Backup of etcd Database

Question 1

How to find the location of the etcd daemon data directory?

Answer 1

This can be identified by the –data-dir value in /etc/kubernetes/manifests/etcd.yaml

Question 2

How to log into the etcd container?

Answer 2

kubectl -n kube-system exec -it etcd-[name] – sh

Question 3

Once logged into the etcd container, how to list the options available for the etcdctl command?

Answer 3

etcdctl -h

Question 4

What is the command for interacting with the etcd database?

Answer 4

etcdctl

Question 5

Newer versions of etcd image have been minimized, as a result ‘find’ command and ‘ls’ command may be missing. What command can be used as an alternative to view the files in the current directory?

Answer 5

echo *

Question 6

Is TLS needed to use etcdctl command?

Answer 6

Yes

Question 7

What are the three files needed to be passed with the etcdctl command in order to use it?

Answer 7

1. Certificate Authority: /etc/kubernetes/pki/etcd/ca.crt
2. Server Certificate: /etc/kubernetes/pki/etcd/server.crt
3. Server Key: /etc/kubernetes/pki/etcd/server.key

Question 8

How to pass the certificates to etcdctl command via environment variables from kubectl?

Answer 8

ETCDCTL_CACERT=/etc/kubernetes/pki/etcd/ca.crt ETCDCTL_CERT=/etc/kubernetes/pki/etcd/server.crt ETCDCTL_KEY=/etc/kubernetes/pki/etcd/server.key

Question 9

Show the full command to etcdctl to retrieve the member list via passing certs through environment variables

Answer 9

kubectl -n kube-system exec -it etcd-master – sh -c “ETCDCTL_API=3 ETCDCTL_CACERT=/etc/kubernetes/pki/etcd/ca.crt ETCDCTL_CERT=/etc/kubernetes/pki/etcd/server.crt ETCDCTL_KEY=/etc/kubernetes/pki/etcd/server.key etcdctl –endpoints=https://127.0.0.1:2379 member list

Question 10

In addition to backup of snapshot of etcd database, what else should be backed up in case the node becomes unavailable?

Answer 10

/root/kubeadm-config.yaml

/etc/kubernetes/pki/etcd