---
apiVersion: batch/v1
kind: CronJob
metadata:
  name: &app postgres-pg-dump
  labels: &labels
    app.kubernetes.io/name: pg-dump
    app.kubernetes.io/instance: *app
    postgresql: crunchy
    postgres-operator.crunchydata.com/cluster: crunchy
    kustomize.toolkit.fluxcd.io/force: "Enabled"
spec:
  schedule: "0 6 * * *"
  concurrencyPolicy: "Forbid"
  jobTemplate:
    spec:
      template:
        metadata:
          labels: *labels
        spec:
          automountServiceAccountToken: false
          enableServiceLinks: false
          restartPolicy: "OnFailure"
          securityContext:
            runAsUser: &uid 26 # Postgres UID for Crunchy
            runAsGroup: *uid
            fsGroup: *uid
          volumes:
            - name: &pvc "nas-backups"
              persistentVolumeClaim:
                claimName: "pg-${PG_APP_NAME}-${PG_DB_NAME}-dump-local"
          containers:
            - name: "postgres-backup"
              image: "docker.io/prodrigestivill/postgres-backup-local:16@sha256:73f18e914cb6ffb29840b3fc5be0763f48eb1ca05f093c769ccd13982a634544"
              imagePullPolicy: "IfNotPresent"
              command: ["/backup.sh"]
              volumeMounts:
                - name: *pvc
                  subPath: "${PG_APP_NAME}"
                  mountPath: /backups
                  readOnly: false
              env:
                # don't use pg_dumpall because this template assumes 1 cluster and 1 DB by default
                - name: "POSTGRES_CLUSTER"
                  value: !!str "${PG_DUMPALL:='FALSE'}"
                - name: "POSTGRES_DB"
                  value: "${PG_DB_NAME:=postgres}"
                # DROP backed_up_databases IF EXISTS
                - name: "POSTGRES_EXTRA_OPTS"
                  value: "--clean --if-exists"
                # use pgBouncer service by default to handle connection loadbalancing and failover
                # use primary service using Flux envsubst in case replicas are not ready, pgBouncer won't work with dumpall
                - name: "POSTGRES_HOST"
                  value: "pg-${PG_APP_NAME}-${PG_DUMP_FROM:=pgbouncer}.${PG_APP_NS}.svc.cluster.local"
                  #value: "pg-${PG_APP_NAME}-replicas.${PG_APP_NS}.svc.cluster.local"
                  #valueFrom:
                  #  secretKeyRef:
                  #    name: &pguser "pg-${PG_APP_NAME}-pguser-${PG_DB_USER}"
                  #    key: "host"
                # use pguser app credentials
                - name: "POSTGRES_USER"
                  valueFrom:
                    secretKeyRef:
                      name: &pguser "pg-${PG_APP_NAME}-pguser-${PG_DB_USER}"
                      key: "user"
                - name: "POSTGRES_PASSWORD"
                  valueFrom:
                    secretKeyRef:
                      name: *pguser
                      key: "password"
              resources:
                limits:
                  cpu: 1000m
                  memory: ${PG_DUMP_LOCAL_MEM:=1Gi}
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: &name "pg-${PG_APP_NAME}-${PG_DB_NAME}-dump-local"
  labels:
    kustomize.toolkit.fluxcd.io/force: "Enabled"
spec:
  storageClassName: *name
  capacity:
    storage: 1Mi
  accessModes: [ReadWriteMany]
  persistentVolumeReclaimPolicy: Retain
  nfs:
    server: "${IP_TRUENAS}"
    path: "${PATH_NAS_BACKUPS_K8S}/pg-dump"
  mountOptions: ["nfsvers=4", "tcp", "hard", "noatime", "nodiratime", "nocto"]
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: &name "pg-${PG_APP_NAME}-${PG_DB_NAME}-dump-local"
  namespace: "${PG_APP_NS}"
  labels:
    kustomize.toolkit.fluxcd.io/force: "Enabled"
spec:
  accessModes: [ReadWriteMany]
  storageClassName: *name
  resources:
    requests:
      storage: 1Mi