🔧
쿠버네티스(Kubernetes) CKA 모의고사 2.1 - ETCD 백업 파일 생성하기
May 18, 2022
모의고사 2.1 - ETCD 백업 파일 생성하기
1. 문제 요건
Take a backup of the etcd cluster and save it to /opt/etcd-backup.db
.
- Backup Completed
2. 내 풀이
1. 사전 작업
- kubectl 자동완성 설정을 미리 진행한다(이미 진행했다면 불필요).
root@controlplane ~ ➜ source <(kubectl completion bash)
root@controlplane ~ ➜ echo "source <(kubectl completion bash)" >> ~/.bashrc
root@controlplane ~ ➜ alias k=kubectl
root@controlplane ~ ➜ complete -F __start_kubectl k
2. ETCD 백업파일 생성
- get 명령어로 etcd 파드 이름을 찾는다.
root@controlplane ~ ➜ k get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-74ff55c5b-2cf6t 1/1 Running 0 17m
coredns-74ff55c5b-vcq46 1/1 Running 0 17m
etcd-controlplane 1/1 Running 0 18m
kube-apiserver-controlplane 1/1 Running 0 18m
kube-controller-manager-controlplane 1/1 Running 0 18m
kube-proxy-9wlvh 1/1 Running 0 17m
kube-proxy-rmcf6 1/1 Running 0 17m
kube-scheduler-controlplane 1/1 Running 0 18m
weave-net-h74h2 2/2 Running 1 17m
weave-net-v77kn 2/2 Running 0 17m
- describe 명령어로 etcd 백업에 필요한 내용들을 확인한다.
root@controlplane ~ ➜ k describe pod -n kube-system etcd-controlplane
Name: etcd-controlplane
Namespace: kube-system
Priority: 2000001000
Priority Class Name: system-node-critical
Node: controlplane/10.33.195.6
Start Time: Tue, 17 May 2022 13:16:59 +0000
Labels: component=etcd
tier=control-plane
Annotations: kubeadm.kubernetes.io/etcd.advertise-client-urls: https://10.33.195.6:2379
kubernetes.io/config.hash: fb131373ab567ef644cab42ba7a9234a
kubernetes.io/config.mirror: fb131373ab567ef644cab42ba7a9234a
kubernetes.io/config.seen: 2022-05-17T13:16:57.930616180Z
kubernetes.io/config.source: file
Status: Running
IP: 10.33.195.6
IPs:
IP: 10.33.195.6
Controlled By: Node/controlplane
Containers:
etcd:
Container ID: docker://7c8ad68c241e98453154d077113bec3195c5fdf088fdb0a5383d3dce7d36405a
Image: k8s.gcr.io/etcd:3.4.13-0
Image ID: docker-pullable://k8s.gcr.io/etcd@sha256:4ad90a11b55313b182afc186b9876c8e891531b8db4c9bf1541953021618d0e2
Port: <none>
Host Port: <none>
Command:
etcd
--advertise-client-urls=https://10.33.195.6:2379
--cert-file=/etc/kubernetes/pki/etcd/server.crt
--client-cert-auth=true
--data-dir=/var/lib/etcd
--initial-advertise-peer-urls=https://10.33.195.6:2380
--initial-cluster=controlplane=https://10.33.195.6:2380
--key-file=/etc/kubernetes/pki/etcd/server.key
--listen-client-urls=https://127.0.0.1:2379,https://10.33.195.6:2379
--listen-metrics-urls=http://127.0.0.1:2381
--listen-peer-urls=https://10.33.195.6:2380
--name=controlplane
--peer-cert-file=/etc/kubernetes/pki/etcd/peer.crt
--peer-client-cert-auth=true
--peer-key-file=/etc/kubernetes/pki/etcd/peer.key
--peer-trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt
--snapshot-count=10000
--trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt
State: Running
Started: Tue, 17 May 2022 13:16:38 +0000
Ready: True
Restart Count: 0
Requests:
cpu: 100m
ephemeral-storage: 100Mi
memory: 100Mi
Liveness: http-get http://127.0.0.1:2381/health delay=10s timeout=15s period=10s #success=1 #failure=8
Startup: http-get http://127.0.0.1:2381/health delay=10s timeout=15s period=10s #success=1 #failure=24
Environment: <none>
Mounts:
/etc/kubernetes/pki/etcd from etcd-certs (rw)
/var/lib/etcd from etcd-data (rw)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
etcd-certs:
Type: HostPath (bare host directory volume)
Path: /etc/kubernetes/pki/etcd
HostPathType: DirectoryOrCreate
etcd-data:
Type: HostPath (bare host directory volume)
Path: /var/lib/etcd
HostPathType: DirectoryOrCreate
QoS Class: Burstable
Node-Selectors: <none>
Tolerations: :NoExecute op=Exists
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Pulled 19m kubelet Container image "k8s.gcr.io/etcd:3.4.13-0" already present on machine
ETCDCTL_API=3 etcdctl --endpoints=https://127.0.0.1:2379 \
--cacert=<trusted-ca-file> --cert=<cert-file> --key=<key-file> \
snapshot save <backup-file-location>
- etcdctl 실행 시 필요한 파라미터값들을 확인하며 메모로 남겨 놓은 뒤 알맞은 정보를 채워넣는다.
--listen-client-urls=https://127.0.0.1:2379,https://10.33.195.6:2379
--cert-file=/etc/kubernetes/pki/etcd/server.crt
--key-file=/etc/kubernetes/pki/etcd/server.key
--trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt
====
ETCDCTL_API=3 etcdctl --endpoints=https://127.0.0.1:2379 \
--cacert=/etc/kubernetes/pki/etcd/ca.crt --cert=/etc/kubernetes/pki/etcd/server.crt --key=/etc/kubernetes/pki/etcd/server.key \
snapshot save /opt/etcd-backup.db
- ETCD 백업 파일이 잘 생성되었는지 확인한다.
root@controlplane ~ ➜ ETCDCTL_API=3 etcdctl --write-out=table snapshot status /opt/etcd-backup.db
+----------+----------+------------+------------+
| HASH | REVISION | TOTAL KEYS | TOTAL SIZE |
+----------+----------+------------+------------+
| 6040e181 | 2738 | 1027 | 2.4 MB |
+----------+----------+------------+------------+
3. 참고 URL
- ETCD backup: https://kubernetes.io/docs/tasks/administer-cluster/configure-upgrade-etcd/#backing-up-an-etcd-cluster