etcd数据备份和恢复时要注意使用的API接口,分为2和3两个版本。

数据备份:

export ETCDCTL_API=3
etcdctl --endpoints=http://192.168.1.133:2379 snapshot save etcd.snapshot.db

数据恢复:

export ETCDCTL_API=3
etcdctl snapshot restore etcd.snapshot.db --data-dir=/root/etcd.data

--data-dir=要恢复到的目录

如果需要认证加上认证参数即可,使用 etcdctl --help 即可查看相应的参数。


定时备份脚本:

#!/bin/bash

/usr/local/bin/etcdctl --endpoints etcd01.master01.local:2379 \
--cert="/etc/etcd/ssl/etcd.pem" \
--key="/etc/etcd/ssl/etcd-key.pem" \
--cacert="/etc/etcd/ssl/etcd-ca.pem" \
snapshot save /home/etcdbackup/snap-$(date +%Y-%m-%d-%H-%M-%S).db


常用命令:

查看所有键名:

etcdctl --cacert=/etc/kubernetes/pki/etcd/ca.crt \
--cert=/etc/kubernetes/pki/etcd/server.crt \
--key=/etc/kubernetes/pki/etcd/server.key \
--endpoints=https://192.168.0.45:2379 \
get / --prefix --keys-only

过滤键值:

etcdctl --cacert=/etc/kubernetes/pki/etcd/ca.crt \
--cert=/etc/kubernetes/pki/etcd/server.crt \
--key=/etc/kubernetes/pki/etcd/server.key \
--endpoints=https://192.168.0.45:2379 \
get / --prefix --keys-only | grep deployment


查看某个键值:

etcdctl --cacert=/etc/kubernetes/pki/etcd/ca.crt \
--cert=/etc/kubernetes/pki/etcd/server.crt \
--key=/etc/kubernetes/pki/etcd/server.key \
--endpoints=https://192.168.0.45:2379 \
--write-out="json" get /registry/secrets/kube-system/job-controller-token-cnc5l | jq

或者:

etcdctl --cacert=/etc/kubernetes/pki/etcd/ca.crt \
--cert=/etc/kubernetes/pki/etcd/server.crt \
--key=/etc/kubernetes/pki/etcd/server.key \
--endpoints=https://192.168.0.45:2379 -w json get /registry/secrets/kube-system/job-controller-token-cnc5l | jq