Riyaz Shaik:
Hey guys! I did came across the question to take etcd backup BUT from the base node (not from the master), in this case, I tried the mention the --endpoint as, for instance advertise-client-urls=<https://172.17.0.15:2379> but I did get a error msg saying, it could not find the cert files since its checking the base node for those certs. Wondering how you guys performed the task
Mohamed Ayman:
The etcd instance that you are supposed to use for saving and restoring the snapshot is running as a service on the base node.
In this case, the ETCD is running on the same server where we are running the commands (which is the controlplane node). As a result, the --endpoint argument is optional and can be ignored.
The options --cert, --cacert and --key are mandatory to authenticate to the ETCD server to take the backup.
Dr Ganesh Neelakanta Iyer:
.
Dr Ganesh Neelakanta Iyer:
The documentation has been updated recently and it has the options in such a case.
Dr Ganesh Neelakanta Iyer:
The example on using certs for backup has been recently added (contributed my myself) in the documentation. Please find it here. https://kubernetes.io/docs/tasks/administer-cluster/configure-upgrade-etcd/#snapshot-using-etcdctl-options|https://kubernetes.io/docs/tasks/administer-cluster/configure-upgrade-etcd/#snapshot-using-etcdctl-options
George Keratishvili:
@Mohamed Ayman are you sure etcd is running as systemd service and not a static pod?
George Keratishvili:
in new versions of kubernetes I have not seen etcd running as service it is always running as static pod
Bukola:
I think @Riyaz Shaik question if I understand well is that , where do you get certificates to use if you are asked to perform etcd restore from the Node ( and not from the control plane)