Try Sailor Cloud - 25% off!

Claim Now
Back to all posts

etcd Backup and Restore: Protect Your Kubernetes Data

#kubernetes #etcd #backup #cka #disaster-recovery

etcd Backup and Restore: Protect Your Kubernetes Data

etcd stores all cluster data. Knowing how to backup and restore it is critical for disaster recovery and appears in CKA exams.

What is etcd?

etcd is a distributed key-value store that stores:

  • Cluster state
  • ConfigMaps and Secrets
  • Deployments, Services, Pods
  • All Kubernetes objects

Prerequisites

Install etcdctl:

# Check etcd version
kubectl exec -n kube-system etcd-master -- etcd --version

# Install etcdctl
ETCD_VER=v3.5.9
wget https://github.com/etcd-io/etcd/releases/download/${ETCD_VER}/etcd-${ETCD_VER}-linux-amd64.tar.gz
tar xvf etcd-${ETCD_VER}-linux-amd64.tar.gz
sudo mv etcd-${ETCD_VER}-linux-amd64/etcdctl /usr/local/bin/

Find etcd Configuration

# Get etcd pod details
kubectl describe pod -n kube-system etcd-master

# Key paths:
# --cert-file=/etc/kubernetes/pki/etcd/server.crt
# --key-file=/etc/kubernetes/pki/etcd/server.key
# --trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt

Backup etcd

ETCDCTL_API=3 etcdctl snapshot save /backup/etcd-snapshot.db \
  --endpoints=https://127.0.0.1:2379 \
  --cacert=/etc/kubernetes/pki/etcd/ca.crt \
  --cert=/etc/kubernetes/pki/etcd/server.crt \
  --key=/etc/kubernetes/pki/etcd/server.key

Verify Backup

ETCDCTL_API=3 etcdctl snapshot status /backup/etcd-snapshot.db --write-out=table

Restore etcd

1. Stop kube-apiserver

# If using static pods, move manifest
sudo mv /etc/kubernetes/manifests/kube-apiserver.yaml /tmp/

2. Restore Snapshot

ETCDCTL_API=3 etcdctl snapshot restore /backup/etcd-snapshot.db \
  --data-dir=/var/lib/etcd-restored

3. Update etcd Configuration

Edit /etc/kubernetes/manifests/etcd.yaml:

volumes:
- hostPath:
    path: /var/lib/etcd-restored  # Changed from /var/lib/etcd

4. Restart etcd and API Server

# Wait for etcd to restart
# Move apiserver manifest back
sudo mv /tmp/kube-apiserver.yaml /etc/kubernetes/manifests/

Automated Backup Script

#!/bin/bash
BACKUP_DIR="/backup/etcd"
DATE=$(date +%Y%m%d_%H%M%S)

ETCDCTL_API=3 etcdctl snapshot save ${BACKUP_DIR}/snapshot-${DATE}.db \
  --endpoints=https://127.0.0.1:2379 \
  --cacert=/etc/kubernetes/pki/etcd/ca.crt \
  --cert=/etc/kubernetes/pki/etcd/server.crt \
  --key=/etc/kubernetes/pki/etcd/server.key

# Keep last 7 days
find ${BACKUP_DIR} -type f -mtime +7 -delete

Practice etcd Operations

etcd backup/restore appears in CKA exams. Practice at Sailor.sh.

Start Free Practice