我有一个使用kubeadm创建的K8s集群,它由一个主节点和两个工作节点组成。
我下面这篇留档文章关于etcd备份:https://kubernetes.io/docs/tasks/administer-cluster/configure-upgrade-etcd/#backing-up-an-etcd-cluster
我必须使用etcdctl来备份etcd db,因此我将sh放入主节点上运行的etcd pod中以从那里执行:kubectl exec-it-n库贝-system etcd-ip-x-x sh
注意:主节点在此路径/var/lib/etcd中托管etcd数据库,该路径作为VolumeMount挂载在pod上的/var/lib/etcd中。
按照我运行的文档:ETCDCTL_API=3 etcdctl--endpoint127.0.0.1:2379快照保存snapshotdb,它返回以下错误:
Error: rpc error: code = 13 desc = transport: write tcp 127.0.0.1:44464->127.0.0.1:2379: write: connection reset by peer
这里有什么问题?
我设法使其工作,将证书信息添加到命令中:
ETCDCTL_API=3 etcdctl --endpoints https://127.0.0.1:2379 --cacert=/etc/kubernetes/pki/etcd/ca.crt --cert=/etc/kubernetes/pki/etcd/healthcheck-client.crt --key /etc/kubernetes/pki/etcd/healthcheck-client.key snapshot save ./snapshot.db
您还可以在Etcd正在运行的节点上检查以下行中的Etcd配置文件。
/etc/kubernetes/manifests/etcd.yaml
在Etcd配置的命令部分获取命令后,
ETCDCTL_API=3 etcdctl --endpoints https://127.0.0.1:2379 --cacert=/etc/kubernetes/pki/etcd/ca.crt --cert=/etc/kubernetes/pki/etcd/healthcheck-client.crt --key /etc/kubernetes/pki/etcd/healthcheck-client.key
您可以像下面的命令一样运行Etcd命令。
ETCDCTL_API=3 etcdctl --endpoints https://127.0.0.1:2379 --cacert=/etc/kubernetes/pki/etcd/ca.crt --cert=/etc/kubernetes/pki/etcd/healthcheck-client.crt --key /etc/kubernetes/pki/etcd/healthcheck-client.key member list
ETCDCTL_API=3 etcdctl --endpoints https://127.0.0.1:2379 --cacert=/etc/kubernetes/pki/etcd/ca.crt --cert=/etc/kubernetes/pki/etcd/healthcheck-client.crt --key /etc/kubernetes/pki/etcd/healthcheck-client.key snapshot save ./snapshot.db
ETCDCTL_API=3 etcdctl --endpoints https://127.0.0.1:2379 --cacert=/etc/kubernetes/pki/etcd/ca.crt --cert=/etc/kubernetes/pki/etcd/healthcheck-client.crt --key /etc/kubernetes/pki/etcd/healthcheck-client.key snapshot status ./snapshot.db
