patrickdk77 · October 31, 2025 05:35
diff --git a/k8s-etcd-backup.yaml b/k8s-etcd-backup.yaml
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
  name: etcd-backup
  namespace: kube-system
 spec:
  accessModes:
    - ReadWriteOnce
  volumeMode: Filesystem
  resources:
    requests:
      storage: 8Gi
 ---
 apiVersion: batch/v1
 kind: CronJob
 metadata:
  name: etcd-backup
  namespace: kube-system
 spec:
  schedule: "8 7 * * *"
  successfulJobsHistoryLimit: 3
  suspend: false
  concurrencyPolicy: Allow
  failedJobsHistoryLimit: 1
  jobTemplate:
    spec:
      template:
        spec:
          containers:
          - args:
            - -c
            - etcdctl --endpoints=https://127.0.0.1:2379 --cacert=/etc/kubernetes/pki/etcd/ca.crt
              --cert=/etc/kubernetes/pki/etcd/healthcheck-client.crt --key=/etc/kubernetes/pki/etcd/healthcheck-client.key
              snapshot save /backup/etcd-snapshot_$(printf '%(%FT%T%z)T')_${HOSTNAME}.db
            command:
            - /bin/sh
            env:
            - name: ETCDCTL_API
              value: "3"
            image: registry.k8s.io/etcd:3.6.4-0
            imagePullPolicy: IfNotPresent
            name: backup
            resources: {}
            terminationMessagePath: /dev/termination-log
            terminationMessagePolicy: File
            volumeMounts:
            - mountPath: /etc/kubernetes/pki/etcd
              name: etcd-certs
              readOnly: true
            - mountPath: /backup
              name: backup
          - args:
            - -c
            - ls -1 /backup/*.db | tail -n +30 | xargs rm
            command:
            - /bin/sh
            image: busybox:1.37.0
            imagePullPolicy: IfNotPresent
            name: backup-purge
            volumeMounts:
            - mountPath: /backup
              name: backup
          dnsPolicy: ClusterFirst
          hostNetwork: true
          nodeSelector:
            node-role.kubernetes.io/control-plane: ""
          restartPolicy: OnFailure
          schedulerName: default-scheduler
          securityContext: {}
          terminationGracePeriodSeconds: 30
          tolerations:
          - effect: NoSchedule
            operator: Exists
          volumes:
          - hostPath:
              path: /etc/kubernetes/pki/etcd
              type: DirectoryOrCreate
            name: etcd-certs
          - name: backup
            persistentVolumeClaim:
              claimName: etcd-backup
	---
	apiVersion: v1
	kind: PersistentVolumeClaim
	metadata:
	name: etcd-backup
	namespace: kube-system
	spec:
	accessModes:
	- ReadWriteOnce
	volumeMode: Filesystem
	resources:
	requests:
	storage: 8Gi
	---
	apiVersion: batch/v1
	kind: CronJob
	metadata:
	name: etcd-backup
	namespace: kube-system
	spec:
	schedule: "8 7 * * *"
	successfulJobsHistoryLimit: 3
	suspend: false
	concurrencyPolicy: Allow
	failedJobsHistoryLimit: 1
	jobTemplate:
	spec:
	template:
	spec:
	containers:
	- args:
	- -c
	- etcdctl --endpoints=https://127.0.0.1:2379 --cacert=/etc/kubernetes/pki/etcd/ca.crt
	--cert=/etc/kubernetes/pki/etcd/healthcheck-client.crt --key=/etc/kubernetes/pki/etcd/healthcheck-client.key
	snapshot save /backup/etcd-snapshot_$(printf '%(%FT%T%z)T')_${HOSTNAME}.db
	command:
	- /bin/sh
	env:
	- name: ETCDCTL_API
	value: "3"
	image: registry.k8s.io/etcd:3.6.4-0
	imagePullPolicy: IfNotPresent
	name: backup
	resources: {}
	terminationMessagePath: /dev/termination-log
	terminationMessagePolicy: File
	volumeMounts:
	- mountPath: /etc/kubernetes/pki/etcd
	name: etcd-certs
	readOnly: true
	- mountPath: /backup
	name: backup
	- args:
	- -c
	- ls -1 /backup/*.db \| tail -n +30 \| xargs rm
	command:
	- /bin/sh
	image: busybox:1.37.0
	imagePullPolicy: IfNotPresent
	name: backup-purge
	volumeMounts:
	- mountPath: /backup
	name: backup
	dnsPolicy: ClusterFirst
	hostNetwork: true
	nodeSelector:
	node-role.kubernetes.io/control-plane: ""
	restartPolicy: OnFailure
	schedulerName: default-scheduler
	securityContext: {}
	terminationGracePeriodSeconds: 30
	tolerations:
	- effect: NoSchedule
	operator: Exists
	volumes:
	- hostPath:
	path: /etc/kubernetes/pki/etcd
	type: DirectoryOrCreate
	name: etcd-certs
	- name: backup
	persistentVolumeClaim:
	claimName: etcd-backup
No results found