restore database from cloud (#160)

* TiDB readiness probes (#147) * add readiness probes for tidb service * fix script
pingcap · Nov 7, 2018 · 744fd54 · 744fd54
1 parent 46ca644
commit 744fd54
Show file tree

Hide file tree

Showing 6 changed files with 150 additions and 1 deletion.
diff --git a/charts/tidb-cluster/templates/restore-job.yaml b/charts/tidb-cluster/templates/restore-job.yaml
@@ -0,0 +1,61 @@
+{{- if .Values.restore.create }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ .Values.clusterName }}-restore
+  labels:
+    app.kubernetes.io/name: {{ template "chart.name" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Values.clusterName }}
+    app.kubernetes.io/component: restore
+    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+"  "_" }}
+spec:
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "chart.name" . }}
+        app.kubernetes.io/instance: {{ .Values.clusterName }}
+        app.kubernetes.io/component: restore
+    spec:
+      restartPolicy: OnFailure
+      containers:
+      - name: tidb-restore-job
+        image: {{ .Values.restore.image }}
+        command:
+        - /bin/sh
+        - -c
+        - |-
+{{ tuple "scripts/_start_restore.sh.tpl" . | include "helm-toolkit.utils.template" | indent 10 }}
+        volumeMounts:
+        - name: data
+          mountPath: "/data"
+      {{- if .Values.restore.gcp }}
+        - name: gcp-credentials
+          mountPath: "/gcp"
+          readOnly: true
+      {{- end }}
+        env:
+        - name: MY_POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+      {{- if .Values.restore.gcp }}
+        - name: GOOGLE_APPLICATION_CREDENTIALS
+          value: /gcp/credentials.json
+      {{- end }}
+        - name: TIDB_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.clusterName }}-restore-secret
+              key: user-password
+      volumes:
+      - name: data
+        persistentVolumeClaim:
+          claimName: {{ .Values.clusterName }}-restore
+    {{- if .Values.restore.gcp }}
+      - name: gcp-credentials
+        secret:
+          secretName: {{ .Values.clusterName }}-restore-secret
+    {{- end }}
+{{- end }}
+
diff --git a/charts/tidb-cluster/templates/restore-pvc.yaml b/charts/tidb-cluster/templates/restore-pvc.yaml
@@ -0,0 +1,21 @@
+{{- if .Values.restore.create }}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: {{ .Values.clusterName }}-restore
+  labels:
+    app.kubernetes.io/name: {{ template "chart.name" . }}
+    app.kubernetes.io/managed-by: tidb-operator
+    app.kubernetes.io/instance: {{ .Values.clusterName }}
+    app.kubernetes.io/component: restore
+    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+"  "_" }}
+spec:
+  accessModes:
+    - ReadWriteOnce
+  volumeMode: Filesystem
+  resources:
+    requests:
+      storage: {{ .Values.restore.storage }}
+  storageClassName: {{ .Values.restore.storageClassName }}
+{{- end }}
+
diff --git a/charts/tidb-cluster/templates/restore-secret.yaml b/charts/tidb-cluster/templates/restore-secret.yaml
@@ -0,0 +1,19 @@
+{{- if .Values.restore.create }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Values.clusterName }}-restore
+  labels:
+    app.kubernetes.io/name: {{ template "chart.name" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Values.clusterName }}
+    app.kubernetes.io/component: restore
+    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+"  "_" }}
+type: Opaque
+data:
+{{- if .Values.restore.gcp }}
+  credentials.json: {{ .Values.restore.gcp.credentialsData }}
+{{- end }}
+  user-password: {{ .Values.restore.password | b64enc | quote }}
+{{- end }}
+
diff --git a/charts/tidb-cluster/templates/scripts/_start_fullbackup.sh.tpl b/charts/tidb-cluster/templates/scripts/_start_fullbackup.sh.tpl
@@ -5,7 +5,7 @@ host=`echo {{ .Values.clusterName }}_TIDB_SERVICE_HOST | tr '[a-z]' '[A-Z]'`
 mkdir -p /data/${dirname}/
 cp /savepoint-dir/savepoint /data/${dirname}/
 
-mydumper \
+/mydumper \
   --outputdir=/data/${dirname} \
   --host=`eval echo '${'$host'}'` \
   --port=4000 \

diff --git a/charts/tidb-cluster/templates/scripts/_start_restore.sh.tpl b/charts/tidb-cluster/templates/scripts/_start_restore.sh.tpl
@@ -0,0 +1,23 @@
+set -euo pipefail
+
+dirname=`date +%Y-%m-%dT%H%M%S`-${MY_POD_NAME}
+dataDir=/data/${dirname}
+mkdir -p ${dataDir}/
+host=`echo {{ .Values.clusterName }}_TIDB_SERVICE_HOST | tr '[a-z]' '[A-Z]'`
+
+{{- if .Values.restore.gcp }}
+downloader \
+  --cloud=gcp \
+  --bucket={{ .Values.restore.gcp.bucket }} \
+  --srcDir={{ .Values.restore.gcp.srcDir }} \
+  --destDir=${dataDir}
+
+/loader \
+  -d ${dataDir}/{{ .Values.restore.gcp.srcDir }} \
+  -h `eval echo '${'$host'}'` \
+  -u {{ .Values.restore.user }} \
+  -p ${TIDB_PASSWORD} \
+  -P 4000 \
+  {{ .Values.restore.options }}
+{{- end }}
+
diff --git a/charts/tidb-cluster/values.yaml b/charts/tidb-cluster/values.yaml
@@ -293,6 +293,31 @@ binlog:
       # kafkaAddrs: "127.0.0.1:9092"
       # kafkaVersion: "0.8.2.0"
 
+restore:
+  create: false
+  # /~https://github.com/tennix/tidb-cloud-backup
+  image: pingcap/tidb-cloud-backup:latest
+  # storageClassName is a StorageClass provides a way for administrators to describe the "classes" of storage they offer.
+  # different classes might map to quality-of-service levels, or to backup policies,
+  # or to arbitrary policies determined by the cluster administrators.
+  # refer to https://kubernetes.io/docs/concepts/storage/storage-classes
+  storageClassName: local-storage
+  storage: 1000Gi
+  # loader options https://www.pingcap.com/docs-cn/tools/loader/
+  options: "-t 16"
+  # user must set tidb cluster user and password
+  user: restore
+  password: "Password here ..."
+  # backup data comes from gcp
+  gcp: {}
+    # credentialsData is base64 format of the service account json file data
+    # https://cloud.google.com/docs/authentication/production#obtaining_and_providing_service_account_credentials_manually
+    # and then: cat credentials.json | base64 | tr -d '\n'
+    # credentialsData: ""
+    # bucket: ""
+    # srcDir is the directory of backup data in bucket
+    # srcDir: ""
+
 metaInstance: "{{ $labels.instance }}"
 metaType: "{{ $labels.type }}"
 metaValue: "{{ $value }}"