Basic backup and restoration of k0s were delivered back in April 2021. There has been continued development and now k0s delivers cluster-level backup and restoration. Furthermore, it was enhanced to accommodate SQLite for single-node clusters and etcd for multi-node clusters. The k0s backups have the following components:

• etcd snapshot, if the etcd datastore is used
• Kine/SQLite snapshot, if the Kine/SQLite datastore is used
• any custom defined manifests under the /manifests
• k0s.yaml
• image bundles located under the /images
• helm configurations
• certificates (the content of the /pki directory)

However, the following are not captured in the backup.

• Datastore, in case something else than etcd or Kine/SQLite is used
• Persistent volumes of running applications
• Manual configuration to the cluster tha are not under the /manifests directory

This guide takes a deep dive into demonstrating how to backup and restore the k0s Kubernetes Cluster. Remember that any backups and restores are performed on the controller node

Step 1 – Set up a k0s Kubernetes Cluster

For this guide, I assume you already have a k0s Kubernetes cluster up and running. If not, use the below guides to set up a k0s Kubernetes cluster on your system.

• On Ubuntu
  • Deploy k0s Kubernetes Cluster on Ubuntu
• On Debian
  • Deploy Kubernetes Cluster on Debian using k0s
• On Rocky Linux 9/Alma Linux 9
  • Deploy Kubernetes Cluster on Rocky Linux 9 using k0s

With the cluster set up, proceed as below.

Step 2 – Local Backup/Restore on a k0s node

You can backup and restore a k0s node locally as below:

1. Local Backup of k0s

The following syntax is used to make a local backup of your k0s cluster.

k0s backup --save-path=<directory>

In the command, the directory used as the save-path must be writable, the default directory is the current working directory.

To avoid overwriting previous backups, the backup is made using the naming convention, k0s_backup_<ISODatetimeString>.tar.gz

For example, to make a backup on our k0s cluster, I will issue the command:

k0s backup --save-path=/root

Sample Output:

WARN[2024-10-21 03:47:48] no config file given, using defaults         
WARN[2024-10-21 03:47:49] default k0s.yaml is used, do not back it up 
$ ls
k0s_backup_2022-01-21T03_47_49_000Z.tar.gz

2. Local restore

With the local backup made, you can restore it using the below syntax.

k0s restore /tmp/k0s_backup_2021-04-26T19_51_57_000Z.tar.gz

The above command uses the k0s.yaml file as the cluster config file when restoring. The command may fail if the controller node has any overlapping data with the backup archive format.

Error: failed to restore on step `etcd`: data-dir "/var/lib/k0s/etcd" not empty or could not be read

If you are using a HA cluster, after the restore is done on a single control node, you will be required to join the rest of the nodes to the controller. This can be achieved using the below steps:

• Restore the backup on a fresh installation with the controller running.
• Join the new machines to the cluster

Alternatively, move the file /var/lib/k0s/etcd to another location and proceed to restore a previously taken backup, stop k0s

k0s stop

Then issue the command:

k0s restore /root/k0s_backup_2022-01-21T03_47_49_000Z.tar.gz

Start K0s

k0s start

Step 3 – Encrypting Backups (local)

When taking backups, It is possible to pipe your backup through encryption using utilities such as OpenSSL or GnuPG. For example to encrypt a backup using GnuPG proceed as below.

First, ensure that GnuPG is installed on your system before generating a key pair as below.

$ gpg --gen-key
gpg: directory '/root/.gnupg' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
Note: Use "gpg --full-generate-key" for a full featured key generation dialog.

GnuPG needs to construct a user ID to identify your key.

Real name: admin
Email address: [email protected]

            ┌──────────────────────────────────────────────────────┐
            │ Please enter the passphrase to                       │
            │ protect your new key                                 │
            │                                                      │
            │ Passphrase: ********________________________________ │
            │                                                      │
            │       <OK>                              <Cancel>     │
            └──────────────────────────────────────────────────────┘

View the generated key pair.

$ gpg --list-keys
------------------------
pub   rsa2048 2024-10-21 [SC] [expires: 2026-10-21]
      D46694B1D9C7D6B145F94C61D08C6CEDC69FE846
uid           [ultimate] admin <[email protected]>
sub   rsa2048 2024-10-21 [E] [expires: 2026-10-21]

Export the key(D46694…..) to another host.

gpg --export-secret-keys --armor D46694B1D9C7D6B145F94C61D08C6CEDC69FE846 > k0s.key

You can now create an encrypted backup using the command:

k0s backup --save-path /root | gpg --encrypt --recipient [email protected] > backup.tar.gz.gpg

Sample output:

$ ls
k0s_backup_2024-10-21T03_47_49_000Z.tar.gz  k0s.key
backup.tar.gz.gpg  k0s_backup_2024-10-21T04_02_05_000Z.tar.gz

Restore the encrypted backup as below.

First import the key.

gpg --import k0s.key

Now restore the encrypted backup.

k0s stop
gpg --decrypt backup.tar.gz.gpg | k0s restore /root

Provide the set password.

Start k0s.

k0s start

Step 4 – Remote Backup/Restore on a k0s Cluster with k0sctl.

There is a simple method you can use the perform a backup and restore remotely.

Ensure that k0sctl is installed and a cluster set up using the aid from this guide:

• Deploy K0s Kubernetes Cluster on Linux using K0sctl

To make a remote backup, run the command:

k0sctl backup

The command connects all the cluster nodes and creates a backup file stored in the current working directory.

The backup can be restored using the command:

k0sctl apply --restore-from /path/to/backup_file.tar.gz

Replace /path/to/backup_file.tar.gz with the backup file path.

• Explore More with CloudSpinx Global Kubernetes consultancy services.
• Learn more about how we can support your journey with CloudSpinx.