Challenge, Medium,  on  Kubernetes

Take and Restore an etcd Snapshot on a Kubernetes Cluster

Omkar Shelke
by  Omkar Shelke

Scenario

You are a Kubernetes administrator responsible for the cluster's operational health.

As part of routine maintenance and practice, you need to create an etcd snapshot backup and restore it to verify that the backup is usable.

Task

Two tasks need to be completed:

Task 1
Task 2

Take a snapshot backup of the running etcd instance and save it to:

/home/laborant/etcd-backup/etcd-snapshot.db
Hint 1 — Taking an etcd Snapshot

Use etcdctl snapshot save (not etcdutl) and point to the output file path. This requires a live connection to a running etcd instance — the snapshot is streamed over the network via the etcd API.

You will need the etcd TLS certificates, which are located under /etc/kubernetes/pki/etcd/.

You can find the exact flags used by the running etcd pod by inspecting its manifest at /etc/kubernetes/manifests/etcd.yaml.

Run etcdctl snapshot save --help to see all available flags — you will need to specify --endpoints to point to the etcd server address, along with TLS flags like --cacert, --cert, and --key for secure authentication.

Documentation

Restore the snapshot you just created into the directory:

/home/laborant/etcd-restore

In etcd v3.6+, etcdctl snapshot restore no longer exists — the restore subcommand was moved to etcdutl. Use etcdutl snapshot restore instead.

Hint 2 — Restoring an etcd Snapshot

Use etcdutl snapshot restore (not etcdctl) and point --data-dir to the target path. This is a file-only operation — safe to run against a live cluster.

Run etcdutl snapshot restore --help to see all available flags — the --data-dir flag specifies where to restore the snapshot.

Documentation

💡 Test Cases

How to Author Challenges on iximiuz Labs

Instead of providing a subpar online editing experience, iximiuz Labs offers a helper CLI tool called labctl, allowing you to use your favorite text editor (or a full-featured IDE) to write content from the comfort of your local machine.

Install labctl CLI

curl -sf https://labs.iximiuz.com/cli/install.sh | sh

This will download and install the latest version of the labctl CLI. You only need to do this once per workstation.

Authorize labctl

labctl auth login

This will open a browser window asking you to authorize labctl to access your account. You need to do it after a fresh install of labctl and repeat it whenever the auth session expires.

Pull challenge content

labctl content pull challenge take-and-restore-etcd-snapshot-on-a-kubernetes-cluster-7ae31fbc

This will create a local copy of the challenge content in a directory named take-and-restore-etcd-snapshot-on-a-kubernetes-cluster-7ae31fbc. You only need to do this once per challenge.

Stream your changes

labctl content push -fw challenge take-and-restore-etcd-snapshot-on-a-kubernetes-cluster-7ae31fbc

Run this command in a separate terminal to continuously upload your changes to the server while editing the challenge in your favorite text editor or IDE.

You can also use labctl to create, list, and delete your content. Learn more about the available commands: labctl content --help

Start challenge