kubernetes
etcd Backup Size Estimator
Estimate the size of etcd snapshots and monthly backup storage for your Kubernetes cluster. Plan S3 storage costs for etcd backup retention.
etcd Backup Strategy for Kubernetes
etcd is the only stateful component of a Kubernetes cluster. Losing etcd data = losing the cluster. All other K8s components are stateless and rebuild from etcd on restart.
What etcd Contains
- ›All Kubernetes objects: Deployments, Services, ConfigMaps, Secrets, PVCs, etc.
- ›Cluster state: node registrations, pod scheduling decisions
- ›RBAC: roles, bindings, service accounts
- ›Custom Resource Definitions and their instances
It does NOT contain: actual container images, PVC data (that's in Longhorn/NFS/etc), application state.
Snapshot Size Factors
etcd snapshot size = objects × avg size × 1.4 (B-tree overhead) + 20 MB (etcd metadata)
Secrets inflate snapshots significantly — base64-encoded TLS certs can be 10–50 KB each. If you have many TLS secrets (cert-manager, wildcard certs per namespace), your snapshot will be larger than expected.
Automated Backup Setup
# CronJob to back up etcd daily to S3
0 2 * * * /usr/local/bin/etcd-backup.shThe script should:
- 1.Take snapshot to local disk
- 2.Verify snapshot (etcdctl snapshot status)
- 3.Upload to S3 with date-stamped filename
- 4.Delete local file
- 5.Prune old S3 objects beyond retention window
Restore Process
- 1.Stop API server (remove /etc/kubernetes/manifests/kube-apiserver.yaml)
- 2.Restore snapshot:
etcdctl snapshot restore backup.db --data-dir /var/lib/etcd - 3.Restart etcd and API server
- 4.Verify:
kubectl get nodes
Key Terms
Full glossary →etcd
A distributed key-value store used by Kubernetes to store all cluster state and configuration. etcd is the single source of truth for the entire cluster.
kubeadm
A tool for bootstrapping Kubernetes clusters. It automates the setup of control plane components and joining worker nodes, following Kubernetes best practices.
Temporal
A durable workflow orchestration platform. Temporal persists workflow state in a database (PostgreSQL or Cassandra), enabling long-running, fault-tolerant business processes to survive process restarts.
Frequently Asked Questions
How do I take an etcd snapshot?
Run: `ETCDCTL_API=3 etcdctl snapshot save /backup/etcd-$(date +%Y%m%d).db --endpoints=https://127.0.0.1:2379 --cacert=/etc/kubernetes/pki/etcd/ca.crt --cert=/etc/kubernetes/pki/etcd/healthcheck-client.crt --key=/etc/kubernetes/pki/etcd/healthcheck-client.key`. Store the snapshot file in S3 for offsite backup.
What is the etcd default database size limit?
etcd has a default storage quota of 8 GB (--quota-backend-bytes). If your database exceeds this, etcd goes read-only and the cluster becomes unable to schedule new pods. Keep etcd snapshots below 6 GB and monitor with the `etcd_mvcc_db_total_size_in_bytes` metric.
How often should I back up etcd?
At minimum, once daily. For production clusters: every 4–6 hours. For clusters with active CI/CD pipelines deploying frequently: hourly. Store at least 7 days of backups. Always test restores — a backup you've never tested is not a backup.
Can I store etcd backups in Hetzner Object Storage?
Yes. Hetzner Object Storage is S3-compatible. Configure your backup script to upload to Hetzner's S3 endpoint. Pricing is €0.0119/GB/month — a 500 MB snapshot stored for 7 days costs less than €0.01/month.
Related Tools
K8s Cluster Cost
Calculate the monthly cost of running a Kubernetes cluster on Hetzner Cloud. Choose server types for control planes, workers, and load balancers with HA mode.
Longhorn Storage
Calculate the total storage required for Longhorn distributed block storage, including replica overhead, snapshot retention, and S3 backup sizing on Hetzner Object Storage.
Cert Expiry
Calculate when your Kubernetes certificates expire and whether you need to renew them. kubeadm certificates are valid for 1 year — missing renewal breaks the cluster.
Related Generators
Related Comparisons
Related Guides
kubernetes
CI/CD for Kubernetes with GitHub Actions: A Complete Guide (2026)
A practical walkthrough of building a full GitHub Actions pipeline that builds a container image, pushes it to a registry, and deploys to Kubernetes — with secrets handling, rollback, and Helm support.
kubernetes
ArgoCD vs Flux: Choosing a GitOps Tool for Kubernetes in 2026
A no-fluff comparison of ArgoCD and Flux for GitOps on Kubernetes — covering architecture, UI, Helm support, multi-tenancy, and when to pick each one.
kubernetes
Hetzner vs DigitalOcean for Kubernetes in 2026: An Honest Comparison
Hetzner is 3–5× cheaper than DigitalOcean for equivalent Kubernetes compute. But DO has managed K8s, better global coverage, and a larger app marketplace. Here's when each is the right choice.