Backing up etcd

Back up your cluster’s etcd data regularly and store in a secure location ideally outside the OKD environment. Do not take an etcd backup before the first certificate rotation completes, which occurs 24 hours after installation, otherwise the backup will contain expired certificates. It is also recommended to take etcd backups during non-peak usage hours, as it is a blocking action.

Be sure to take an etcd backup after you upgrade your cluster. This is important because when you restore your cluster, you must use an etcd backup that was taken from the same z-stream release. For example, an OKD 4.6.2 cluster must use an etcd backup that was taken from 4.6.2.

After you have an etcd backup, you can restore to a previous cluster state.

You can perform the on any control plane host that has a running etcd instance.

Follow these steps to back up etcd data by creating an etcd snapshot and backing up the resources for the static pods. This backup can be saved and used at a later time if you need to restore etcd.

• You have access to the cluster as a user with the role.

Procedure

1. Start a debug session for a control plane node:

2. Change your root directory to the host:

3. Example script output

   In this example, two files are created in the /home/core/assets/backup/ directory on the control plane host:

   • snapshot_<datetimestamp>.db: This file is the etcd snapshot. The cluster-backup.sh script confirms its validity.