search

pingcap / tidb-operator

TiDB operator creates and manages TiDB clusters running in Kubernetes.
https://docs.pingcap.com/tidb-in-kubernetes/
Apache License 2.0
1.23k stars 498 forks source link

MaxBackups in the `ScheduledBackup` CRD not work #2239

Closed tennix closed 4 years ago

tennix commented 4 years ago

Bug Report

With tidb-operator 1.1.0-rc.1.p1, the field maxBackups in ScheduledBackup does not work as expected. After specifying maxBackups to 5, there are more than 5 ScheduledBackup objects and the corresponding backup directory in S3 bucket is also not deleted.

tirsen commented 4 years ago

If you plan to also delete files from S3 please note that the tidb-controller-manager can't access S3 because it generally does not have access to the secret for secret key auth or doesn't run with the correct service account for IAM role OIDC authentication. That needs to run as a pod in the namespace of the tidb cluster with the correct service account.

DanielZhangQD commented 4 years ago

Now it is run as a dedicated job starts with clean- and the service account in the backup CR will be set to the clean job, could you please help collect the tidb-operator log?

shuijing198799 commented 4 years ago

If you plan to also delete files from S3 please note that the tidb-controller-manager can't access S3 because it generally does not have access to the secret for secret key auth or doesn't run with the correct service account for IAM role OIDC authentication. That needs to run as a pod in the namespace of the tidb cluster with the correct service account.

If you set MaxBackups and MaxReservedTime meanwhile, only MaxReservedTime is worked, like this code showed https://github.com/pingcap/tidb-operator/blob/master/pkg/backup/backupschedule/backup_schedule_manager.go#L254-L262 have you set the field MaxReservedTime ?

tirsen commented 4 years ago

I have not set MaxReservedTime. This is the CRD:

apiVersion: pingcap.com/v1alpha1
kind: BackupSchedule
metadata:
  name: backup-schedule
  namespace: ${cluster}
spec:
  maxBackups: 5
  #pause: true
  maxReservedTime: "3h"
  # 10 am UTC is 3 am PST which is off peak
  schedule: "0 10 * * *"
  # Use this for testing, every 2 mins
  #schedule: "*/2 * * * *"
  backupTemplate:
    backupType: full
    serviceAccount: tidb-backup-manager
    br:
      cluster: ${cluster}
      sendCredToTikv: false
      clusterNamespace: ${cluster}
      pd: ${cluster}-pd.${cluster}
      logLevel: debug
      # statusAddr: ${status_addr}
      # concurrency: 4
      # rateLimit: 0
      # timeAgo: ${time}
      # checksum: true
    from:
      host: ${cluster}-tidb.${cluster}.svc.cluster.local
      port: 4000
      user: ${SQM_SERVICE}_adm
      secretName: ${cluster}-tidb-backup-secret
      tlsClient:
        enabled: true
    s3:
      provider: aws
      region: us-west-2
      bucket: ${bucket}
      prefix: ${service}
tirsen commented 4 years ago

lol yeah I have set maxReservedTime

tirsen commented 4 years ago

I've confirmed this works correctly. Closing the issue.

tirsen commented 4 years ago

Oh I can't close it. You can close this issue. User error. :-)

tennix commented 4 years ago

OK, I'll close it.