TiDB Operator 实现集群备份到 NFS 持久卷操作指南

Kubernetes 上 TiDB 集群的数据备份到持久卷上。本文描述的持久卷，指任何 Kubernetes 支持的持久卷类型。本文以备份数据到网络文件系统 (NFS) 存储为例。

使用场景

如果你对数据备份有以下要求，可考虑使用 BR 将 TiDB 集群数据以 Ad-hoc 备份(只执行一次)或定时快照备份(执行多次)的方式备份至持久卷：

需要备份的数据量较大，而且要求备份速度较快

需要直接备份数据的 SST 文件（键值对）

注意

BR 只支持 TiDB v3.1 及以上版本。

使用 BR 备份出的数据只能恢复到 TiDB 数据库中，无法恢复到其他数据库中。

一、Ad-hoc 备份

Ad-hoc 备份支持快照备份与增量备份。Ad-hoc 备份通过创建一个自定义的Backup custom resource (CR) 对象来描述一次备份。TiDB Operator 根据这个 Backup 对象来完成具体的备份过程。如果备份过程中出现错误，程序不会自动重试，此时需要手动处理。

本文档对K8S集群中命名空间为tidb下的lqb数据库集群进行备份，具体操作如下：

准备Ad-hoc备份环境

下载backup-rbac.yaml 到master服务器。--- kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: tidb-backup-manager labels: app.kubernetes.io/component: tidb-backup-manager rules: - apiGroups: [""] resources: ["events"] verbs: ["*"] - apiGroups: ["pingcap.com"] resources: ["backups", "restores"] verbs: ["get", "watch", "list", "update"] --- kind: ServiceAccount apiVersion: v1 metadata: name: tidb-backup-manager --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: tidb-backup-manager labels: app.kubernetes.io/component: tidb-backup-manager subjects: - kind: ServiceAccount name: tidb-backup-manager roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: tidb-backup-manager创建备份需要的RBAC相关资源在tidb命名空间下[root@k8s-master backup]# kubectl apply -f backup-rbac.yaml -ntidb role.rbac.authorization.k8s.io/tidb-backup-manager created serviceaccount/tidb-backup-manager created rolebinding.rbac.authorization.k8s.io/tidb-backup-manager created确保可以从K8S集群中访问用于存储备份数据的NFS服务器，并且配置了TiKV挂载跟备份任务相同的NFS共享目录到相同的本地目录。tikv挂载NFS的具体配置如下：spec: tikv: baseImage: pingcap/tikv replicas: 4 maxFailoverCount: 6 #下边是配置tikv挂载nfs additionalVolumes: - name: nfs nfs: server: 172.16.5.194 path: /home/k8s-nfs additionalVolumeMounts:- name: nfs mountPath: /nfs requests: cpu: "100m" storage: 12Gi memory: "400Mi" limits: cpu: "2000m" memory: "4Gi" mountClusterClientSecret: false storageClassName: "local-hostpath"如果TiDB版本低于V4.0.8则执行如下操作，若高于该版本可以省略。创建secret用于存放Tidb集群的用户名和密码，由于使用v6.5省略该步骤 kubectl create secret generic backup-demo1-tidb-secret --from-literal=password=${password} --namespace=tidb

备份数据到NFS持久卷

创建备份的自定义资源CR，将数据备份到NFS##以下以备份yz数据库为例 [root@k8s-master backup]# cat backup-nfs.yaml --- apiVersion: pingcap.com/v1alpha1 kind:Backup metadata: name: demo1-backup-nfs namespace: tidb spec: # backupType: full # from: # host: # port: # user: # secretName: backup-yz tableFilter: - "yz.*" br: cluster: yz clusterNamespace: tidb local: prefix:backup-nfs volume: name: nfs nfs: server: 172.16.5.194 path: /home/k8s-nfs volumeMount: name: nfs mountPath: /nfs创建应用配置[root@k8s-master backup]# kubectl apply -f backup-nfs.yaml backup.pingcap.com/demo1-backup-nfs created查看备份状态和备份文件[root@k8s-master backup]# kubectl get bk -n tidb -owide -w NAME TYPE MODE STATUS BACKUPPATH BACKUPSIZE COMMITTS LOGTRUNCATEUNTIL STARTED COMPLETED AGE demo1-backup-nfs snapshot Running local:///nfs/backup-nfs 57s demo1-backup-nfs snapshot Complete local:///nfs/backup-nfs 2.8 GB 439178019024666631 68s 0s 72s ^C[root@k8s-master backup]ls /home/k8s-nfs/backup-nfs/de 1 20001 39461 4 backup.lock backupmeta checkpoint.meta checkpoints备份实例如下：备份全部集群数据--- apiVersion: pingcap.com/v1alpha1 kind: Backup metadata: name: demo1-backup-nfs namespace: test1 spec: # # backupType: full # # Only needed for TiDB Operator < v1.1.10 or TiDB < v4.0.8 # from: # host: ${tidb-host} # port: ${tidb-port} # user: ${tidb-user} # secretName: backup-demo1-tidb-secretbr: cluster: demo1 clusterNamespace: test1local: prefix: backup-nfs volume: name: nfs nfs: server: ${nfs_server_ip} path: /home/k8s-nfs volumeMount: name: nfs mountPath: /nfs备份单个数据库的数据--- apiVersion: pingcap.com/v1alpha1 kind: Backup metadata: name: demo1-backup-nfs namespace: test1 spec: # # backupType: full # # Only needed for TiDB Operator < v1.1.10 or TiDB < v4.0.8 # from: # host: ${tidb-host} # port: ${tidb-port} # user: ${tidb-user} # secretName: backup-demo1-tidb-secret tableFilter: - "db1.*" br: cluster: demo1 clusterNamespace: test1 local: prefix: backup-nfs volume: name: nfs nfs: server: ${nfs_server_ip} path:/home/k8s-nfs volumeMount: name: nfs mountPath: /nfs备份单张表的数据--- apiVersion: pingcap.com/v1alpha1 kind: Backup metadata: name: demo1-backup-nfs namespace: test1 spec: # # backupType: full # # Only needed for TiDB Operator < v1.1.10 or TiDB < v4.0.8 # from: # host: ${tidb-host} # port: ${tidb-port} # user: ${tidb-user} # secretName: backup-demo1-tidb-secret tableFilter: - "db1.table1" br: cluster: demo1 clusterNamespace: test1 local: prefix:backup-nfs volume: name: nfs nfs: server: ${nfs_server_ip} path: /home/k8s-nfs volumeMount: name: nfs mountPath: /nfs使用表库过滤功能备份多张表的数据--- apiVersion: pingcap.com/v1alpha1 kind:Backup metadata: name: demo1-backup-nfs namespace: test1 spec: # # backupType: full # # Only needed for TiDB Operator < v1.1.10 or TiDB < v4.0.8 # from: # host: ${tidb-host} # port: ${tidb-port} # user: ${tidb-user} # secretName: backup-demo1-tidb-secret tableFilter: - "db1.table1" - "db1.table2" br: cluster: demo1 clusterNamespace: test1 local: prefix: backup-nfs volume: name: nfs nfs: server: ${nfs_server_ip} path:/home/k8s-nfs volumeMount: name: nfs mountPath: /nfs

二、定时快照备份

用户通过设置备份策略来对 TiDB 集群进行定时备份，同时设置备份的保留策略以避免产生过多的备份。定时快照备份通过自定义的 BackupSchedule CR 对象来描述。每到备份时间点会触发一次快照备份，定时快照备份底层通过 Ad-hoc 快照备份来实现。下面是创建定时快照备份的具体步骤：

准备定时快照备份环境（和Ad-hoc备份的第一步一样）略

备份数据到NFS持久卷中

创建备份自定义资源BackupSchedule，将数据备份到NFS中[root@k8s-master backup]# cat backup-schedule-nfs.yaml apiVersion: pingcap.com/v1alpha1 kind: BackupSchedule metadata: name: demo1-backup-schedule-nfs namespace: tidb spec: maxReservedTime:"3h" schedule: "*/2 * * * *" backupTemplate: br: cluster: yz clusterNamespace: tidb local: prefix: backup-nfs volume: name: nfs nfs: server: 172.16.5.194 path: /home/k8s-nfs volumeMount: name: nfs mountPath: /nfs创建应用配置[root@k8s-master backup]# kubectl apply -f backup-schedule-nfs.yaml backupschedule.pingcap.com/demo1-backup-schedule-nfs created查看备份状态和备份文件[root@k8s-master backup]# kubectl get bks -n tidb -owideNAME SCHEDULE MAXBACKUPS LASTBACKUP LASTBACKUPTIME AGE demo1-backup-schedule-nfs */2 * * * * 9s NAME SCHEDULE MAXBACKUPS LASTBACKUP LASTBACKUPTIME AGE demo1-backup-schedule-nfs */2 * * * * 46s demo1-backup-schedule-nfs */2 * * * * demo1-backup-schedule-nfs-2023-02-02t10-16-00 6s 89s demo1-backup-schedule-nfs */2 * * * * demo1-backup-schedule-nfs-2023-02-02t10-18-00 6s 3m29s demo1-backup-schedule-nfs */2 * * * * demo1-backup-schedule-nfs-2023-02-02t10-20-00 6s 5m29s demo1-backup-schedule-nfs */2 * * * * demo1-backup-schedule-nfs-2023-02-02t10-22-00 6s 7m29s demo1-backup-schedule-nfs */2 * * * * demo1-backup-schedule-nfs-2023-02-02t10-24-00 6s 9m29s [root@k8s-master ~]# ls /home/k8s-nfs/backup-nfs/yz-pd.tidb-2379-2023-02-02t10-16-00/ 1 20001 39461 4 backup.lock backupmeta checkpoint.meta checkpoints

三、删除备份的 Backup CR

kubectl delete backup ${name} -n ${namespace} kubectl delete backupschedule ${name} -n ${namespace}