2 \
  --initial-cluster "etcd-0=https://192.168.1.36:2380,etcd-1=https://192.168.1.37:2380,etcd-2=https://192.168.1.38:2380"  \
  --initial-cluster-token etcd-cluster \
  --initial-advertise-peer-urls https://192.168.1.38:2380 \
  --data-dir=/var/lib/etcd/default.etcd

# 启动etcd和kubelet

systemctl start docker && systemctl start kubelet