The following can be backed up:
- Resource Configurations
- ETCD Cluster
- Persistent Volumes
#Backup command ETCDCTL_API=3 etcdctl snapshot save <backup-file-location> \ --endpoints=https://127.0.0.1:2379 \ #Verify as per version --cacert=<trusted-ca-file> \ --cert=<cert-file> \ --key=<key-file> #Verify the snapshot: ETCDCTL_API=3 etcdctl --write-out=table snapshot status snapshotdb #Restore #Create restore point from the backup ETCDCTL_API=3 etcdctl snapshot restore /tmp/etcd-backup.db --data-dir /var/lib/etcd-backup #The restored files are located at the new folder /var/lib/etcd-backup, so now configure etcd to use that directory: vim /etc/kubernetes/manifests/etcd.yaml #Restart all the control plane components to ensure that new changes are applied.
Backing up Resource Configuration
If all the k8s resources are created using config files (declarative approach), then the configuration directory can be backed up using a version control system like Git. If all the resources are not created this way, we can generate resource configuration by running
kubectl get all --all-namespaces -o yaml > all.yaml. Recommended to use Velero, a managed tool that can take backups of the cluster configuration.
Backing up ETCD Cluster
ETCD cluster can be backed up instead of generating the resource configuration for the cluster. For this, backup the data directory of the ETCD cluster.
In managed k8s engine, ETCD data directory is not accessible. In such cases, backup the resource configuration.
Velero
- Open-source
- Supports various plugins to backup the cluster to different storage locations like S3, Azure Blob Storage, etc.
- Download the binary and run the
velero installcommand along with the storage plugin and credentials to create the Velero pod looking for backups in the storage destination.
- Works in CLI only
- Runs a velero container in the cluster
- We can define a TTL for the backups stored in the storage location.