作者: lqbyz 原文来源:https://tidb.net/blog/958d6099
Kubernetes 上 TiDB 集群的数据备份到持久卷上。本文描述的持久卷,指任何 Kubernetes 支持的持久卷类型。本文以备份数据到网络文件系统 (NFS) 存储为例。
使用场景
如果你对数据备份有以下要求,可考虑使用 BR 将 TiDB 集群数据以 Ad-hoc 备份(只执行一次) 或定时快照备份(执行多次) 的方式备份至持久卷:
需要备份的数据量较大,而且要求备份速度较快
需要直接备份数据的 SST 文件(键值对)
注意
一、Ad-hoc 备份
Ad-hoc 备份支持快照备份与增量备份。Ad-hoc 备份通过创建一个自定义的 Backup custom resource (CR) 对象来描述一次备份。TiDB Operator 根据这个 Backup 对象来完成具体的备份过程。如果备份过程中出现错误,程序不会自动重试,此时需要手动处理。
本文档对 K8S 集群中命名空间为 tidb 下的 lqb 数据库集群进行备份,具体操作如下:
准备 Ad-hoc 备份环境
---kind: RoleapiVersion: rbac.authorization.k8s.io/v1metadata: name: tidb-backup-manager labels: app.kubernetes.io/component: tidb-backup-managerrules:- apiGroups: [""] resources: ["events"] verbs: ["*"]- apiGroups: ["pingcap.com"] resources: ["backups", "restores"] verbs: ["get", "watch", "list", "update"]
---kind: ServiceAccountapiVersion: v1metadata: name: tidb-backup-manager
---kind: RoleBindingapiVersion: rbac.authorization.k8s.io/v1metadata: name: tidb-backup-manager labels: app.kubernetes.io/component: tidb-backup-managersubjects:- kind: ServiceAccount name: tidb-backup-managerroleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: tidb-backup-manager
复制代码
创建备份需要的 RBAC 相关资源在 tidb 命名空间下
[root@k8s-master backup]# kubectl apply -f backup-rbac.yaml -ntidbrole.rbac.authorization.k8s.io/tidb-backup-manager createdserviceaccount/tidb-backup-manager createdrolebinding.rbac.authorization.k8s.io/tidb-backup-manager created
复制代码
确保可以从 K8S 集群中访问用于存储备份数据的 NFS 服务器,并且配置了 TiKV 挂载跟备份任务相同的 NFS 共享目录到相同的本地目录。tikv 挂载 NFS 的具体配置如下:
spec: tikv: baseImage: pingcap/tikv replicas: 4 maxFailoverCount: 6
#下边是配置tikv挂载nfs additionalVolumes: - name: nfs nfs: server: 172.16.5.194 path: /home/k8s-nfs additionalVolumeMounts: - name: nfs mountPath: /nfs
requests: cpu: "100m" storage: 12Gi memory: "400Mi" limits: cpu: "2000m" memory: "4Gi" mountClusterClientSecret: false storageClassName: "local-hostpath"
复制代码
如果 TiDB 版本低于 V4.0.8 则执行如下操作,若高于该版本可以省略。
创建secret用于存放Tidb集群的用户名和密码,由于使用v6.5省略该步骤kubectl create secret generic backup-demo1-tidb-secret --from-literal=password=${password} --namespace=tidb
复制代码
备份数据到 NFS 持久卷
创建备份的自定义资源 CR,将数据备份到 NFS
##以下以备份yz数据库为例[root@k8s-master backup]# cat backup-nfs.yaml---apiVersion: pingcap.com/v1alpha1kind: Backupmetadata: name: demo1-backup-nfs namespace: tidbspec:# backupType: full# from:# host:# port:# user:# secretName: backup-yz
tableFilter: - "yz.*"
br: cluster: yz clusterNamespace: tidb
local: prefix: backup-nfs volume: name: nfs nfs: server: 172.16.5.194 path: /home/k8s-nfs volumeMount: name: nfs mountPath: /nfs
复制代码
创建应用配置
[root@k8s-master backup]# kubectl apply -f backup-nfs.yamlbackup.pingcap.com/demo1-backup-nfs created
复制代码
查看备份状态和备份文件
[root@k8s-master backup]# kubectl get bk -n tidb -owide -wNAME TYPE MODE STATUS BACKUPPATH BACKUPSIZE COMMITTS LOGTRUNCATEUNTIL STARTED COMPLETED AGEdemo1-backup-nfs snapshot Running local:///nfs/backup-nfs 57sdemo1-backup-nfs snapshot Complete local:///nfs/backup-nfs 2.8 GB 439178019024666631 68s 0s 72s^C[root@k8s-master backup]ls /home/k8s-nfs/backup-nfs/de1 20001 39461 4 backup.lock backupmeta checkpoint.meta checkpoints
复制代码
备份实例如下:
备份全部集群数据
---apiVersion: pingcap.com/v1alpha1kind: Backupmetadata: name: demo1-backup-nfs namespace: test1spec: # # backupType: full # # Only needed for TiDB Operator < v1.1.10 or TiDB < v4.0.8 # from: # host: ${tidb-host} # port: ${tidb-port} # user: ${tidb-user} # secretName: backup-demo1-tidb-secret br: cluster: demo1 clusterNamespace: test1 local: prefix: backup-nfs volume: name: nfs nfs: server: ${nfs_server_ip} path: /home/k8s-nfs volumeMount: name: nfs mountPath: /nfs
复制代码
备份单个数据库的数据
---apiVersion: pingcap.com/v1alpha1kind: Backupmetadata: name: demo1-backup-nfs namespace: test1spec: # # backupType: full # # Only needed for TiDB Operator < v1.1.10 or TiDB < v4.0.8 # from: # host: ${tidb-host} # port: ${tidb-port} # user: ${tidb-user} # secretName: backup-demo1-tidb-secret tableFilter: - "db1.*" br: cluster: demo1 clusterNamespace: test1 local: prefix: backup-nfs volume: name: nfs nfs: server: ${nfs_server_ip} path: /home/k8s-nfs volumeMount: name: nfs mountPath: /nfs
复制代码
备份单张表的数据
---apiVersion: pingcap.com/v1alpha1kind: Backupmetadata: name: demo1-backup-nfs namespace: test1spec: # # backupType: full # # Only needed for TiDB Operator < v1.1.10 or TiDB < v4.0.8 # from: # host: ${tidb-host} # port: ${tidb-port} # user: ${tidb-user} # secretName: backup-demo1-tidb-secret tableFilter: - "db1.table1" br: cluster: demo1 clusterNamespace: test1 local: prefix: backup-nfs volume: name: nfs nfs: server: ${nfs_server_ip} path: /home/k8s-nfs volumeMount: name: nfs mountPath: /nfs
复制代码
使用表库过滤功能备份多张表的数据
---apiVersion: pingcap.com/v1alpha1kind: Backupmetadata: name: demo1-backup-nfs namespace: test1spec: # # backupType: full # # Only needed for TiDB Operator < v1.1.10 or TiDB < v4.0.8 # from: # host: ${tidb-host} # port: ${tidb-port} # user: ${tidb-user} # secretName: backup-demo1-tidb-secret tableFilter: - "db1.table1" - "db1.table2" br: cluster: demo1 clusterNamespace: test1 local: prefix: backup-nfs volume: name: nfs nfs: server: ${nfs_server_ip} path: /home/k8s-nfs volumeMount: name: nfs mountPath: /nfs
复制代码
二、定时快照备份
用户通过设置备份策略来对 TiDB 集群进行定时备份,同时设置备份的保留策略以避免产生过多的备份。定时快照备份通过自定义的 BackupSchedule CR 对象来描述。每到备份时间点会触发一次快照备份,定时快照备份底层通过 Ad-hoc 快照备份来实现。下面是创建定时快照备份的具体步骤:
准备定时快照备份环境(和 Ad-hoc 备份的第一步一样)略
备份数据到 NFS 持久卷中
创建备份自定义资源 BackupSchedule,将数据备份到 NFS 中
[root@k8s-master backup]# cat backup-schedule-nfs.yamlapiVersion: pingcap.com/v1alpha1kind: BackupSchedulemetadata: name: demo1-backup-schedule-nfs namespace: tidbspec:
maxReservedTime: "3h" schedule: "*/2 * * * *" backupTemplate:
br: cluster: yz clusterNamespace: tidb
local: prefix: backup-nfs volume: name: nfs nfs: server: 172.16.5.194 path: /home/k8s-nfs volumeMount: name: nfs mountPath: /nfs
复制代码
创建应用配置
[root@k8s-master backup]# kubectl apply -f backup-schedule-nfs.yamlbackupschedule.pingcap.com/demo1-backup-schedule-nfs created
复制代码
查看备份状态和备份文件
[root@k8s-master backup]# kubectl get bks -n tidb -owideNAME SCHEDULE MAXBACKUPS LASTBACKUP LASTBACKUPTIME AGEdemo1-backup-schedule-nfs */2 * * * * 9sNAME SCHEDULE MAXBACKUPS LASTBACKUP LASTBACKUPTIME AGEdemo1-backup-schedule-nfs */2 * * * * 46s
demo1-backup-schedule-nfs */2 * * * * demo1-backup-schedule-nfs-2023-02-02t10-16-00 6s 89sdemo1-backup-schedule-nfs */2 * * * * demo1-backup-schedule-nfs-2023-02-02t10-18-00 6s 3m29sdemo1-backup-schedule-nfs */2 * * * * demo1-backup-schedule-nfs-2023-02-02t10-20-00 6s 5m29sdemo1-backup-schedule-nfs */2 * * * * demo1-backup-schedule-nfs-2023-02-02t10-22-00 6s 7m29sdemo1-backup-schedule-nfs */2 * * * * demo1-backup-schedule-nfs-2023-02-02t10-24-00 6s 9m29s
[root@k8s-master ~]# ls /home/k8s-nfs/backup-nfs/yz-pd.tidb-2379-2023-02-02t10-16-00/1 20001 39461 4 backup.lock backupmeta checkpoint.meta checkpoints
复制代码
三、删除备份的 Backup CR
kubectl delete backup ${name} -n ${namespace}kubectl delete backupschedule ${name} -n ${namespace}
复制代码
评论