Certified Kubernetes Administrator (CKA) — Tips and Tricks — Part 3

Arun Ramakani
Dec 6, 2019 · 4 min read

Today let’s look into ETCD backup. If you get this question it’s a jackpot. You can score the full mark in less than a minute, if you know how to do it. This will save some time for other questions. ETCD back up is a one-line command, but you need to collect a few pieces of information needed to execute the command.

Tip 1: Parts of the ETCD Backup Command

To back up the cluster, we should use the below command

ETCDCTL_API=3 etcdctl — endpoints=[ENDPOINT] — cacert=[CA CERT] — cert=[ETCD SERVER CERT] — key=[ETCD SERVER KEY] snapshot save [BACKUP FILE NAME]

Executing the command will immediately give feedback if the backup is taken correctly. In case if you have not got the command correctly, you will have immediate feedback of failure.

The above instruction has 6 important parts to it

  1. Command to take a backup — See Tip 2 on how to escape memorizing
  2. ENDPOINT — See Tip 3 on how to get this value
  3. CA CERT — See Tip 3 on how to get this value
  4. ETCD SERVER CERT — See Tip 3 on how to get this value
  5. ETCD SERVER KEY — See Tip 3 on how to get this value
  6. BACKUP FILE NAME — This will be given as a part of question itself

Any missing options will throw an error

Tips 2: No Need to Memorize the Command

You don’t need to memorize the command for backing up ETCD. You will be allowed to refer to the Kubernetes documentation page during the exam. From the Kubernetes documentation page ( doc page ) search for “etcd backup”, then from the results click the first link “Operating etcd clusters …”.

Look for the word “backup” in the resulting page, you will be able to locate the command for the backup.

ETCDCTL_API=3 etcdctl — endpoints $ENDPOINT snapshot save snapshotdb

Now wait, this is not the full command that we saw in the beginning. There are some missing parts. Should I memorize the rest? No, run “ETCDCTL_API=3 etcdctl help” you will see all the options, you can recognize the missed options here.

Tips 3: Finding the Values

  1. Exam cluster setup is done with kubeadm, this means ETCD used by the kubernetes cluster is coming from static pod. Confirm this by looking into pods in kube-system namespace.

kubectl get pod -n kube-system

2. Once you recognize the pod in kube-system namespace, just describe the pod to see command line options from container section.

kubectl describe pod etcd-master -n kube-system

You can locate the information on

  1. endpoint: — advertise-client-urls=
  2. ca certificate: — trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt
  3. server certificate : — cert-file=/etc/kubernetes/pki/etcd/server.crt
  4. key: — key-file=/etc/kubernetes/pki/etcd/server.key

Tips 4: Difference in Option Names [IMP]

Please note that the command option name, you get from pod describes and actual “ETCDCTL_API=3 etcdctl” are different.

You are all done. The ETCD back will be in the specified location.

Also, visit other tips and tricks for Certified Kubernetes Administrator (CKA)

We will look into other tips and tricks in an upcoming article. Let you pass with flying colors :)

Arun Ramakani

Written by

#ContinuousDevOps #Kubernetes #Microservices #CloudNativeApps #DevOps #Agile #CodingArchitect

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade