Kubernetes 上 TiDB 集群的数据备份到持久卷上。本文描述的持久卷,指任何 Kubernetes 支持的持久卷类型。本文以备份数据到网络文件系统 (NFS) 存储为例。
使用场景
如果你对数据备份有以下要求,可考虑使用 BR 将 TiDB 集群数据以 Ad-hoc 备份(只执行一次)或定时快照备份(执行多次)的方式备份至持久卷:
需要备份的数据量较大,而且要求备份速度较快
需要直接备份数据的 SST 文件(键值对)
注意
BR 只支持 TiDB v3.1 及以上版本。
使用 BR 备份出的数据只能恢复到 TiDB 数据库中,无法恢复到其他数据库中。
一、Ad-hoc 备份
Ad-hoc 备份支持快照备份与增量备份。Ad-hoc 备份通过创建一个自定义的 Backup custom resource (CR) 对象来描述一次备份。TiDB Operator 根据这个 Backup 对象来完成具体的备份过程。如果备份过程中出现错误,程序不会自动重试,此时需要手动处理。
本文档对K8S集群中命名空间为tidb下的lqb数据库集群进行备份,具体操作如下:
准备Ad-hoc备份环境
下载backup-rbac.yaml 到master服务器。---
kind: Role
apiVersion: rbac
.authorization.k8s
.io
/v1
metadata:
name: tidb
-backup-manager
labels:
app
.kubernetes
.io
/component: tidb
-backup-manager
rules:
- apiGroups:
[""]
resources:
["events"]
verbs:
["*"]
- apiGroups:
["pingcap.com"]
resources:
["backups", "restores"]
verbs:
["get", "watch", "list", "update"]
---
kind: ServiceAccount
apiVersion: v1
metadata:
name: tidb
-backup-manager
---
kind: RoleBinding
apiVersion: rbac
.authorization.k8s
.io
/v1
metadata:
name: tidb
-backup-manager
labels:
app
.kubernetes
.io
/component: tidb
-backup-manager
subjects:
- kind: ServiceAccount
name: tidb
-backup-manager
roleRef:
apiGroup: rbac
.authorization.k8s
.io
kind: Role
name: tidb
-backup-manager
创建备份需要的RBAC相关资源在tidb命名空间下[root
@k8s-master
backup]# kubectl apply -f backup-rbac.yaml -ntidb
role
.rbac
.authorization.k8s
.io
/tidb
-backup-manager created
serviceaccount
/tidb
-backup-manager created
rolebinding
.rbac
.authorization.k8s
.io
/tidb
-backup-manager created
确保可以从K8S集群中访问用于存储备份数据的NFS服务器,并且配置了TiKV挂载跟备份任务相同的NFS共享目录到相同的本地目录。tikv挂载NFS的具体配置如下:spec:
tikv:
baseImage: pingcap
/tikv
replicas:
4
maxFailoverCount:
6
#下边是配置tikv挂载nfs
additionalVolumes:
- name: nfs
nfs:
server:
172.16.5.194
path:
/home
/k8s
-nfs
additionalVolumeMounts:
- name: nfs
mountPath:
/nfs
requests:
cpu:
"100m"
storage:
12Gi
memory:
"400Mi"
limits:
cpu:
"2000m"
memory:
"4Gi"
mountClusterClientSecret:
false
storageClassName:
"local-hostpath"如果TiDB版本低于V4.0.8则执行如下操作,若高于该版本可以省略。创建secret用于存放Tidb集群的用户名和密码,由于使用v6
.5省略该步骤
kubectl
create secret generic
backup-demo1
-tidb
-secret
--from-literal=password=${password} --namespace=tidb
备份数据到NFS持久卷
创建备份的自定义资源CR,将数据备份到NFS##以下以备份yz数据库为例
[root
@k8s-master
backup]# cat backup-nfs.yaml
---
apiVersion: pingcap
.com
/v1alpha1
kind:
Backup
metadata:
name: demo1
-backup-nfs
namespace: tidb
spec:
# backupType: full
# from:
# host:
# port:
# user:
# secretName: backup-yz
tableFilter:
- "yz.*"
br:
cluster: yz
clusterNamespace: tidb
local:
prefix:
backup-nfs
volume:
name: nfs
nfs:
server:
172.16.5.194
path:
/home
/k8s
-nfs
volumeMount:
name: nfs
mountPath:
/nfs
创建应用配置[root
@k8s-master
backup]# kubectl apply -f backup-nfs.yaml
backup.pingcap
.com
/demo1
-backup-nfs created
查看备份状态和备份文件[root
@k8s-master
backup]# kubectl get bk -n tidb -owide -w
NAME
TYPE MODE STATUS BACKUPPATH BACKUPSIZE COMMITTS LOGTRUNCATEUNTIL STARTED COMPLETED AGE
demo1
-backup-nfs
snapshot Running
local:
///nfs/backup-nfs 57s
demo1
-backup-nfs
snapshot Complete
local:
///nfs/backup-nfs 2.8 GB 439178019024666631 68s 0s 72s
^C
[root
@k8s-master
backup]ls
/home
/k8s
-nfs
/backup-nfs
/de
1 20001 39461 4 backup.lock backupmeta
checkpoint.meta checkpoints
备份实例如下:备份全部集群数据---
apiVersion: pingcap
.com
/v1alpha1
kind:
Backup
metadata:
name: demo1
-backup-nfs
namespace: test1
spec:
# # backupType: full
# # Only needed for TiDB Operator < v1.1.10 or TiDB < v4.0.8
# from:
# host: ${tidb-host}
# port: ${tidb-port}
# user: ${tidb-user}
# secretName: backup-demo1-tidb-secret
br:
cluster: demo1
clusterNamespace: test1
local:
prefix:
backup-nfs
volume:
name: nfs
nfs:
server: ${nfs_server_ip}
path:
/home
/k8s
-nfs
volumeMount:
name: nfs
mountPath:
/nfs
备份单个数据库的数据---
apiVersion: pingcap
.com
/v1alpha1
kind:
Backup
metadata:
name: demo1
-backup-nfs
namespace: test1
spec:
# # backupType: full
# # Only needed for TiDB Operator < v1.1.10 or TiDB < v4.0.8
# from:
# host: ${tidb-host}
# port: ${tidb-port}
# user: ${tidb-user}
# secretName: backup-demo1-tidb-secret
tableFilter:
- "db1.*"
br:
cluster: demo1
clusterNamespace: test1
local:
prefix:
backup-nfs
volume:
name: nfs
nfs:
server: ${nfs_server_ip}
path:
/home
/k8s
-nfs
volumeMount:
name: nfs
mountPath:
/nfs
备份单张表的数据---
apiVersion: pingcap
.com
/v1alpha1
kind:
Backup
metadata:
name: demo1
-backup-nfs
namespace: test1
spec:
# # backupType: full
# # Only needed for TiDB Operator < v1.1.10 or TiDB < v4.0.8
# from:
# host: ${tidb-host}
# port: ${tidb-port}
# user: ${tidb-user}
# secretName: backup-demo1-tidb-secret
tableFilter:
- "db1.table1"
br:
cluster: demo1
clusterNamespace: test1
local:
prefix:
backup-nfs
volume:
name: nfs
nfs:
server: ${nfs_server_ip}
path:
/home
/k8s
-nfs
volumeMount:
name: nfs
mountPath:
/nfs
使用表库过滤功能备份多张表的数据---
apiVersion: pingcap
.com
/v1alpha1
kind:
Backup
metadata:
name: demo1
-backup-nfs
namespace: test1
spec:
# # backupType: full
# # Only needed for TiDB Operator < v1.1.10 or TiDB < v4.0.8
# from:
# host: ${tidb-host}
# port: ${tidb-port}
# user: ${tidb-user}
# secretName: backup-demo1-tidb-secret
tableFilter:
- "db1.table1"
- "db1.table2"
br:
cluster: demo1
clusterNamespace: test1
local:
prefix:
backup-nfs
volume:
name: nfs
nfs:
server: ${nfs_server_ip}
path:
/home
/k8s
-nfs
volumeMount:
name: nfs
mountPath:
/nfs
二、定时快照备份
用户通过设置备份策略来对 TiDB 集群进行定时备份,同时设置备份的保留策略以避免产生过多的备份。定时快照备份通过自定义的 BackupSchedule CR 对象来描述。每到备份时间点会触发一次快照备份,定时快照备份底层通过 Ad-hoc 快照备份来实现。下面是创建定时快照备份的具体步骤:
准备定时快照备份环境(和Ad-hoc备份的第一步一样)略
备份数据到NFS持久卷中
创建备份自定义资源BackupSchedule,将数据备份到NFS中[root
@k8s-master
backup]# cat backup-schedule-nfs.yaml
apiVersion: pingcap
.com
/v1alpha1
kind: BackupSchedule
metadata:
name: demo1
-backup-schedule
-nfs
namespace: tidb
spec:
maxReservedTime:
"3h"
schedule:
"*/2 * * * *"
backupTemplate:
br:
cluster: yz
clusterNamespace: tidb
local:
prefix:
backup-nfs
volume:
name: nfs
nfs:
server:
172.16.5.194
path:
/home
/k8s
-nfs
volumeMount:
name: nfs
mountPath:
/nfs
创建应用配置[root
@k8s-master
backup]# kubectl apply -f backup-schedule-nfs.yaml
backupschedule
.pingcap
.com
/demo1
-backup-schedule
-nfs created
查看备份状态和备份文件[root
@k8s-master
backup]# kubectl get bks -n tidb -owide
NAME SCHEDULE MAXBACKUPS LASTBACKUP LASTBACKUPTIME AGE
demo1
-backup-schedule
-nfs
*/2 * * * * 9s
NAME SCHEDULE MAXBACKUPS LASTBACKUP LASTBACKUPTIME AGE
demo1
-backup-schedule
-nfs
*/2 * * * * 46s
demo1
-backup-schedule
-nfs
*/2 * * * * demo1
-backup-schedule
-nfs
-2023-02-02t10
-16-00 6s
89s
demo1
-backup-schedule
-nfs
*/2 * * * * demo1
-backup-schedule
-nfs
-2023-02-02t10
-18-00 6s
3m29s
demo1
-backup-schedule
-nfs
*/2 * * * * demo1
-backup-schedule
-nfs
-2023-02-02t10
-20-00 6s
5m29s
demo1
-backup-schedule
-nfs
*/2 * * * * demo1
-backup-schedule
-nfs
-2023-02-02t10
-22-00 6s
7m29s
demo1
-backup-schedule
-nfs
*/2 * * * * demo1
-backup-schedule
-nfs
-2023-02-02t10
-24-00 6s
9m29s
[root
@k8s-master
~]# ls /home/k8s-nfs/backup-nfs/yz-pd.tidb-2379-2023-02-02t10-16-00/
1 20001 39461 4 backup.lock backupmeta
checkpoint.meta checkpoints
三、删除备份的 Backup CR
kubectl
delete backup ${name}
-n ${namespace}
kubectl
delete backupschedule ${name}
-n ${namespace}