Introduction to backup and recovery Cr

This document describes  Backup、Restore  And  BackupSchedule Custom Resource (CR) Fields of resources , Make sure you are better at Kubernetes Upper TiDB The cluster performs data backup and data recovery .

Backup CR Field is introduced

In order to Kubernetes Upper TiDB Cluster data backup , Users can create a customized  Backup CR Object to describe a backup , For specific backup process, please refer to The data backup Documents listed in . The following is an introduction Backup CR The specific meaning of each field .

Introduction to general fields

• .spec.metadata.namespace：Backup CR Where namespace.

• .spec.toolImage： Is used to specify the  Backup  Use tools to mirror .TiDB Operator from v1.1.9 It supports this configuration .

  • Use BR When the backup , You can use this field to specify BR Version of :
    • If not specified or empty , Image is used by default  pingcap/br:${tikv_version}  Make a backup .
    • If you specify BR Version of , for example  .spec.toolImage: pingcap/br:v5.3.0, Then use the specified version image for backup .
    • If a mirror is specified but no version is specified , for example  .spec.toolImage: private/registry/br, Then use image  private/registry/br:${tikv_version}  Make a backup .
  • Use Dumpling When the backup , You can use this field to specify Dumpling Version of ：
    • If you specify Dumpling Version of , for example  spec.toolImage: pingcap/dumpling:v5.3.0, Then use the specified version image for backup .
    • If not specified , By default  Backup Manager Dockerfile  In file  TOOLKIT_VERSION  designated Dumpling Version .

• .spec.backupType： Appoint Backup type , This field is only used BR Valid during backup , Currently, the following three types are supported , Can combine  .spec.tableFilter  Configure table library filtering rules ：

  • full： Yes TiDB Cluster all of database Data backup .
  • db： Yes TiDB Cluster one database Perform a backup of your data .
  • table： Yes TiDB The data of the specified table in the cluster is backed up .

• .spec.tikvGCLifeTime： Temporary in backup  tikv_gc_life_time  Set the time , The default is  72h.

  Before the backup starts , if TiDB Clustered  tikv_gc_life_time  Less than the user set  spec.tikvGCLifeTime, To ensure that the backed up data is not TiKV GC fall ,TiDB Operator Before backup Adjust the  tikv_gc_life_time  by  spec.tikvGCLifeTime.

  After backup , Success or failure , If the old  tikv_gc_life_time  Less than the setting  .spec.tikvGCLifeTime,TiDB Operator Will try to recover  tikv_gc_life_time  Is the old value before backup . In extreme cases , If TiDB Operator Failed to access database ,TiDB Operator Will not automatically recover  tikv_gc_life_time  And think the backup failed .

  here , You can view the current through the following statement TiDB Clustered  tikv_gc_life_time：

  select VARIABLE_NAME, VARIABLE_VALUE from mysql.tidb where VARIABLE_NAME like "tikv_gc_life_time";

  If you find that  tikv_gc_life_time  Overvalued （ Usually it is 10m）, You need to follow Adjust the  tikv_gc_life_time  take  tikv_gc_life_time  Return to the original .

• .spec.cleanPolicy： Delete after backing up the cluster Backup CR Backup file cleanup strategy . Currently, three cleaning strategies are supported ：

  • Retain： In any case , Delete Backup CR The files backed up will be preserved .

  • Delete： In any case , Delete Backup CR The files backed up will be deleted .

  • OnFailure： If the backup fails , Delete Backup CR The files backed up will be deleted .

    If this field is not configured , Or configure the value of this field to be a value other than the above three , The files backed up will be preserved . It is worth noting that , stay v1.1.2 And previous versions do not exist in this field , And it is deleted by default CR Delete the backed up files at the same time . if v1.1.3 And later versions of users want to maintain this behavior , You need to set this field to  Delete.

• .spec.cleanOption： Delete after backing up the cluster Backup CR Backup file cleanup behavior when . For more instructions, see Clean up backup files

• .spec.from.host： Standby TiDB The access address of the cluster , For those that need to be exported TiDB Of service name, for example  basic-tidb.

• .spec.from.port： Standby TiDB Access port of the cluster .

• .spec.from.user： Standby TiDB Access users of the cluster .

• .spec.from.secretName： Storage  .spec.from.user  The user's password Secret.

• .spec.from.tlsClientSecretName： Specify the storage certificate used for backup Secret.

  If TiDB The cluster is on  TLS, But I don't want to use file Created in the  ${cluster_name}-cluster-client-secret  Make a backup , This parameter can be used to specify a Secret, It can be generated by the following command ：

  kubectl create secret generic ${secret_name} --namespace=${namespace} --from-file=tls.crt=${cert_path} --from-file=tls.key=${key_path} --from-file=ca.crt=${ca_path}

• .spec.storageClassName： Required for backup persistent volume (PV) type .

• .spec.storageSize： Specify the required PV size , The default is 100 GiB. This value should be greater than the backup TiDB The size of the cluster data . One TiDB Clustered Backup CR Corresponding PVC The name is certain , If the... Already exists in the cluster namespace PVC And its size is less than  .spec.storageSize, At this time, you need to delete this PVC Run again Backup job.

• .spec.resources： Specify the Pod Resource request and upper limit of .

• .spec.env： Specify the Pod Information about environment variables .

• .spec.affinity： Specify the Pod Affinity configuration , About affinity Instructions for use , see also  Affinity & AntiAffinity.

• .spec.tolerations： Specify the Pod Can be scheduled to have matching The stain  (Taint) Node . More about stains and tolerance , see also  Taints and Tolerations.

• .spec.podSecurityContext： Specify the Pod Security context configuration , allow Pod In a root Run as a user , About podSecurityContext More about , see also In a root User run container .

• .spec.priorityClassName： Specify the Pod Of priorityClass The name of , To set the running priority , About priorityClass More about , see also  Pod Priority and Preemption.

• .spec.imagePullSecrets： Specify the Pod Of  imagePullSecrets

• .spec.serviceAccount： Specify the ServiceAccount name .

• .spec.useKMS： Specify whether to use AWS-KMS Decrypt the backup using S3 Storage key .

• .spec.tableFilter： During backup, specify Dumpling perhaps BR Backup compliance  table-filter The rules Table of . By default, this field can be configured without .

  When not configured , If you use Dumpling Backup ,tableFilter  The default values of the fields are as follows ：

  tableFilter: - "*.*" - "!/^(mysql|test|INFORMATION_SCHEMA|PERFORMANCE_SCHEMA|METRICS_SCHEMA|INSPECTION_SCHEMA)$/.*"

  When not configured , If you use BR Backup ,BR All databases except the system library will be backed up .

  Be careful

  If you want to use exclusion rules  "!db.table"  Export Division  db.table  All the watches of , So in  "!db.table"  You must add  *.*  The rules . As shown in the following example ：

  tableFilter: - "*.*" - "!db.table"

BR Field is introduced

• .spec.br.cluster： Represents the name of the cluster that needs to be backed up .
• .spec.br.clusterNamespace： Represents the location of the cluster that needs to be backed up  namespace.
• .spec.br.logLevel： Represents the level of the log . The default is  info.
• .spec.br.statusAddr： by BR A process listens for the state of a process HTTP port , It is convenient for users to debug . If you don't fill in , The default is not to listen .
• .spec.br.concurrency： When backing up each TiKV Number of threads used by the process . The default is 4, It defaults to 128.
• .spec.br.rateLimit： Whether to limit the flow . Unit is MB/s, For example, set to  4  Represents speed limit 4 MB/s, No speed limit by default .
• .spec.br.checksum： Whether to verify the file after the backup . The default is  true.
• .spec.br.timeAgo： Backup timeAgo Previous data , The default is empty. （ Back up the current data ）, Support  "1.5h","2h45m" Data such as .
• .spec.br.sendCredToTikv：BR Whether the process will own AWS jurisdiction 、GCP Authority or Azure Permissions are transferred to TiKV process . The default is  true.
• .spec.br.onLine：restore Whether to enable Online recovery function .
• .spec.br.options：BR Additional parameters supported by the tool , It needs to be passed in the form of string array . since v1.1.6 This parameter is supported since version . Can be used to specify  lastbackupts  For incremental backup .

S3 Storage field introduction

• .spec.s3.provider： Supported compatibility S3 Of  provider.

  More supported compatibility S3 Of  provider  as follows ：

  • alibaba：Alibaba Cloud Object Storage System (OSS),formerly Aliyun
  • digitalocean：Digital Ocean Spaces
  • dreamhost：Dreamhost DreamObjects
  • ibmcos：IBM COS S3
  • minio：Minio Object Storage
  • netease：Netease Object Storage (NOS)
  • wasabi：Wasabi Object Storage
  • other：Any other S3 compatible provider

• .spec.s3.region： Use Amazon S3 Store backup , Need configuration Amazon S3 Where region.

• .spec.s3.bucket： compatible S3 Stored bucket name .

• .spec.s3.prefix： If this field is set , This field will be used to splice the storage path stored at the remote end  s3://${.spec.s3.bucket}/${.spec.s3.prefix}/backupName.

• .spec.s3.path： Specify the storage path where the backup file is stored remotely , This field is only used Dumpling Back up or Lightning Effective upon recovery , for example  s3://test1-demo1/backup-2019-12-11T04:32:12Z.tgz.

• .spec.s3.endpoint： compatible S3 Storage services for endpoint, for example  http://minio.minio.svc.cluster.local:9000.

• .spec.s3.secretName： Access compatibility S3 Stored key information （ contain access key and secret key） Of Secret name .

• .spec.s3.sse： Appoint S3 Server encryption method , for example  aws:kms.

• .spec.s3.acl： Supported by access-control list (ACL) Strategy .

  Amazon S3 The following are supported access-control list (ACL) Strategy ：

  • private

  • public-read

  • public-read-write

  • authenticated-read

  • bucket-owner-read

  • bucket-owner-full-control

    If not set ACL Strategy , It is used by default  private  Strategy .ACL Detailed introduction of strategy , Reference resources  AWS Official documents .

• .spec.s3.storageClass： Supported by  storageClass  type .

  Amazon S3 The following are supported  storageClass  type ：

  • STANDARD

  • REDUCED_REDUNDANCY

  • STANDARD_IA

  • ONEZONE_IA

  • GLACIER

  • DEEP_ARCHIVE

    If not set  storageClass, It is used by default  STANDARD_IA.storageClass  Detailed introduction , Reference resources  AWS Official documents .

GCS Storage field introduction

• .spec.gcs.projectId： representative GCP Unique identification of the user item on . For specific methods of obtaining this identification, please refer to  GCP Official documents .

• .spec.gcs.location： Appoint GCS bucket The area , for example  us-west2.

• .spec.gcs.path： Specify the storage path where the backup file is stored remotely , This field is only used Dumpling Back up or Lightning Effective upon recovery , for example  gcs://test1-demo1/backup-2019-11-11T16:06:05Z.tgz.

• .spec.gcs.secretName： Specify storage GCS User account authentication information Secret name .

• .spec.gcs.bucket： Storing data bucket name .

• .spec.gcs.prefix： If this field is set , This field will be used to splice the storage path stored at the remote end  gcs://${.spec.gcs.bucket}/${.spec.gcs.prefix}/backupName.

• .spec.gcs.storageClass：GCS The following are supported  storageClass  type ：

  • MULTI_REGIONAL

  • REGIONAL

  • NEARLINE

  • COLDLINE

  • DURABLE_REDUCED_AVAILABILITY

    If not set  storageClass, It is used by default  COLDLINE. For a detailed introduction of these storage types, please refer to  GCS Official documents .

• .spec.gcs.objectAcl： Set up object access-control list (ACL) Strategy .

  GCS The following are supported ACL Strategy ：

  • authenticatedRead

  • bucketOwnerFullControl

  • bucketOwnerRead

  • private

  • projectPrivate

  • publicRead

    If not set object ACL Strategy , It is used by default  private  Strategy .ACL Detailed introduction of strategy , Reference resources  GCS Official documents .

• .spec.gcs.bucketAcl： Set up bucket access-control list (ACL) Strategy .

  GCS The following are supported bucket ACL Strategy ：

  • authenticatedRead

  • private

  • projectPrivate

  • publicRead

  • publicReadWrite

    If not set bucket ACL Strategy , The default policy is  private.ACL Detailed introduction of strategy , Reference resources  GCS Official documents .

Azure Blob Storage Storage field introduction

• .spec.azblob.secretName： Specify storage Azure Blob Storage User account authentication information Secret name .

• .spec.azblob.container： Storing data container name .

• .spec.azblob.prefix： If this field is set , This field will be used to splice the storage path stored at the remote end  azure://${.spec.azblob.container}/${.spec.azblob.prefix}/backupName.

• .spec.azblob.accessTier： The storage category of the uploaded object .

  Azure Blob Storage The following are supported  accessTier  type ：

  • Hot

  • Cool

  • Archive

    If not set  accessTier, It is used by default  Cool.

Local Storage field introduction

• .spec.local.prefix： Persistent volume storage directory . If this field is set , This field will be used to splice the storage path of the persistent volume  local://${.spec.local.volumeMount.mountPath}/${.spec.local.prefix}/.
• .spec.local.volume： Persistent volume configuration .
• .spec.local.volumeMount： Persistent volume mount configuration .

Restore CR Field is introduced

In order to Kubernetes Upper TiDB Cluster for data recovery , Users can create a customized  Restore CR Object to describe a recovery , Refer to Introduction to backup and recovery Documents listed in . The following is an introduction Restore CR The specific meaning of each field .

• .spec.metadata.namespace：Restore CR Where namespace.

• .spec.toolImage： Is used to specify the  Restore  Use tools to mirror .TiDB Operator from v1.1.9 This configuration is supported since version .

  • Use BR When you recover , You can use this field to specify BR Version of . for example ,spec.toolImage: pingcap/br:v5.3.0. If you don't specify , By default  pingcap/br:${tikv_version}  Resume .
  • Use Lightning When you recover , You can use this field to specify Lightning Version of , for example spec.toolImage: pingcap/lightning:v5.3.0. If you don't specify , By default  Backup Manager Dockerfile  In file  TOOLKIT_VERSION  designated Lightning Version recovery .

• .spec.backupType： Appoint Restore type , This field is only used BR Effective upon recovery , Currently, the following three types are supported , Can combine  .spec.tableFilter  Configure table library filtering rules ：

  • full： Yes TiDB Cluster all of database Data backup .
  • db： Yes TiDB Cluster one database Perform a backup of your data .
  • table： Yes TiDB The data of the cluster table is backed up .

• .spec.tikvGCLifeTime： Temporary in data recovery  tikv_gc_life_time  Set the time , The default is 72h.

  Before data recovery starts , if TiDB Clustered  tikv_gc_life_time  Less than the user set  spec.tikvGCLifeTime, To ensure that the recovered data is not TiKV GC fall ,TiDB Operator Before recovery Adjust the  tikv_gc_life_time  by  spec.tikvGCLifeTime.

  After data recovery , Success or failure , If the old  tikv_gc_life_time  Less than the setting  .spec.tikvGCLifeTime,TiDB Operator Will try to set  tikv_gc_life_time  Is the old value before restoration . In extreme cases , If TiDB Operator Failed to access database ,TiDB Operator Will not automatically recover  tikv_gc_life_time  And think that data recovery failed .

  here , You can view the current through the following statement TiDB Clustered  tikv_gc_life_time：

  select VARIABLE_NAME, VARIABLE_VALUE from mysql.tidb where VARIABLE_NAME like "tikv_gc_life_time";

  If you find that  tikv_gc_life_time  Overvalued （ Usually it is 10m）, You need to follow Adjust the  tikv_gc_life_time  take  tikv_gc_life_time  Return to the original .

• .spec.to.host： To be restored TiDB The access address of the cluster .

• .spec.to.port： To be restored TiDB Access port of the cluster .

• .spec.to.user： To be restored TiDB Access users of the cluster .

• .spec.to.secretName： Storage  .spec.to.user  The user's password secret.

• .spec.to.tlsClientSecretName： Specify the name of the storage certificate used to restore the backup Secret.

  If TiDB The cluster is on  TLS, But I don't want to use file Created in the  ${cluster_name}-cluster-client-secret  Restore backup , This parameter can be used to specify a Secret, It can be generated by the following command ：

  kubectl create secret generic ${secret_name} --namespace=${namespace} --from-file=tls.crt=${cert_path} --from-file=tls.key=${key_path} --from-file=ca.crt=${ca_path}

• .spec.resources： Specify the Pod Resource request and upper limit of .

• .spec.env： Specify the Pod Information about environment variables .

• .spec.affinity： Specify the Pod Affinity configuration , About affinity Instructions for use , see also  Affinity & AntiAffinity.

• .spec.tolerations： Specify the Pod Can be scheduled to have matching The stain  (Taint) Node . More about stains and tolerance , see also  Taints and Tolerations.

• .spec.podSecurityContext： Specify the Pod Security context configuration , allow Pod In a root Run as a user , About podSecurityContext More about , see also In a root User run container .

• .spec.priorityClassName： Specify the Pod Of priorityClass The name of , To set the running priority , About priorityClass More about , see also  Pod Priority and Preemption.

• .spec.imagePullSecrets： Specify the Pod Of  imagePullSecrets

• .spec.serviceAccount： Specify the ServiceAccount name .

• .spec.useKMS： Specify whether to use AWS-KMS Decrypt the backup using S3 Storage key .

• .spec.storageClassName： Specify the PV type .

• .spec.storageSize： Specify the PV size . The value should be greater than TiDB The data size of the cluster backup .

• .spec.tableFilter： When restoring, specify BR Restore compliance  table-filter The rules   Table of . By default, this field can be configured without .

  When not configured , If you use TiDB Lightning recovery ,tableFilter  The default values of the fields are as follows ：

  tableFilter: - "*.*" - "!/^(mysql|test|INFORMATION_SCHEMA|PERFORMANCE_SCHEMA|METRICS_SCHEMA|INSPECTION_SCHEMA)$/.*"

  When not configured , If you use BR recovery ,BR All databases in the backup file will be restored .

  Be careful

  If you want to use exclusion rules  "!db.table"  Export Division  db.table  All the watches of , So in  "!db.table"  You must add  *.*  The rules . As shown in the following example ：

  tableFilter: - "*.*" - "!db.table"

• .spec.br：BR Related configuration , Specific introduction reference  BR Field is introduced .

• .spec.s3：S3 Compatible with storage related configurations , Specific introduction reference  S3 Field is introduced .

• .spec.gcs：GCS Storage related configuration , Specific introduction reference  GCS Field is introduced .

• .spec.azblob：Azure Blob Storage Storage related configuration , Specific introduction reference  Azure Blob Storage Field is introduced .

• .spec.local： Persistent volume storage related configurations , Specific introduction reference  Local Field is introduced .

BackupSchedule CR Field is introduced

backupSchedule  The configuration of consists of two parts . Part of it is  backupSchedule  Unique configuration , The other part is  backupTemplate.backupTemplate  Specify the configuration related to cluster and remote storage , Fields and Backup CR Medium  spec  equally , Please refer to  Backup CR Field is introduced . Let's introduce  backupSchedule  Unique configuration items ：

• .spec.maxBackups： A backup retention policy , Determine the maximum number of backups that can be retained for scheduled backups . Exceed this number , The obsolete backup will be deleted . If the item is set to  0, Then it means to keep all backups .
• .spec.maxReservedTime： A backup retention policy , Keep backups by time . For example, set this parameter to  24h, Means to keep only the recent 24 Backup pieces within hours . Backups that exceed this time will be cleared . Time setting format reference  func ParseDuration. If set at the same time  .spec.maxBackups  and  .spec.maxReservedTime, with  .spec.maxReservedTime  Subject to .
• .spec.schedule：Cron Time scheduling format . Specific format can refer to  Cron.
• .spec.pause： Whether to pause scheduled backup , The default is  false. If you set the value to  true, It means to pause scheduled backup , At this time, even if it reaches the specified point in time , There will be no backup . During the scheduled backup pause , Backup Garbage Collection (GC) Still normal . If you need to restart the scheduled full backup , take  true  Change it to  false.