Search
๐Ÿ“

Test - Backup and Restore Methods 2

Date
2025/01/07
Category
Devops
Tag
Kubernetes
CKA
Lab

Q3

How manyย clustersย are defined in the kubeconfig on theย student-node?
You can make use of theย kubectl configย command.

ํ’€์ด ๊ณผ์ •

kubectl config view ๋ช…๋ น์„ ํ†ตํ•ด ํ˜„์žฌ node์—์„œ ๊ด€๋ฆฌ๋˜๋Š” ํด๋Ÿฌ์Šคํ„ฐ๋ฅผ ํ™•์ธํ•  ์ˆ˜ ์žˆ๋‹ค
student-node ~ โžœ kubectl config view apiVersion: v1 clusters: - cluster: certificate-authority-data: DATA+OMITTED server: https://cluster1-controlplane:6443 name: cluster1 - cluster: certificate-authority-data: DATA+OMITTED server: https://192.1.3.9:6443 name: cluster2 contexts: - context: cluster: cluster1 user: cluster1 name: cluster1 - context: cluster: cluster2 user: cluster2 name: cluster2 current-context: cluster1 kind: Config preferences: {} users: - name: cluster1 user: client-certificate-data: DATA+OMITTED client-key-data: DATA+OMITTED - name: cluster2 user: client-certificate-data: DATA+OMITTED client-key-data: DATA+OMITTED
Bash
๋ณต์‚ฌ

์ •๋‹ต

2

Q4

How many nodes (both controlplane and worker) are part ofย cluster1?

ํ’€์ด ๊ณผ์ •

student-node ~ โžœ kubectl config use-context cluster1 Switched to context "cluster1". student-node ~ โžœ kubectl get nodes NAME STATUS ROLES AGE VERSION cluster1-controlplane Ready control-plane 78m v1.29.0 cluster1-node01 Ready <none> 78m v1.29.0
Bash
๋ณต์‚ฌ

์ •๋‹ต

2

Q5

What is the name of the controlplane node inย cluster2?

ํ’€์ด ๊ณผ์ •

student-node ~ โžœ kubectl config use-context cluster2 Switched to context "cluster2". student-node ~ โžœ kubectl get nodes NAME STATUS ROLES AGE VERSION cluster2-controlplane Ready control-plane 80m v1.29.0 cluster2-node01 Ready <none> 79m v1.29.0
Bash
๋ณต์‚ฌ

์ •๋‹ต

cluster2-controlplane

Q7

How isย ETCDย configured forย cluster1?
Remember, you can access the clusters fromย student-nodeย using theย kubectlย tool. You can alsoย sshย to the cluster nodes from theย student-node.

ํ’€์ด ๊ณผ์ •

ํด๋Ÿฌ์Šคํ„ฐ ๋‚ด๋ถ€์—์„œ pod๋กœ ์‹คํ–‰๋˜๋Š” ETCD๋Š” Stacked ETCD์ด๋‹ค. ํ•ด๋‹น ํด๋Ÿฌ์Šคํ„ฐ์—์„œ๋Š” static pod๋กœ etcd๊ฐ€ ์‹คํ–‰๋˜๊ณ  ์žˆ์œผ๋ฏ€๋กœ Stacked ์ด๋‹ค.
๋ฐฉ๋ฒ• 1) Pod ํ™•์ธ
student-node ~ โžœ kubectl config use-context cluster1 Switched to context "cluster1". student-node ~ โžœ kubectl get po -n kube-system | grep etcd etcd-cluster1-controlplane 1/1 Running 0 82m
Bash
๋ณต์‚ฌ
๋ฐฉ๋ฒ• 2) manifest ํŒŒ์ผ ํ™•์ธ
student-node ~ โžœ ssh cluster1-controlplane cluster1-controlplane ~ โžœ ls /etc/kubernetes/manifests/ | grep etcd etcd.yaml
Bash
๋ณต์‚ฌ

์ •๋‹ต

Stacked ETCD

Q8

How isย ETCDย configured forย cluster2?
Remember, you can access the clusters fromย student-nodeย using theย kubectlย tool. You can alsoย sshย to the cluster nodes from theย student-node.

ํ’€์ด ๊ณผ์ •

๋ฐฉ๋ฒ• 1) Pod ํ™•์ธ
student-node ~ โžœ kubectl config use-context cluster2 Switched to context "cluster2". student-node ~ โžœ kubectl get po -n kube-system | grep etcd
Bash
๋ณต์‚ฌ
๋ฐฉ๋ฒ• 2) manifest ํŒŒ์ผ ํ™•์ธ
student-node ~ โžœ ssh cluster2-controlplane cluster2-controlplane ~ โžœ ls /etc/kubernetes/manifests/ | grep etcd
Bash
๋ณต์‚ฌ
etcd๊ฐ€ ํด๋Ÿฌ์Šคํ„ฐ ๋‚ด๋ถ€์— ์œ„์น˜ํ•˜๊ณ  ์žˆ์ง€ ์•Š์œผ๋ฏ€๋กœ Stacked ETCD๋Š” ์•„๋‹ˆ๋‹ค. ๊ทธ๋ ‡๋‹ค๋ฉด โ€˜ETCD๊ฐ€ ์—†๋Š”๊ฐ€โ€™์— ๋Œ€ํ•ด ํ™•์ธํ•ด์•ผ ํ•œ๋‹ค. ETCD์— ๋Œ€ํ•œ ํ”„๋กœ์„ธ์Šค๊ฐ€ ์žˆ๋Š”์ง€์— ๋Œ€ํ•œ ํ™•์ธ์ด ํ•„์š”ํ•˜๋‹ค. kube-apiserver์—์„œ external etcd๋ฅผ ํ™•์ธํ•  ์ˆ˜ ์žˆ์—ˆ๋‹ค.
cluster2-controlplane ~ โžœ ps -ef | grep etcd root 2881 2474 0 Jan07 ? 00:03:57 kube-apiserver --advertise-address=192.1.3.9 --allow-privileged=true --authorization-mode=Node,RBAC --client-ca-file=/etc/kubernetes/pki/ca.crt --enable-admission-plugins=NodeRestriction --enable-bootstrap-token-auth=true --etcd-cafile=/etc/kubernetes/pki/etcd/ca.pem --etcd-certfile=/etc/kubernetes/pki/etcd/etcd.pem --etcd-keyfile=/etc/kubernetes/pki/etcd/etcd-key.pem --etcd-servers=https://192.1.3.17:2379 --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt --kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key --requestheader-allowed-names=front-proxy-client --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt --requestheader-extra-headers-prefix=X-Remote-Extra- --requestheader-group-headers=X-Remote-Group --requestheader-username-headers=X-Remote-User --secure-port=6443 --service-account-issuer=https://kubernetes.default.svc.cluster.local --service-account-key-file=/etc/kubernetes/pki/sa.pub --service-account-signing-key-file=/etc/kubernetes/pki/sa.key --service-cluster-ip-range=10.96.0.0/12 --tls-cert-file=/etc/kubernetes/pki/apiserver.crt --tls-private-key-file=/etc/kubernetes/pki/apiserver.key root 11661 11576 0 01:18 pts/0 00:00:00 grep etcd
Bash
๋ณต์‚ฌ

์ •๋‹ต

External ETCD

Q9

What is the IP address of theย External ETCDย datastore used inย cluster2?

ํ’€์ด ๊ณผ์ •

์œ„์—์„œ ํ™•์ธํ•œ etcd์— ๋Œ€ํ•œ kube-apiserver ํ”„๋กœ์„ธ์Šค์—์„œ etcd-server์— ๋Œ€ํ•œ ์ •๋ณด๋ฅผ ํ™•์ธํ•  ์ˆ˜ ์žˆ๋‹ค. ํ”„๋กœ์„ธ์Šค๋กœ ํ™•์ธํ•˜๋Š” ๋ฐฉ๋ฒ• ์ด์™ธ์˜ ๋ฐฉ๋ฒ•์œผ๋กœ๋Š” kube-apiserver pod์˜ ์„ธ๋ถ€์‚ฌํ•ญ์„ ํ™•์ธํ•˜๋ฉด ๋œ๋‹ค. describe ๋ช…๋ น์–ด๋กœ ํ™•์ธํ•˜๊ฑฐ๋‚˜ manifest๋ฅผ ํ™•์ธํ•˜๋ฉด ๋œ๋‹ค.
๋ฐฉ๋ฒ• 1) Pod detail๋กœ ํ™•์ธ
student-node ~ โžœ kubectl config use-context cluster2 Switched to context "cluster2". student-node ~ โžœ kubectl describe -n kube-system po kube-apiserver-cluster2-controlplane | grep etcd-server --etcd-servers=https://192.1.3.17:2379
Bash
๋ณต์‚ฌ
๋ฐฉ๋ฒ•2) manifest ํ™•์ธ
student-node ~ โžœ ssh cluster2-controlplane cluster2-controlplane ~ โžœ cat /etc/kubernetes/manifests/kube-apiserver.yaml | grep etcd-server - --etcd-servers=https://192.1.3.17:2379
Bash
๋ณต์‚ฌ

์ •๋‹ต

192.1.3.17 (๊ทธ๋•Œ๊ทธ๋•Œ ๋‹ค๋ฆ„)

Q10

What is the default data directory used the for ETCD datastore used in cluster1?
Remember, this cluster uses a Stacked ETCD topology.

ํ’€์ด ๊ณผ์ •

๋ฐฉ๋ฒ• 1) Pod detail๋กœ ํ™•์ธ
student-node ~ โžœ kubectl config use-context cluster2 Switched to context "cluster2". student-node ~ โžœ kubectl describe -n kube-system po kube-apiserver-cluster2-controlplane | grep etcd-server --etcd-servers=https://192.1.3.17:2379
Bash
๋ณต์‚ฌ
๋ฐฉ๋ฒ•2) manifest ํ™•์ธ
student-node ~ โžœ ssh cluster1-controlplane cluster1-controlplane ~ โžœ cat /etc/kubernetes/manifests/etcd.yaml | grep data-dir - --data-dir=/var/lib/etcd
Bash
๋ณต์‚ฌ

์ •๋‹ต

/var/lib/etcd

Q12

What is the default data directory used the for ETCD datastore used in cluster2?
Remember, this cluster uses a External ETCD topology.

ํ’€์ด ๊ณผ์ •

์™ธ๋ถ€ ETCD๋Š” pod๋‚˜ manifest๊ฐ€ ํด๋Ÿฌ์Šคํ„ฐ ๋‚ด๋ถ€์— ์—†๊ธฐ ๋•Œ๋ฌธ์— ์œ„์—์„œ ์ง„ํ–‰ํ•œ ๋ฐฉ๋ฒ•๋“ค๋กœ๋Š” ํ™•์ธํ•  ์ˆ˜ ์—†๋‹ค. Q11์—์„œ ์ œ๊ณต๋œ๋Œ€๋กœ etcd-server๋กœ ssh ์ ‘์†์„ ํ†ตํ•ด ํ™•์ธํ•ด์•ผ ํ•œ๋‹ค.
student-node ~ โžœ ssh etcd-server etcd-server ~ โžœ ps -ef | grep etcd | grep --color=auto data-dir etcd 824 1 0 Jan07 ? 00:01:50 /usr/local/bin/etcd --name etcd-server --data-dir=/var/lib/etcd-data --cert-file=/etc/etcd/pki/etcd.pem --key-file=/etc/etcd/pki/etcd-key.pem --peer-cert-file=/etc/etcd/pki/etcd.pem --peer-key-file=/etc/etcd/pki/etcd-key.pem --trusted-ca-file=/etc/etcd/pki/ca.pem --peer-trusted-ca-file=/etc/etcd/pki/ca.pem --peer-client-cert-auth --client-cert-auth --initial-advertise-peer-urls https://192.1.3.17:2380 --listen-peer-urls https://192.1.3.17:2380 --advertise-client-urls https://192.1.3.17:2379 --listen-client-urls https://192.1.3.17:2379,https://127.0.0.1:2379 --initial-cluster-token etcd-cluster-1 --initial-cluster etcd-server=https://192.1.3.17:2380 --initial-cluster-state new
Bash
๋ณต์‚ฌ

์ •๋‹ต

/var/lib/etcd-data

Q13

How many nodes are part of theย ETCDย cluster thatย etcd-serverย is a part of?

ํ’€์ด ๊ณผ์ •

etcdctl member list ๋ช…๋ น์œผ๋กœ cluster node๋“ค์„ ํ™•์ธํ•  ์ˆ˜ ์žˆ๋‹ค. ํด๋Ÿฌ์Šคํ„ฐ ์ •๋ณด๋ฅผ ์œ„ํ•ด ์ธ์ฆ์ด ํ•„์š”ํ•˜๊ธฐ ๋•Œ๋ฌธ์— snapshot์„ ํ•  ๋•Œ์™€ ๊ฐ™์ด ๊ฐ๊ฐ์˜ ํ”Œ๋ž˜๊ทธ์— ๋Œ€ํ•œ ์ •๋ณด๋ฅผ ๊ธฐ์ž…ํ•œ๋‹ค. ์ด๋Š” ์œ„์—์„œ ํ™•์ธํ–ˆ๋˜ etcd ํ”„๋กœ์„ธ์Šค ๊ฒฐ๊ณผ๊ฐ’์œผ๋กœ ํ™•์ธ ๊ฐ€๋Šฅํ•˜๋‹ค.
etcd-server ~ โžœ ETCDCTL_API=3 etcdctl member list \ --endpoints=127.0.0.1:2379 \ --cert=/etc/etcd/pki/etcd.pem \ --cacert=/etc/etcd/pki/ca.pem \ --key=/etc/etcd/pki/etcd-key.pem 77a603763678b2f4, started, etcd-server, https://192.1.3.17:2380, https://192.1.3.17:2379, false
Bash
๋ณต์‚ฌ

์ •๋‹ต

1

Q14

Take a backup ofย etcdย onย cluster1ย and save it on theย student-nodeย at the pathย /opt/cluster1.db

ํ’€์ด

1.
snapshot ์ƒ์„ฑ
student-node ~ โžœ ssh cluster1-controlplane cluster1-controlplane ~ โžœ ETCDCTL_API=3 etcdctl snapshot save /opt/cluster1.db \ --endpoints=127.0.0.1:2379 \ --cert=/etc/kubernetes/pki/etcd/server.crt \ --cacert=/etc/kubernetes/pki/etcd/ca.crt \ --key=/etc/kubernetes/pki/etcd/server.key Snapshot saved at /opt/cluster1.db
Bash
๋ณต์‚ฌ
2.
student-node๋กœ ํŒŒ์ผ ๋ณต์‚ฌ
student-node ~ โžœ scp cluster1-controlplane:/opt/cluster1.db /opt/cluster1.db cluster1.db 100% 2200KB 134.4MB/s 00:00 student-node ~ โžœ ls /opt cluster1.db
Bash
๋ณต์‚ฌ

Q15

Anย ETCDย backup forย cluster2ย is stored atย /opt/cluster2.db. Use this snapshot file to carryout a restore onย cluster2ย to a new pathย /var/lib/etcd-data-new.
Once the restore is complete, ensure that the controlplane components onย cluster2ย are running.
The snapshot was taken when there were objects created in theย criticalย namespace onย cluster2. These objects should be available post restore.

ํ’€์ด

1.
etcd-server๋กœ cluster2.db ์Šค๋ƒ…์ƒท ๋ณต์‚ฌ
student-node ~ โžœ scp /opt/cluster2.db etcd-server:/root cluster2.db 100% 2320KB 209.3MB/s 00:00
Bash
๋ณต์‚ฌ
2.
์Šค๋ƒ…์ƒท์„ ํ†ตํ•ด ๋ณต์›
etcd-server ~ โžœ ETCDCTL_API=3 etcdctl snapshot restore /root/cluster2.db \ --data-dir=/var/lib/etcd-data-new {"level":"info","ts":1736301547.4107833,"caller":"snapshot/v3_snapshot.go:296","msg":"restoring snapshot","path":"/root/cluster2.db","wal-dir":"/var/lib/etcd-data-new/member/wal","data-dir":"/var/lib/etcd-data-new","snap-dir":"/var/lib/etcd-data-new/member/snap"} {"level":"info","ts":1736301547.429816,"caller":"mvcc/kvstore.go:388","msg":"restored last compact revision","meta-bucket-name":"meta","meta-bucket-name-key":"finishedCompactRev","restored-compact-revision":10635} {"level":"info","ts":1736301547.4367092,"caller":"membership/cluster.go:392","msg":"added member","cluster-id":"cdf818194e3a8c32","local-member-id":"0","added-peer-id":"8e9e05c52164694d","added-peer-peer-urls":["http://localhost:2380"]} {"level":"info","ts":1736301547.4433842,"caller":"snapshot/v3_snapshot.go:309","msg":"restored snapshot","path":"/root/cluster2.db","wal-dir":"/var/lib/etcd-data-new/member/wal","data-dir":"/var/lib/etcd-data-new","snap-dir":"/var/lib/etcd-data-new/member/snap"}
Bash
๋ณต์‚ฌ
3.
data-dir ๊ฒฝ๋กœ ์—…๋ฐ์ดํŠธ
ํ•ด๋‹น ETCD๋Š” External ETCD๋กœ, pod ํ˜•ํƒœ๊ฐ€ ์•„๋‹Œ ์„œ๋น„์Šค๋กœ ์‹คํ–‰๋˜๊ธฐ ๋•Œ๋ฌธ์— systemd์—์„œ ํ™•์ธํ•ด์•ผ ํ•œ๋‹ค. ๋”ฐ๋ผ์„œ /etc/systemd/system/etcd.service ํŒŒ์ผ์„ ์ˆ˜์ •ํ•˜๋ฉด ๋˜๋Š”๋ฐ ํ•ด๋‹น ๊ฒฝ๋กœ๋ฅผ ํ™•์ธํ•˜๋Š” ๊ฒƒ์€ systemctl status etcd ๋ฅผ ํ†ตํ•ด etcd์˜ ์„œ๋น„์Šค ํŒŒ์ผ ๊ฒฝ๋กœ๋ฅผ ํ™•์ธํ•  ์ˆ˜ ์žˆ๋‹ค.
vi /etc/systemd/system/etcd.service [Unit] Description=etcd key-value store Documentation=https://github.com/etcd-io/etcd After=network.target [Service] User=etcd Type=notify ExecStart=/usr/local/bin/etcd \ --name etcd-server \ --data-dir=/var/lib/etcd-data-new \ # ํ•ด๋‹น ๊ฒฝ๋กœ ์—…๋ฐ์ดํŠธ ...
Bash
๋ณต์‚ฌ
4.
๊ถŒํ•œ ์—…๋ฐ์ดํŠธ
etcd-server ~ โžœ chown -R etcd:etcd /var/lib/etcd-data-new
Bash
๋ณต์‚ฌ
5.
etcd service ์žฌ์‹œ์ž‘
systemctl daemon-reload systemctl restart etcd
Bash
๋ณต์‚ฌ
6.
ํ™•์ธ
apiserver, scheduler, controller-manager๊ฐ€ Restore ๊ณผ์ •์„ ํ†ตํ•ด ์žฌ์‹œ์ž‘๋˜์—ˆ์Œ์„ ํ™•์ธํ•  ์ˆ˜ ์žˆ๋‹ค.
student-node ~ โžœ kubectl get po -n kube-system NAME READY STATUS RESTARTS AGE coredns-69f9c977-4kjqc 1/1 Running 0 46m coredns-69f9c977-wvn8z 1/1 Running 0 46m kube-apiserver-cluster2-controlplane 1/1 Running 7 (4m8s ago) 46m kube-controller-manager-cluster2-controlplane 1/1 Running 1 (10m ago) 46m kube-proxy-ghcdq 1/1 Running 0 45m kube-proxy-tpjh6 1/1 Running 0 46m kube-scheduler-cluster2-controlplane 1/1 Running 1 (10m ago) 46m weave-net-75x5z 2/2 Running 1 (46m ago) 46m weave-net-t6bn2 2/2 Running 0 45m
Bash
๋ณต์‚ฌ

TroubleShooting

๊ถŒํ•œ์„ ์—…๋ฐ์ดํŠธํ•˜์ง€ ์•Š๊ณ  ์ง„ํ–‰ํ–ˆ์„ ๊ฒฝ์šฐ ์•„๋ž˜์™€ ๊ฐ™์ด etcd ์„œ๋น„์Šค๊ฐ€ ์žฌ์‹œ์ž‘ ๋˜์ง€ ์•Š์œผ๋ฉฐ, ๋™์ž‘ํ•˜๊ณ  ์žˆ์ง€ ์•Š์Œ์„ ๋ณผ ์ˆ˜ ์žˆ๋‹ค.
etcd-server ~ โžœ systemctl restart etcd Job for etcd.service failed because the control process exited with error code. See "systemctl status etcd.service" and "journalctl -xe" for details. etcd-server ~ โœ– systemctl status etcd โ— etcd.service - etcd key-value store Loaded: loaded (/etc/systemd/system/etcd.service; enabled; vendor preset: enabled) Active: activating (auto-restart) (Result: exit-code) since Wed 2025-01-08 02:13:13 UTC; 83 9ms ago Docs: https://github.com/etcd-io/etcd Process: 2083 ExecStart=/usr/local/bin/etcd --name etcd-server --data-dir=/var/lib/etcd-data -new --cert-file=/etc/etcd/pki/etcd.pem --key-file=/etc/etcd/pki/etcd-key.pem --peer-cert-file =/etc/etcd/pki/etcd.pem --peer-key-file=/etc/etcd/pki/etcd-key.pem --trusted-ca-file=/etc/etcd /pki/ca.pem --peer-trusted-ca-file=/etc/etcd/pki/ca.pem --peer-client-cert-auth --client-cert- auth --initial-advertise-peer-urls https://192.2.20.6:2380 --listen-peer-urls https://192.2.20 .6:2380 --advertise-client-urls https://192.2.20.6:2379 --listen-client-urls https://192.2.20. 6:2379,https://127.0.0.1:2379 --initial-cluster-token etcd-cluster-1 --initial-cluster etcd-se rver=https://192.2.20.6:2380 --initial-cluster-state new (code=exited, status=1/FAILUR E) Main PID: 2083 (code=exited, status=1/FAILURE)
Bash
๋ณต์‚ฌ
๋ฌธ์ œ ํ•ด๊ฒฐ์„ ์œ„ํ•ดjournalctl์„ ํ†ตํ•ด ์—๋Ÿฌ ๋กœ๊ทธ๋ฅผ ํ™•์ธํ•ด๋ณด์•˜์„ ๋•Œ, ETCD์— ์ง€์ •๋œ ๋ฐ์ดํ„ฐ ๋””๋ ‰ํ† ๋ฆฌ๋ฅผ ์ฐพ์ง€ ๋ชปํ–ˆ๊ฑฐ๋‚˜ ํ•ด๋‹น ๋””๋ ‰ํ† ๋ฆฌ์— ์ ‘๊ทผํ•  ์ˆ˜ ์—†์–ด etcd ์„œ๋น„์Šค๊ฐ€ ์‹คํŒจ๋จ์„ ํ™•์ธํ•  ์ˆ˜ ์žˆ์—ˆ๋‹ค.
Jan 08 02:15:09 etcd-server etcd[2326]: error listing data dir: /var/l ib/etcd-data-new Jan 08 02:15:09 etcd-server systemd[1]: Failed to start etcd key-value store.
Bash
๋ณต์‚ฌ
๋”ฐ๋ผ์„œ etcd-data-new์˜ ๊ถŒํ•œ์„ ํ™•์ธํ•˜์˜€๊ณ , ์†Œ์œ  ๊ถŒํ•œ์„ root โ†’ etcd ๋ณ€๊ฒฝ์„ ํ†ตํ•ด ์‹คํ–‰์„ ์™„๋ฃŒํ–ˆ๋‹ค.
etcd-server ~ โžœ ls -l /var/lib | grep etcd-data drwx------ 1 etcd etcd 4096 Jan 8 01:36 etcd-data drwx------ 3 root root 4096 Jan 8 02:06 etcd-data-new etcd-server ~ โžœ chown -R etcd:etcd /var/lib/etcd-data-new etcd-server ~ โžœ systemctl daemon-reload etcd-server ~ โžœ systemctl restart etcd
Bash
๋ณต์‚ฌ