mirror of https://github.com/kubernetes/kops.git
Jakob Jarosch
parent
186e23b5bf
commit
5e216ca57a
|
|
@ -0,0 +1,51 @@
|
||||||
|
# Backing up etcd
|
||||||
|
|
||||||
|
Kubernetes is relying on etcd for state storage. More details about the usage
|
||||||
|
can be found [here](https://kubernetes.io/docs/admin/etcd/) and
|
||||||
|
[here](https://coreos.com/etcd/docs/2.3.7/index.html).
|
||||||
|
|
||||||
|
## Backup requirement
|
||||||
|
|
||||||
|
A Kubernetes cluster deployed with kops stores the etcd state in two different
|
||||||
|
AWS EBS volumes per master node. One volume is used to store the Kubernetes
|
||||||
|
main data, the other one for events. For a HA master with three nodes this will
|
||||||
|
result in six volumes for etcd data (one in each AZ). An EBS volume is designed
|
||||||
|
to have a [failure rate](https://aws.amazon.com/ebs/details/#AvailabilityandDurability)
|
||||||
|
of 0.1%-0.2% per year.
|
||||||
|
|
||||||
|
## Create volume backups
|
||||||
|
|
||||||
|
Kubernetes does currently not provide any option to do regular backups of etcd
|
||||||
|
out of the box.
|
||||||
|
|
||||||
|
Therefore we have to either manually backup the etcd volumes regularly or use
|
||||||
|
other AWS services to do this in a automated, scheduled way. You can for example
|
||||||
|
use CloudWatch to trigger an AWS Lamda with a defined schedule (e.g. once per
|
||||||
|
hour). The Lamda will then create a new snapshot of all etcd volumes. A complete
|
||||||
|
guide on how to setup automated snapshots can be found [here](https://serverlesscode.com/post/lambda-schedule-ebs-snapshot-backups/).
|
||||||
|
|
||||||
|
Note: this is one of many examples on how to do scheduled snapshots.
|
||||||
|
|
||||||
|
## Restore volume backups
|
||||||
|
|
||||||
|
In case the Kubernetes cluster fails in a way that too many master nodes can't
|
||||||
|
access their etcd volumes it is impossible to get a etcd quorum.
|
||||||
|
|
||||||
|
In this case it is now possible to restore the volume from a snapshot we created
|
||||||
|
earlier. Details about creating a volume from a snaphot can be found in the
|
||||||
|
[AWS documentation](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-restoring-volume.html).
|
||||||
|
|
||||||
|
Kubernetes uses protokube to identify the right volumes for etcd. Therefore it
|
||||||
|
is important to tag the EBS volumes with the correct tags after restoring them
|
||||||
|
from a EBS snapshot.
|
||||||
|
|
||||||
|
protokube will look for the following tags:
|
||||||
|
|
||||||
|
* `KubernetesCluster` containing the cluster name (e.g. `k8s.mycompany.tld`)
|
||||||
|
* `Name` containing the volume name (e.g. `eu-central-1a.etcd-main.k8s.mycompany.tld`)
|
||||||
|
* `k8s.io/etcd/main` containg the availability zone of the volume (e.g. `eu-central-1a/eu-central-1a`)
|
||||||
|
* `k8s.io/role/master` with the value `1`
|
||||||
|
|
||||||
|
After fully restoring the volume ensure that the old volume is no longer there,
|
||||||
|
or you've removed the tags from the old volume. After restarting the master node
|
||||||
|
Kubernetes should pick up the new volume and start running again.
|
||||||
Loading…
Reference in New Issue