kubernetes
etcd Backup Size Estimator
Estimate the size of etcd snapshots and monthly backup storage for your Kubernetes cluster. Plan S3 storage costs for etcd backup retention.
etcd Backup Strategy for Kubernetes
etcd is the only stateful component of a Kubernetes cluster. Losing etcd data = losing the cluster. All other K8s components are stateless and rebuild from etcd on restart.
What etcd Contains
- ›All Kubernetes objects: Deployments, Services, ConfigMaps, Secrets, PVCs, etc.
- ›Cluster state: node registrations, pod scheduling decisions
- ›RBAC: roles, bindings, service accounts
- ›Custom Resource Definitions and their instances
It does NOT contain: actual container images, PVC data (that's in Longhorn/NFS/etc), application state.
Snapshot Size Factors
etcd snapshot size = objects × avg size × 1.4 (B-tree overhead) + 20 MB (etcd metadata)
Secrets inflate snapshots significantly — base64-encoded TLS certs can be 10–50 KB each. If you have many TLS secrets (cert-manager, wildcard certs per namespace), your snapshot will be larger than expected.
Automated Backup Setup
# CronJob to back up etcd daily to S3
0 2 * * * /usr/local/bin/etcd-backup.shThe script should:
- 1.Take snapshot to local disk
- 2.Verify snapshot (etcdctl snapshot status)
- 3.Upload to S3 with date-stamped filename
- 4.Delete local file
- 5.Prune old S3 objects beyond retention window
Restore Process
- 1.Stop API server (remove /etc/kubernetes/manifests/kube-apiserver.yaml)
- 2.Restore snapshot:
etcdctl snapshot restore backup.db --data-dir /var/lib/etcd - 3.Restart etcd and API server
- 4.Verify:
kubectl get nodes
Frequently Asked Questions
How do I take an etcd snapshot?
Run: `ETCDCTL_API=3 etcdctl snapshot save /backup/etcd-$(date +%Y%m%d).db --endpoints=https://127.0.0.1:2379 --cacert=/etc/kubernetes/pki/etcd/ca.crt --cert=/etc/kubernetes/pki/etcd/healthcheck-client.crt --key=/etc/kubernetes/pki/etcd/healthcheck-client.key`. Store the snapshot file in S3 for offsite backup.
What is the etcd default database size limit?
etcd has a default storage quota of 8 GB (--quota-backend-bytes). If your database exceeds this, etcd goes read-only and the cluster becomes unable to schedule new pods. Keep etcd snapshots below 6 GB and monitor with the `etcd_mvcc_db_total_size_in_bytes` metric.
How often should I back up etcd?
At minimum, once daily. For production clusters: every 4–6 hours. For clusters with active CI/CD pipelines deploying frequently: hourly. Store at least 7 days of backups. Always test restores — a backup you've never tested is not a backup.
Can I store etcd backups in Hetzner Object Storage?
Yes. Hetzner Object Storage is S3-compatible. Configure your backup script to upload to Hetzner's S3 endpoint. Pricing is €0.0119/GB/month — a 500 MB snapshot stored for 7 days costs less than €0.01/month.
Related Tools
Related Guides
kubernetes
Hetzner vs DigitalOcean for Kubernetes in 2025: An Honest Comparison
Hetzner is 3–5× cheaper than DigitalOcean for equivalent Kubernetes compute. But DO has managed K8s, better global coverage, and a larger app marketplace. Here's when each is the right choice.
kubernetes
Kubernetes Certificate Renewal: What Breaks and How to Fix It
kubeadm certificates expire after 1 year. Here's what actually breaks, how to check expiry, and the exact commands to renew before your cluster goes read-only.
kubernetes
Self-Hosted Kubernetes on Hetzner Cloud: Complete Setup Guide (2025)
A practical guide to running a production-grade HA Kubernetes cluster on Hetzner Cloud using kubeadm, HAProxy, Keepalived, and Longhorn — at a fraction of managed K8s cost.