# create a secret
kubectl create secret generic test-secret \--from-literal=username='svcaccount'\--from-literal=password='password'# Verify we are connecting to the right cluster ... define your endpoints and keys ENDPOINT=https://127.0.0.1:2379ETCDCTL_API=3 etcdctl --endpoints=$ENDPOINT\--cacert=/etc/kubernetes/pki/etcd/ca.crt \--cert=/etc/kubernetes/pki/etcd/server.crt \--key=/etc/kubernetes/pki/etcd/server.key \member list# Take the backup ETCDCTL_API=3 etcdctl --endpoints=$ENDPOINT\--cacert=/etc/kubernetes/pki/etcd/ca.crt \--cert=/etc/kubernetes/pki/etcd/server.crt \--key=/etc/kubernetes/pki/etcd/server.key \snapshot save /var/lib/dat-backup.db# Read the metadata from the backup/snapshot to print out the snapshot status ETCDCTL_API=3 etcdctl --write-out=table snapshot status /var/lib/dat-backup.db
4. 还原
# Delete the secretskubectl delete secret test-secret# Restore the backup ETCDCTL_API=3 etcdctl snapshot restore /var/lib/dat-backup.db# Confirm our data is in the restore directory, you should see default.etcd ls-l# Move the old etcd data to a safe location mv /var/lib/etcd /var/lib/etcd.OLD# Restart the static pod for etcd # if you use kubectl delete it will NOT restart the static pod as it is managed by the kubelet not a controller dockerps|grep k8s_etcdCONTAINER_ID=$(dockerps|grep k8s_etcd |awk'{ print $1 }')echo$CONTAINER_ID# Stop the container from our etcd pod and move restored data into placedocker stop $CONTAINER_IDrm-rf /var/lib/etcd/membermv ./default.etcd/member /var/lib/etcd