LAB03c: Upgrade & Disaster Recovery

LAB700: Upgrade & Disaster Recovery

Install etcdtl

Install latest etcdctl (official upstream)

1. Download the latest etcd release

ETCD_VER=v3.5.15
wget https://github.com/etcd-io/etcd/releases/download/${ETCD_VER}/etcd-${ETCD_VER}-linux-amd64.tar.gz

1. Extract

tar xvf etcd-${ETCD_VER}-linux-amd64.tar.gz

1. Move binaries to /usr/local/bin

sudo mv etcd-${ETCD_VER}-linux-amd64/etcdctl /usr/local/bin/
sudo mv etcd-${ETCD_VER}-linux-amd64/etcdutl /usr/local/bin/
sudo chmod +x /usr/local/bin/etcdctl /usr/local/bin/etcdutl

1. Verify

etcdctl version

Connect to etcd inside Kubernetes (kubeadm)

Your etcd is secured and listens on:

https://127.0.0.1:2379

Use kubeadm’s built-in certs:

Check cluster health:

Snapshot etcd:

K3s cluster

Default k3s cluster database can be Sqlite

1. Check What Type of DB It Is

Run:

You should see something like:

1. Install SQLite Client (If Not Installed)

1. Open the Database in Read-Only Mode (SAFE)

You’ll enter the SQLite shell:

Exit anytime with:

1. List All Tables

Inside sqlite:

You’ll see tables like:

• kine

• cluster

• endpoints

• registry

• leases

K3s stores Kubernetes data via Kine (SQL-backed etcd replacement).

1. View Table Schema

Example:

1. Query Data (Read-Only)

Example: View latest records

Search for nodes:

Search for secrets (metadata only, still encrypted):

Never open without -readonly in production:

Never edit this DB while K3s is running.

1. Safe Backup Before Any Inspection

Always back up first:

If the database is Etcd

Connect to etcd in K3s K3s stores certs in:

Command:

Using UI Explorer

1. Setup etcd gatekeeper

1. Next Steps: Extract & run etcdkeeper

1. Start EtcdKeeper WITH connection parameters

Reference

1. Etcd Backup & Restore Lab