Thank you for the video. I attempted CKA once, but of no luck to clear. I had etcd backup as well as restore question. In the question, they mentioned the cert and key file paths (They were under /opt/....). So, i just need to make use of them, right. In addition, I couldnt locate the restore filepath (similar to /var/lib/etcd) and hence I couldn't restore etcd at all. Could you please suggest here.
yes, if they have given the path for cert and key, use them. Since they did not give you the data directory, just use the same directory as before, or create a path of your own, that does not matter.
Thank you so much for the video brother, very helpful and informative, just wondering, why do you not specify endpoints in the the snapshot save command and only on the snapshot restore?
Good question - so snapshot save command assume that you are backing up a local etcd cluster - in case you are not, I think you would have to pass the endpoint parameter even while taking the backup and same thing goes for the restore process as well
this is the best way "rm -rf /var/lib/etcd"....if it says it exists do it again and restore.... no need to update the ectd manifest....thank you so much
This is really good but I think it would be advisable to restore in a different path and update the etcd static manifests to point to the new directory. This way you can still rollback to the previous ETCD database.
Hello sir today I had given CKA exam...😢but their were lot of issues like it was lagging very much i was not able to finish it . I got a question to create a network policy for the pod in a namespace to access another pods in another namespace on port 8443 ...but when i checked the pods their were no labels..
@@akhilagarwal-wj3pk when you dont have lables on the pods and you need to provide access across namespaces, then you can allow for the whole namespace - the example is there in the documentation itself - kubernetes.io/docs/concepts/services-networking/network-policies/
I have question, I gave first attempt last year unfortunately wasn't clear. The question I got too in Exam however they provide the --data-dir path and backup to restore not the same as backup. In that what we have to do? I didn't restore etcd snapshot from the given data-dir. Should I changed the path in ETCD.yaml file if Yes, then which locations the path would be change.
sorry I didn't understand the question but I think you are saying that they gave you a backup and a data dir right. So yes, you would have to modify the data dir in etcd.yaml file and while using etcdctl restore command you would have to use the backup they have provided
@InfiniteLinux Thank you for your replay. Apologize for the inconvenience. Yes they have given the path and having a backup in it for the restoration. Now as in video you have run the command rm -rf /data-dir-path. If we do the same thing in exam the backup will be removed right. Just confirm we need to follow 2 steps. 1) Update the data-dir path according to given one in etcd.yaml file. 2) Move the backup to any location before running that rm -rf command. Then, restore it finally. Am I correct?
in the exam i cannot locate the peer ca file even though i copied the file path that was provided. it says file not found/not exist. do i need to get ssh node first to perform backup?
Hello, thanks for the video and information. I have a question. Are questions like the ones in this video asked in the CKA exam? Or is a backup taken from an external etcd-server like in the restore method 2 section of Kodekloud?
Hi! I took my CKA exam yesterday, I got the question about ssh into node, and perform back up and restore of etcd with peer.key and peer.crt. If I passed those in when backing up, I received “no such file or directory” error on the peer.crt/peer.key. Any idea what to do here? Can’t find any examples out there that does this either. I also tried server.crt and server.key, but all I got was “permission denied”, so I suspect I have to authenticate with the peer flags somehow(?) These peer flags were also not present when checking the etcd pod’s commands. I do see in the docs, under Securing Communication that there are some peer flags for configuring etcd with secure peer comm., but these flags were unknown to the etcdctl tool
what location were you passing for the peer.key and peer.crt - did you check the etcd yaml file, it would be on control plane node under /etc/kubernetes
I got the same questions and "permission denied" , it took me 30min+ which makes me failed. :( Maybe I was in wrong node/user but I tried all possible excluding exec in any pod. even I didn't get /etc/kubernets/mianfest/etcd.yml to check or ls the path which shows not exist. ::( also I was stuck in cluster upgrade 1.31.0 to 1.31.1 where I used kubeadm=1.31.1-1.1 and I run kubeadm upgrade plan v1.31.1 it shows error, but so far I found solution 1.31.1-00 , I don't know if it will works next time. next week retake scheduled still searching to get solutions.
Hi i didnot see any modification in hostpath /var/lib/etcd-backup in etcd.yaml file is that ok for restore , you just restoered to / location var/lib/ but you need to update in yaml file right
@@nithinjohn135 so you will have access to a workstation node, from which you can ssh onto any node (master or worker) using the ssh command - I don't think there would be a scenario where a command you want is not present
@InfiniteLinux if i need to ssh node.. the. Do I still need to use endpoint. Thanks for replying... Somewhere i saw in question mentioned there was no need to change any context configuration and and need to exit from master node.
@@sameerhamid453 endpoint is basically a way of telling where the etcd cluster is running, in this case we were running it locally, so I think even if you don't give the endpoint, that should work but in actual system, etcd is mostly run outside the cluster so you need to tell etcdctl about the endpoint
restore command in the documentation doesn't specify all the details for cert names etc It says ETCDCTL_API=3 etcdctl snapshot restore --data-dir snapshotdb So that should be sufficient
@@InfiniteLinux actually I found another answer to that question. So it appears it is not necessary to use certificates for restore as it doesn't connect to the etcd server Note that for restore on single etcd node clusters such as those found in the exam, it is not necessary to use the certificate arguments, since all the restore is doing is creating a directory. It does not need to communicate with the etcd server - which may even not be running if the exam deliberately sets it up with a corrupt database. You would only use certs and some additional arguments when restoring a broken node into what is left of a multi-node etcd, which is beyond the scope of CKA.
In the exam when you get the restore question, you also have to modify etcd manifest for it to read from the restored backup location? or just restore to a specific dir will suffice?
This is the best video that I have watched for Backup and Restore of ETCD Cluster. It works like a charm. Thank you!
Thank you Ritika, glad you liked it :)
Awesome video, thank you. Also got a laugh at 7:40 "If you make a mistake, your cluster is fucked" lmao
hahahha, which is actually true
Bro is so real ! 7:40
"If we do a mistake, the cluster is literally *FU**ED* ! "
Right? It's like playing Jenga with your cluster-one wrong block and the whole thing comes crashing down! 😅
Thank you for the video. I attempted CKA once, but of no luck to clear. I had etcd backup as well as restore question. In the question, they mentioned the cert and key file paths (They were under /opt/....). So, i just need to make use of them, right.
In addition, I couldnt locate the restore filepath (similar to /var/lib/etcd) and hence I couldn't restore etcd at all.
Could you please suggest here.
yes, if they have given the path for cert and key, use them. Since they did not give you the data directory, just use the same directory as before, or create a path of your own, that does not matter.
@@InfiniteLinux Thank you for the reply.
Thank you so much for the video brother, very helpful and informative, just wondering, why do you not specify endpoints in the the snapshot save command and only on the snapshot restore?
Good question - so snapshot save command assume that you are backing up a local etcd cluster - in case you are not, I think you would have to pass the endpoint parameter even while taking the backup and same thing goes for the restore process as well
this is the best way "rm -rf /var/lib/etcd"....if it says it exists do it again and restore.... no need to update the ectd manifest....thank you so much
:) :)
This is really good but I think it would be advisable to restore in a different path and update the etcd static manifests to point to the new directory. This way you can still rollback to the previous ETCD database.
yes, in actual production systems for sure
Hi..thanks for the sharing info...if I have 3 etcd ...should I add 3 etcd IP at the endpoint parameter? Please advise. Thank you.
yes, you can add comma separated entries
noted with thanks@@InfiniteLinux
Thank you so much for this series
Welcome :)
Hello sir today I had given CKA exam...😢but their were lot of issues like it was lagging very much i was not able to finish it .
I got a question to create a network policy for the pod in a namespace to access another pods in another namespace on port 8443 ...but when i checked the pods their were no labels..
Could you please tell me how can we do that?
@@akhilagarwal-wj3pk when you dont have lables on the pods and you need to provide access across namespaces, then you can allow for the whole namespace - the example is there in the documentation itself - kubernetes.io/docs/concepts/services-networking/network-policies/
Shouldn't the --endpoints= be in backup and not restore?
I have question, I gave first attempt last year unfortunately wasn't clear. The question I got too in Exam however they provide the --data-dir path and backup to restore not the same as backup. In that what we have to do? I didn't restore etcd snapshot from the given data-dir. Should I changed the path in ETCD.yaml file if Yes, then which locations the path would be change.
sorry I didn't understand the question but I think you are saying that they gave you a backup and a data dir right.
So yes, you would have to modify the data dir in etcd.yaml file and while using etcdctl restore command you would have to use the backup they have provided
@InfiniteLinux Thank you for your replay.
Apologize for the inconvenience. Yes they have given the path and having a backup in it for the restoration.
Now as in video you have run the command rm -rf /data-dir-path. If we do the same thing in exam the backup will be removed right. Just confirm we need to follow 2 steps.
1) Update the data-dir path according to given one in etcd.yaml file.
2) Move the backup to any location before running that rm -rf command.
Then, restore it finally. Am I correct?
@@sajjadanwer4703 data-dir is basically where etcd stores its data and backup you can take at any location using the etcdctl snapshot command
in the exam i cannot locate the peer ca file even though i copied the file path that was provided. it says file not found/not exist.
do i need to get ssh node first to perform backup?
you should've cat out the etcd yaml file, that would have the required information
i had to use root account sudo su -
Hello, thanks for the video and information. I have a question. Are questions like the ones in this video asked in the CKA exam? Or is a backup taken from an external etcd-server like in the restore method 2 section of Kodekloud?
this is exactly what is asked in the CKA exam
Hi! I took my CKA exam yesterday, I got the question about ssh into node, and perform back up and restore of etcd with peer.key and peer.crt. If I passed those in when backing up, I received “no such file or directory” error on the peer.crt/peer.key. Any idea what to do here? Can’t find any examples out there that does this either.
I also tried server.crt and server.key, but all I got was “permission denied”, so I suspect I have to authenticate with the peer flags somehow(?) These peer flags were also not present when checking the etcd pod’s commands. I do see in the docs, under Securing Communication that there are some peer flags for configuring etcd with secure peer comm., but these flags were unknown to the etcdctl tool
what location were you passing for the peer.key and peer.crt - did you check the etcd yaml file, it would be on control plane node under /etc/kubernetes
I got the same questions and "permission denied" , it took me 30min+ which makes me failed. :( Maybe I was in wrong node/user but I tried all possible excluding exec in any pod. even I didn't get /etc/kubernets/mianfest/etcd.yml to check or ls the path which shows not exist. ::( also I was stuck in cluster upgrade 1.31.0 to 1.31.1 where I used kubeadm=1.31.1-1.1 and I run kubeadm upgrade plan v1.31.1 it shows error, but so far I found solution 1.31.1-00 , I don't know if it will works next time.
next week retake scheduled still searching to get solutions.
@@lazyyellow9825 you should never spend more than 5mins on one questions, if you are stuck, just leave the question and move on
@@lazyyellow9825 hello buddy, I solved the problem in my second exam, the problem is to use sudo in all the operations you will do.
@@erdi005 OMG thanks a lot buddy. tmr I have 2nd attempts. now working on cluster upgrade, any tips
A big fan since the linux boot process video ,you posted long back....
any chance of getting a K8 series
what do you want me to cover in that series, im not doing kubernetes because every tom dick and harry is creating content on it :)
Hi i didnot see any modification in hostpath /var/lib/etcd-backup in etcd.yaml file is that ok for restore , you just restoered to / location var/lib/ but you need to update in yaml file right
Since I used the same data directory, I didn't need to update the yaml
Hi if i did all other questions and something got wrong when i did the restore at the last will it cause me to fail with all other questions wrong
for that particular cluster - yes
Also will the question ask to do it on base node and then SCP to master node , also what to do when that command is not installed
@@nithinjohn135 so you will have access to a workstation node, from which you can ssh onto any node (master or worker) using the ssh command - I don't think there would be a scenario where a command you want is not present
Do we need to ssh to node or we are doing this from local computer.
For etcd backup and store - you need to ssh on to the kubernetes master node
@InfiniteLinux if i need to ssh node.. the. Do I still need to use endpoint.
Thanks for replying... Somewhere i saw in question mentioned there was no need to change any context configuration and and need to exit from master node.
@@sameerhamid453 endpoint is basically a way of telling where the etcd cluster is running, in this case we were running it locally, so I think even if you don't give the endpoint, that should work but in actual system, etcd is mostly run outside the cluster so you need to tell etcdctl about the endpoint
restore command in the documentation doesn't specify all the details for cert names etc
It says ETCDCTL_API=3 etcdctl snapshot restore --data-dir snapshotdb
So that should be sufficient
Nope, because you need to authenticate with ETCD cluster, that command would work if there is no authentication required.
@@InfiniteLinux ah , makes sense. Thanks
@@InfiniteLinux actually I found another answer to that question. So it appears it is not necessary to use certificates for restore as it doesn't connect to the etcd server
Note that for restore on single etcd node clusters such as those found in the exam, it is not necessary to use the certificate arguments, since all the restore is doing is creating a directory. It does not need to communicate with the etcd server - which may even not be running if the exam deliberately sets it up with a corrupt database. You would only use certs and some additional arguments when restoring a broken node into what is left of a multi-node etcd, which is beyond the scope of CKA.
Since they are static pods in kube-system namespaces, we can delete theses pods to Remove any stale old dependencies 🙂
Thank you so much
Welcome brother!!
In the exam when you get the restore question, you also have to modify etcd manifest for it to read from the restored backup location? or just restore to a specific dir will suffice?
yes, you have to modify the etcd manifest as well
@@InfiniteLinux After upating the manifest do I have restart kubeadm or etcd?
@@sanatteli8569 after you update the etcd.yaml file, since its a static pod configuration, it should restart on it own
@@InfiniteLinux Hi, could you pls elaborate on this.. Which parameter do we need to modify.
@@Such_A_Wonderful_World undert hostPath. change the path to the data-dir used