kubeadm集群备份恢复etcd aliyun_vos_vpc

利用cronjob备份etcd数据 实例中用得是动态nfs存储卷 etcd_pvc.yaml

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: k8s-backup-pvc
  namespace: kube-system
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: "30Gi"
  volumeName:
  storageClassName: nfs-client

etcd_cronjob.yaml 因为是kubeadm安装得环境,所以cronjob再master上执行

apiVersion: batch/v1beta1
kind: CronJob
metadata:
  name: etcd-disaster-recovery
  namespace: kube-system
spec:
  schedule: "0 03 * * *"
  jobTemplate:
    spec:
      template:
        metadata:
          labels:
            app: etcd-disaster-recovery
        spec:
          tolerations:
            - key: "node-role.kubernetes.io/master"
              operator: "Exists"
              effect: "NoSchedule"
          affinity:
            nodeAffinity:
              requiredDuringSchedulingIgnoredDuringExecution:
                nodeSelectorTerms:
                  - matchExpressions:
                      - key: kubernetes.io/hostname
                        operator: In
                        values:
                          - k8s-master
          containers:
            - name: etcd
              #查看当前etcd版本保持一致
              image: registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.4.3-0
              imagePullPolicy: "IfNotPresent"
              command:
                - sh
                - -c
                - "export ETCDCTL_API=3; \
             etcdctl --endpoints=$ENDPOINT \
             --cert=/etc/kubernetes/pki/etcd/server.crt \
             --key=/etc/kubernetes/pki/etcd/server.key \
             --cacert=/etc/kubernetes/pki/etcd/ca.crt \
             snapshot save /snapshot/$(date +%Y%m%d_%H%M%S)_snapshot.db; \
             echo etcd backup success"
              env:
                - name: ENDPOINT
                  value: "https://127.0.0.1:2379"
              volumeMounts:
                - mountPath: "/etc/kubernetes/pki/etcd"
                  name: etcd-certs
                - mountPath: "/var/lib/etcd"
                  name: etcd-data
                - mountPath: "/snapshot"
                  name: snapshot
                  subPath: data/etcd-snapshot
                - mountPath: /etc/localtime
                  name: lt-config
#                - mountPath: /etc/timezone/timezone
#                  name: tz-config
          restartPolicy: OnFailure
          volumes:
            - name: etcd-certs
              hostPath:
                path: /etc/kubernetes/pki/etcd
            - name: etcd-data
              hostPath:
                path: /var/lib/etcd
            - name: snapshot
              persistentVolumeClaim:
                claimName: k8s-backup-pvc
            - name: lt-config
              hostPath:
                path: /etc/localtime
#            - name: tz-config
#              #centos7时区修改
#              hostPath:
#                path: /etc/timezone/timezone
          hostNetwork: true