Command Lines for etcd Operations in Kubernetes

# Cheatsheet for etcd Operation in Kubernetes Here are some essential commands for configuring and managing etcd in a Kubernetes cluster: Adjust the endpoints, certificate paths, and IP addresses according to your specific cluster configuration. **Check etcd version:** ```bash ETCDCTL_API=3 etcdctl --endpoints=https://127.0.0.1:2379 \ --cacert=/etc/kubernetes/pki/etcd/ca.crt \ --cert=/etc/kubernetes/pki/etcd/server.crt \ --key=/etc/kubernetes/pki/etcd/server.key \ version ``` ## Performance and Resource Management **Check etcd database size:** ```bash ETCDCTL_API=3 etcdctl --endpoints=https://127.0.0.1:2379 \ --cacert=/etc/kubernetes/pki/etcd/ca.crt \ --cert=/etc/kubernetes/pki/etcd/server.crt \ --key=/etc/kubernetes/pki/etcd/server.key \ endpoint status --write-out=table ``` **Monitor etcd performance metrics:** ```bash ETCDCTL_API=3 etcdctl --endpoints=https://127.0.0.1:2379 \ --cacert=/etc/kubernetes/pki/etcd/ca.crt \ --cert=/etc/kubernetes/pki/etcd/server.crt \ --key=/etc/kubernetes/pki/etcd/server.key \ endpoint --cluster-health ``` ## High Availability and Resilience **Check cluster member status:** ```bash ETCDCTL_API=3 etcdctl --endpoints=https://127.0.0.1:2379 \ --cacert=/etc/kubernetes/pki/etcd/ca.crt \ --cert=/etc/kubernetes/pki/etcd/server.crt \ --key=/etc/kubernetes/pki/etcd/server.key \ member list -w table ``` **Add a new member to the cluster:** ```bash ETCDCTL_API=3 etcdctl --endpoints=https://127.0.0.1:2379 \ --cacert=/etc/kubernetes/pki/etcd/ca.crt \ --cert=/etc/kubernetes/pki/etcd/server.crt \ --key=/etc/kubernetes/pki/etcd/server.key \ member add etcd4 --peer-urls=https://10.0.0.4:2380 ``` **Remove a member:** ```bash ETCDCTL_API=3 etcdctl --endpoints=https://127.0.0.1:2379 \ --cacert=/etc/kubernetes/pki/etcd/ca.crt \ --cert=/etc/kubernetes/pki/etcd/server.crt \ --key=/etc/kubernetes/pki/etcd/server.key \ member remove <member-id> ``` ## Backup and Disaster Recovery **Create etcd snapshot:** ```bash ETCDCTL_API=3 etcdctl --endpoints=https://127.0.0.1:2379 \ --cacert=/etc/kubernetes/pki/etcd/ca.crt \ --cert=/etc/kubernetes/pki/etcd/server.crt \ --key=/etc/kubernetes/pki/etcd/server.key \ snapshot save /backup/etcd-snapshot-$(date +%Y%m%d-%H%M%S).db ``` **Verify snapshot:** ```bash ETCDCTL_API=3 etcdctl --write-out=table snapshot status /backup/etcd-snapshot-20250429-120000.db ``` **Restore from snapshot:** ```bash # Stop etcd service if running systemctl stop etcd # Restore from snapshot ETCDCTL_API=3 etcdctl snapshot restore /backup/etcd-snapshot-20250429-120000.db \ --data-dir=/var/lib/etcd-restore \ --name=etcd-0 \ --initial-cluster=etcd-0=https://10.0.0.1:2380,etcd-1=https://10.0.0.2:2380,etcd-2=https://10.0.0.3:2380 \ --initial-cluster-token=etcd-cluster \ --initial-advertise-peer-urls=https://10.0.0.1:2380 # Update etcd configuration to use new data directory and restart mv /var/lib/etcd-restore /var/lib/etcd systemctl start etcd ``` ## Monitoring and Alerting **Get detailed metrics from etcd:** ```bash curl -L https://localhost:2379/metrics --cacert /etc/kubernetes/pki/etcd/ca.crt --cert /etc/kubernetes/pki/etcd/server.crt --key /etc/kubernetes/pki/etcd/server.key ``` **Check alarm status:** ```bash ETCDCTL_API=3 etcdctl --endpoints=https://127.0.0.1:2379 \ --cacert=/etc/kubernetes/pki/etcd/ca.crt \ --cert=/etc/kubernetes/pki/etcd/server.crt \ --key=/etc/kubernetes/pki/etcd/server.key \ alarm list ``` ## Maintenance Operations **Defragment etcd database:** ```bash ETCDCTL_API=3 etcdctl --endpoints=https://127.0.0.1:2379 \ --cacert=/etc/kubernetes/pki/etcd/ca.crt \ --cert=/etc/kubernetes/pki/etcd/server.crt \ --key=/etc/kubernetes/pki/etcd/server.key \ defrag ``` **Compact revision history:** ```bash # First get current revision CURR_REV=$(ETCDCTL_API=3 etcdctl --endpoints=https://127.0.0.1:2379 \ --cacert=/etc/kubernetes/pki/etcd/ca.crt \ --cert=/etc/kubernetes/pki/etcd/server.crt \ --key=/etc/kubernetes/pki/etcd/server.key \ endpoint status --write-out="json" | egrep -o '"revision":[0-9]*' | egrep -o '[0-9].*') # Compact to free space (retain last 1000 revisions) ETCDCTL_API=3 etcdctl --endpoints=https://127.0.0.1:2379 \ --cacert=/etc/kubernetes/pki/etcd/ca.crt \ --cert=/etc/kubernetes/pki/etcd/server.crt \ --key=/etc/kubernetes/pki/etcd/server.key \ compact $((CURR_REV-1000)) ``` **Graceful stop/restart:** ```bash # For kubelet-managed etcd (static pod) mv /etc/kubernetes/manifests/etcd.yaml /tmp/ # Wait for pod to stop mv /tmp/etcd.yaml /etc/kubernetes/manifests/ # Kubelet will automatically restart the pod # For systemd-managed etcd systemctl stop etcd systemctl start etcd ```