sealos部署的k8s集群进行备份及恢复

环境简介

• 系统环境:CentOS7.9 5.4.228-1.el7.elrepo.x86_64
• sealos:4.1.5 RC3
• kubernetes:v1.26.1
• helm:v3.10.3
• calico:v3.24.5
• etcd:3.5.6

k8s数据保存在etcd中，通过sealos安装的集群会创建基于容器的etcd集群，默认配置文件在/etc/kubernetes/manifests/,默认存储路径在/var/lib/etcd/下.

备份etcd

备份是比较简单的，通过容器里的etcdctl直接进行快照备份即可

crictl exec -i `crictl ps |grep etcd |awk '{print $1}'` /bin/sh -c "ETCDCTL_API=3 /usr/local/bin/etcdctl-3.5.6 --endpoints https://127.0.0.1:2379 --cacert=/etc/kubernetes/pki/etcd/ca.crt --cert=/etc/kubernetes/pki/etcd/server.crt --key=/etc/kubernetes/pki/etcd/server.key snapshot save /var/lib/etcd/etcsnapshot_`date +%Y%m%d`.db"

通过上述命令会在/var/lib/etcd/生成一个备份文件，这样就相当于备份成功了

恢复etcd

恢复起来相对就比较复杂一些，因为3个节点都要恢复快照，直接执行恢复是不行，会发现删除的资源无法恢复，正确的恢复步骤如下:

1，关闭所有的apiserver以及etcd容器

#分别在master服务器上执行
mv /etc/kubernetes/manifests/ /root/

2，将每个节点的etcd存储下的member目录，备份到可信存储中

#分别在所有的etcd存储中执行
mv /var/lib/etcd/member /data/bak/

3，通过etcdutl恢复数据

#分别在不同的etcd上恢复数据
ETCDCTL_API=3 etcdutl snapshot restore /root/etcsnapshot.db \
--name bj-yjtc-k8s-master-192-168-2-65 \
--initial-cluster "bj-yjtc-k8s-master-192-168-2-65=https://192.168.2.65:2380,bj-yjtc-k8s-master-192-168-2-67=https://192.168.2.67:2380,bj-yjtc-k8s-master-192-168-2-66=https://192.168.2.66:2380" \
--initial-advertise-peer-urls https://192.168.2.65:2380 \
--data-dir /var/lib/etcd/

ETCDCTL_API=3 etcdutl snapshot restore /root/etcsnapshot.db \
--name bj-yjtc-k8s-master-192-168-2-66 \
--initial-cluster "bj-yjtc-k8s-master-192-168-2-65=https://192.168.2.65:2380,bj-yjtc-k8s-master-192-168-2-67=https://192.168.2.67:2380,bj-yjtc-k8s-master-192-168-2-66=https://192.168.2.66:2380" \
--initial-advertise-peer-urls https://192.168.2.66:2380 \
--data-dir /var/lib/etcd/


ETCDCTL_API=3 etcdutl snapshot restore /root/etcsnapshot.db \
--name bj-yjtc-k8s-master-192-168-2-67 \
--initial-cluster "bj-yjtc-k8s-master-192-168-2-65=https://192.168.2.65:2380,bj-yjtc-k8s-master-192-168-2-67=https://192.168.2.67:2380,bj-yjtc-k8s-master-192-168-2-66=https://192.168.2.66:2380" \
--initial-advertise-peer-urls https://192.168.2.67:2380 \
--data-dir /var/lib/etcd/

#进入/var/lib/etcd/下看到member即恢复成功

4，启动apiserver和etcd

mv /root/manifests /etc/kubernetes/manifests

5，恢复成功，可以看到之前删除的资源了