临时解决官方 BackupCR 无法备份到阿里云OSS 的方案

🌃 资源中心 社区智慧合集
1

由于种种原因(比如:How to use Backup CR to backup tidb to aliyun OSS? · Issue #5611 · pingcap/tidb-operator · GitHub), 官方BackupCR 在备份到阿里云OSS 时总是失败,这个问题困扰了我们较长时间,以至于我们曾跨国传输,将备份写入AWS S3(我们技术占all in k8s),但是随着数据量的增长,备份经常失败。经过探索,基于BR 自定义了Cronjob,运行效果还行,贴在这里供需要的人参考:

apiVersion: v1
kind: ConfigMap
metadata:
  name: cm-br-backup-command
  namespace: tidb-cluster
data:
  backup.sh: |-
    #!/bin/bash
    BACKUP_BUCKET=REPLACE_WITH_YOUR_OWN_BUCKET_NAME
    BACKUP_PREFIX="path/under/your/bucket"
    BACKUP_NAME=$(date +%Y-%m-%dt%H:%M:%S)
    BACKUP_FULL_PATH="s3://${BACKUP_BUCKET}/${BACKUP_PREFIX}/${BACKUP_NAME}"
    
    # OSS-ACCESS-KEY and OSS-SECRET-KEY are from secret
    OSS_AUTH="access-key=${OSS_ACCESS_KEY}&secret-access-key=${OSS_SECRET_KEY}"
    
    /br backup full                                          \
      --pd "YOUR-PD-SERVICE:2379"                            \
      --s3.endpoint "https://oss-cn-beijing.aliyuncs.com"    \
      --s3.provider "alibaba"                                \
      --s3.region "oss-cn-beijing"                           \
      --log-level debug                                      \
      --log-file /dev/stdout                                 \
      --storage "${BACKUP_FULL_PATH}?${OSS_AUTH}"

---
apiVersion: batch/v1
kind: CronJob
metadata:
  name: backup-tidb-to-oss
  namespace: tidb-cluster
spec:
  # 这个执行时间,你必须结合K8S 的时区来定
  schedule: "15 10 * * *"
  jobTemplate:
    spec:
      template:
        spec:
          containers:
          - name: br
            image: pingcap/br:v7.5.1
            args:
            - /backup.sh
            command:
            - /bin/sh
            env:
              - name: OSS_ACCESS_KEY
                valueFrom:
                  secretKeyRef:
                    # Make sure you have this secret in you namespace
                    name: tidb-backup-to-oss
                    key: access_key
              - name: OSS_SECRET_KEY
                valueFrom:
                  secretKeyRef:
                    name: tidb-backup-to-oss
                    key: secret_key
            volumeMounts:
            - name: vol-cm-br-backup-command
              mountPath: /backup.sh
              subPath: backup.sh
          restartPolicy: OnFailure
          volumes:
          - name: vol-cm-br-backup-command
            configMap:
              name: cm-br-backup-command

# 这里还提供了一个Deployment, 你可以exec 到这里的POD 去按需地手动执行备份
# 比如: kubectl exec -it {POD-ID} -- /bin/sh /backup.sh
# 注意,默认副本数量为0, 可以要用的时候再调整为1 即可 
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: tool-br
  labels:
    app: tool-br
  namespace: tidb-cluster
spec:
  replicas: 0
  selector:
    matchLabels:
      app: tool-br
  template:
    metadata:
      labels:
        app: tool-br
    spec:
      containers:
      - name: br
        image: pingcap/br:v7.5.1
        args:
        - "while true;do date -R;sleep 60;done"
        command:
        - /bin/bash
        - -c
        env:
          - name: OSS_ACCESS_KEY
            valueFrom:
              secretKeyRef:
                name: tidb-backup-to-oss
                key: access_key
          - name: OSS_SECRET_KEY
            valueFrom:
              secretKeyRef:
                name: tidb-backup-to-oss
                key: secret_key
        volumeMounts:
        - name: vol-cm-br-backup-command
          mountPath: /backup.sh
          subPath: backup.sh
      volumes:
      - name: vol-cm-br-backup-command
        configMap:
          name: cm-br-backup-command
          defaultMode: 0777
2

666 这个办法好

5

给你点赞,思考使人进步

7

:+1:t6: :+1:t6: :+1:t6: