Skip to content

Instantly share code, notes, and snippets.

@superseb
Last active September 9, 2024 14:53
Show Gist options
  • Save superseb/e9f2628d1033cb20e54f6ee268683a7a to your computer and use it in GitHub Desktop.
Save superseb/e9f2628d1033cb20e54f6ee268683a7a to your computer and use it in GitHub Desktop.
Recover cluster.rkestate file from controlplane node

Recover cluster.rkestate file from controlplane node

RKE

Run on controlplane node, uses any found hyperkube image

k8s 1.19 and higher

docker run --rm --net=host -v $(docker inspect kubelet --format '{{ range .Mounts }}{{ if eq .Destination "/etc/kubernetes" }}{{ .Source }}{{ end }}{{ end }}')/ssl:/etc/kubernetes/ssl:ro --entrypoint bash $(docker inspect $(docker images -q --filter=label=org.opencontainers.image.source=https://github.com/rancher/hyperkube.git) --format='{{index .RepoTags 0}}' | tail -1) -c 'kubectl --kubeconfig /etc/kubernetes/ssl/kubecfg-kube-node.yaml -n kube-system get configmap full-cluster-state -o json | jq -r .data.\"full-cluster-state\" | jq -r .' > cluster.rkestate

k8s 1.18 and lower

docker run --rm --net=host -v $(docker inspect kubelet --format '{{ range .Mounts }}{{ if eq .Destination "/etc/kubernetes" }}{{ .Source }}{{ end }}{{ end }}')/ssl:/etc/kubernetes/ssl:ro --entrypoint bash $(docker inspect $(docker images -q --filter=label=org.label-schema.vcs-url=https://github.com/rancher/hyperkube.git) --format='{{index .RepoTags 0}}' | tail -1) -c 'kubectl --kubeconfig /etc/kubernetes/ssl/kubecfg-kube-node.yaml -n kube-system get configmap full-cluster-state -o json | jq -r .data.\"full-cluster-state\" | jq -r .' > cluster.rkestate

Rancher v2.2.x

Run on controlplane node, uses rancher/rancher-agent image

docker run --rm --net=host -v $(docker inspect kubelet --format '{{ range .Mounts }}{{ if eq .Destination "/etc/kubernetes" }}{{ .Source }}{{ end }}{{ end }}')/ssl:/etc/kubernetes/ssl:ro --entrypoint bash $(docker inspect $(docker images -q --filter=label=io.cattle.agent=true) --format='{{index .RepoTags 0}}' | tail -1) -c 'kubectl --kubeconfig /etc/kubernetes/ssl/kubecfg-kube-node.yaml get configmap -n kube-system full-cluster-state -o json | jq -r .data.\"full-cluster-state\" | jq -r .' > cluster.rkestate
@mitchtys
Copy link

mitchtys commented Nov 1, 2021

Does that work for non rancher-managed clusters? Like say a local cluster provisioned with RKE?

Thats what I tested it with yep, whatever runs rke up should have it, not tried a downstream cluster at all.

@ferdinandosimonetti
Copy link

ferdinandosimonetti commented Mar 23, 2022

Hello, more-than-late on this thread, I'd like to contribute "my 2 cents" (I'm, in fact, using it on a downstream cluster).

# use the desired context (kubie is a great tool!)
kubie ctx mycontext
# get kubeconfig file (this one has only *one* context inside)
kubectl config view --flatten > kube_config_cluster.yml
# get cluster.yml (this one references *master nodes only*)
kubectl get configmap -n kube-system full-cluster-state -o "jsonpath={.data.full-cluster-state}" | python3 -c 'import json, yaml, sys; yaml.safe_dump(json.load(sys.stdin).get("currentState", []).get("rkeConfig",[]), sys.stdout)' > cluster.yml
# get rkestate
rke util get-state-file
# backup etcd
rke etcd snapshot-save --name 20220323-mycluster

I'm using kubectl config view --flatten initially to obtain the kubeconfig file "thru Rancher server", while using rke util get-kubeconfig afterwards will obtain one that bypasses Rancher (direct cluster access).

@irishgordo
Copy link

this was excellent, thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment