本文講述了如何使用operator來(lái)備份etcd數(shù)據(jù)和恢復(fù)備份的數(shù)據(jù)

數(shù)據(jù)備份

1、首先獲取chart包

docker pull huimin123/etcd-backup-chart:v0.0.1
docker run -it -d  huimin123/etcd-backup-chart:v0.0.1
docker cp 4ab5f88d3f15:/opt/etcdbackuper-1.0.2.tgz /data/

2、獲取chart包后填入values.yaml對(duì)應(yīng)的信息

replicas: 1
conf:
  namespace: etcd-ops
  serviceAccount: etcd-operator
  clusterRole: etcd-operator-clusterrole
  clusterRoleBinding: etcd-operator-bind
  secretName: etcd-v3-secret
  storageClsName: csi-cephfs-sc
  storageRequest: 24Gi
  hostPath:
  image: huimin123/etcd-backup-operator:v0.0.1
  imagePullPolicy: Always
  certs:
    cacrt: xxx
    clientcrt: xxx
    clientkey: xxx

備份的數(shù)據(jù)存儲(chǔ)方式支持使用pv的方式和hostPath的方式，如果使用pv的方式則需要填寫storageClsName對(duì)應(yīng)的storage class name的值和創(chuàng)建pv時(shí)需要申請(qǐng)的磁盤的容量storageRequest；如果是使用hostPath的方式存儲(chǔ)備份數(shù)據(jù)，則需要填寫hostPath對(duì)應(yīng)的值如/data/etcdbackup/另外需要將此目錄提前創(chuàng)建好，并且賦給此目錄777權(quán)限；最后需要修改對(duì)應(yīng)的ca.crt和etcd的證書，conf.certs.cacrt、conf.certs.clientcrt、conf.certs.clientkey分別對(duì)應(yīng)secret中的etcd-ca.cr、etcd.crt、 etcd.key。
3、信息填寫好后安裝chart包：

helm install etcdbackuper etcdbackuper

4、安裝好后部署cr，觸發(fā)數(shù)據(jù)備份服務(wù)開始備份數(shù)據(jù)：

apiVersion: etcd.database.coreos.com/v1beta2
kind: EtcdBackup
metadata:
  annotations:
  generation: 1
  labels:
    clusterName: gz-vpc-etcd-03
    region: gz
    source: etcd-life-cycle-operator
  name: gz-vpc-etcd-03
  namespace: etcd-ops
spec:
  backupPolicy:
    backupIntervalInSecond: 60
    maxBackups: 3
    timeoutInSecond: 600
  clientTLSSecret: etcd-v3-secret
  hostPath:
    path: /data/
  etcdEndpoints:
  - https://10.0.31.1:2379
  - https://10.0.31.2:2379
  - https://10.0.31.3:2379
  insecureSkipVerify: false
  storageType: HostPath

● backupIntervalInSecond: 表示多長(zhǎng)時(shí)間備份一次，生產(chǎn)環(huán)境建議一小時(shí)備份一次即3600。
● maxBackups：存儲(chǔ)的最大備份數(shù)，當(dāng)超過這個(gè)數(shù)時(shí)，etcdoperator會(huì)自動(dòng)將舊的備份數(shù)據(jù)清理掉。因?yàn)橐环輦浞輸?shù)據(jù)最大8G，生產(chǎn)環(huán)境建議根據(jù)宿主機(jī)磁盤空間來(lái)決定，默認(rèn)是3份，最大也只需要50。
● etcdEndpoints：etcd的訪問接口，tke集群填<masterip>:2379
可以查看對(duì)應(yīng)的服務(wù)是否正常運(yùn)行：

kubectl -n etcd-ops get pods
NAME                            READY   STATUS    RESTARTS   AGE
etcdbackuper-75ffb7ccf4-xmpgq   1/1     Running   0          60m

查看對(duì)應(yīng)的目錄備份的數(shù)據(jù)

ls /data/etcdbackup/
etcdbackup_v7754519_2022-12-07-16:36:16  etcdbackup_v7755359_2022-12-07-16:38:16
etcdbackup_v7754941_2022-12-07-16:37:16

數(shù)據(jù)恢復(fù)

• 首先獲取etcdctl

kubectl cp kube-system/<etcd-pod-name>:/usr/local/bin/etcdctl /usr/local/bin/etcdctl

• 將數(shù)據(jù)進(jìn)行備份

cp -r /var/lib/etcd /var/lib/etcd.bak

• 執(zhí)行數(shù)據(jù)恢復(fù)操作，每臺(tái)etcd節(jié)點(diǎn)上都需要執(zhí)行恢復(fù)操作命令，需要將從etcd掛的時(shí)間點(diǎn)開始所有的備份數(shù)據(jù)考到etcd節(jié)點(diǎn)上。參考如下命令（注意如下命令中三節(jié)點(diǎn)分別被命名為etcd-0，etcd-1，etcd-2，則--initial-cluster中要對(duì)應(yīng)地填寫各個(gè)節(jié)點(diǎn)ip。如果是以systemd方式啟動(dòng)的etcd，需要加--data-dir=/var/lib/etcd/default.etcd）
  如下在第一臺(tái)·10.1.31.1·節(jié)點(diǎn)上恢復(fù)數(shù)據(jù)：

ETCDCTL_API=3 etcdctl snapshot restore /data/etcdbackup/etcdbackup數(shù)據(jù) --name etcd-0 --initial-cluster "etcd-0=https://10.1.31.1:2380,etcd-1=https://10.1.31.2:2380,etcd-2=https://10.1.31.3:2380" --initial-cluster-token etcd-cluster --initial-advertise-peer-urls https://10.1.31.1:2380

依次在其他的etcd節(jié)點(diǎn)執(zhí)行恢復(fù)操作。

• 所有etcd啟動(dòng)完成后，檢查etcd集群狀態(tài)，endpoints填寫對(duì)應(yīng)的etcd IP信息。

$ ETCDCTL_API=3 etcdctl --cacert=etcd-ca.crt --cert=etcd.crt --key=etcd.key --endpoints=https://10.1.31.1:2379,https://10.1.31.2:2379,https://10.1.31.3:2379 endpoint health

代碼鏈接：https://github.com/kstone-io/kstone