ETCD HA

Dans un cluster, il y a 2 méthodes pour le HA ETCD:

Sur le control plane (stacked) ou ETCD est adressé en localhost
Dans un cluster ETCD externe, qui doit être configuré avant de configuré Kubernetes

Liste des membres dans un cluster ETCD:

ETCDCTL_API=3 etcdctl \
  --endpoints=https://127.0.0.1:2379 \
  --cacert=/etc/etcd/pki/ca.pem \
  --cert=/etc/etcd/pki/etcd.pem \
  --key=/etc/etcd/pki/etcd-key.pem \
   member list

95d6ef15e562b474, started, etcd-server, https://192.20.36.19:2380, https://192.20.36.19:2379, false

Note: le endpoint est en localhost donc ETCD stacked.

ETCD Externe

Backup

Copie du snapshot sur le serveur ETCD

backup-server$ scp /opt/cluster2.db etcd-server:/root

Restauration

etcd-server$ ETCDCTL_API=3 etcdctl --endpoints=https://127.0.0.1:2379 --cacert=/etc/etcd/pki/ca.pem --cert=/etc/etcd/pki/etcd.pem --key=/etc/etcd/pki/etcd-key.pem snapshot restore /root/cluster2.db --data-dir /var/lib/etcd-data-new
{"level":"info","ts":1721940922.0441437,"caller":"snapshot/v3_snapshot.go:296","msg":"restoring snapshot","path":"/root/cluster2.db","wal-dir":"/var/lib/etcd-data-new/member/wal","data-dir":"/var/lib/etcd-data-new","snap-dir":"/var/lib/etcd-data-new/member/snap"}
{"level":"info","ts":1721940922.060755,"caller":"mvcc/kvstore.go:388","msg":"restored last compact revision","meta-bucket-name":"meta","meta-bucket-name-key":"finishedCompactRev","restored-compact-revision":951}
{"level":"info","ts":1721940922.0667593,"caller":"membership/cluster.go:392","msg":"added member","cluster-id":"cdf818194e3a8c32","local-member-id":"0","added-peer-id":"8e9e05c52164694d","added-peer-peer-urls":["http://localhost:2380"]}
{"level":"info","ts":1721940922.0732546,"caller":"snapshot/v3_snapshot.go:309","msg":"restored snapshot","path":"/root/cluster2.db","wal-dir":"/var/lib/etcd-data-new/member/wal","data-dir":"/var/lib/etcd-data-new","snap-dir":"/var/lib/etcd-data-new/member/snap"}

MAJ du service

etcd-server$ vi /etc/systemd/system/etcd.service
[Unit]
Description=etcd key-value store
Documentation=https://github.com/etcd-io/etcd
After=network.target

[Service]
User=etcd
Type=notify
ExecStart=/usr/local/bin/etcd \
  --name etcd-server \
  --data-dir=/var/lib/etcd-data-new \
---End of Snippet---

Note: Modification de –data-dir

Refaire les permission

etcd-server$ chown -R etcd:etcd /var/lib/etcd-data-new

etcd-server$ ls -ld /var/lib/etcd-data-new/
drwx------ 3 etcd etcd 4096 Jul 15 20:55 /var/lib/etcd-data-new/

Redémarrage des services

etcd-server$ systemctl daemon-reload
etcd-server$ systemctl etcd restart

Optionnellement il est recommendé de redémarrer les composants du control plane.

Liens

Doc Kubernetes - configure upgrade ETCD
ETCD.io - Recovery

Kubernetes - ETCD Haute disponibilité