LAB03c: Upgrade & Disaster Recovery

LAB700: Upgrade & Disaster Recovery

Install etcdtl

Install latest etcdctl (official upstream)

  1. Download the latest etcd release

ETCD_VER=v3.5.15
wget https://github.com/etcd-io/etcd/releases/download/${ETCD_VER}/etcd-${ETCD_VER}-linux-amd64.tar.gz
  1. Extract

tar xvf etcd-${ETCD_VER}-linux-amd64.tar.gz
  1. Move binaries to /usr/local/bin

sudo mv etcd-${ETCD_VER}-linux-amd64/etcdctl /usr/local/bin/
sudo mv etcd-${ETCD_VER}-linux-amd64/etcdutl /usr/local/bin/
sudo chmod +x /usr/local/bin/etcdctl /usr/local/bin/etcdutl
  1. Verify

etcdctl version

Connect to etcd inside Kubernetes (kubeadm)

Your etcd is secured and listens on:

https://127.0.0.1:2379

Use kubeadm’s built-in certs:

Check cluster health:

Snapshot etcd:

K3s cluster

Default k3s cluster database can be Sqlite

  1. Check What Type of DB It Is

Run:

You should see something like:

  1. Install SQLite Client (If Not Installed)

  1. Open the Database in Read-Only Mode (SAFE)

You’ll enter the SQLite shell:

Exit anytime with:


  1. List All Tables

Inside sqlite:

You’ll see tables like:

  • kine

  • cluster

  • endpoints

  • registry

  • leases

K3s stores Kubernetes data via Kine (SQL-backed etcd replacement).


  1. View Table Schema

Example:


  1. Query Data (Read-Only)

Example: View latest records

Search for nodes:

Search for secrets (metadata only, still encrypted):

Never open without -readonly in production:

Never edit this DB while K3s is running.


  1. Safe Backup Before Any Inspection

Always back up first:

If the database is Etcd

Connect to etcd in K3s K3s stores certs in:

Command:

Using UI Explorer

  1. Setup etcd gatekeeper

  1. Next Steps: Extract & run etcdkeeper

  1. Start EtcdKeeper WITH connection parameters

Reference

Last updated