{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

   http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}

{{- if .Values.manifests.cron_job_postgresql_backup }}
{{- $envAll := . }}

{{- $serviceAccountName := "postgresql-backup" }}
{{ tuple $envAll "postgresql_backup" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1
kind: CronJob
metadata:
  name: postgresql-backup
  annotations:
    {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
  labels:
{{ tuple $envAll "postgresql-backup" "backup" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
  schedule: {{ .Values.jobs.postgresql_backup.cron | quote }}
  successfulJobsHistoryLimit: {{ .Values.jobs.postgresql_backup.history.success }}
  failedJobsHistoryLimit: {{ .Values.jobs.postgresql_backup.history.failed }}
  concurrencyPolicy: Forbid
  jobTemplate:
    metadata:
      labels:
{{ tuple $envAll "postgresql-backup" "backup" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
      annotations:
{{ dict "envAll" $envAll "podName" "postgresql-backup" "containerNames" (list "init" "backup-perms" "postgresql-backup") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
    spec:
{{- if .Values.jobs.postgresql_backup.backoffLimit }}
      backoffLimit: {{ .Values.jobs.postgresql_backup.backoffLimit }}
{{- end }}
{{- if .Values.jobs.postgresql_backup.activeDeadlineSeconds }}
      activeDeadlineSeconds: {{ .Values.jobs.postgresql_backup.activeDeadlineSeconds }}
{{- end }}
      template:
        metadata:
          labels:
{{ tuple $envAll "postgresql-backup" "backup" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 12 }}
        spec:
{{ dict "envAll" $envAll "application" "postgresql_backup" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 10 }}
          serviceAccountName: {{ $serviceAccountName }}
          restartPolicy: OnFailure
{{- if $envAll.Values.pod.affinity }}
{{- if $envAll.Values.pod.affinity.postgresql_backup }}
          affinity:
{{  index $envAll.Values.pod.affinity "postgresql_backup"  | toYaml | indent 12}}
{{- end }}
{{- end }}
          nodeSelector:
            {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
          initContainers:
{{ tuple $envAll "postgresql_backup" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 12 }}
            - name: backup-perms
{{ tuple $envAll "postgresql_backup" | include "helm-toolkit.snippets.image" | indent 14 }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.postgresql_backup | include "helm-toolkit.snippets.kubernetes_resources" | indent 14 }}
{{ dict "envAll" $envAll "application" "postgresql_backup" "container" "backup_perms" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 14 }}
              command:
                - chown
                - -R
                - "65534:65534"
                - $(POSTGRESQL_BACKUP_BASE_DIR)
              env:
                - name: POSTGRESQL_BACKUP_BASE_DIR
                  value: {{ .Values.conf.backup.base_path }}
              volumeMounts:
                - mountPath: /tmp
                  name: pod-tmp
                - mountPath: {{ .Values.conf.backup.base_path }}
                  name: postgresql-backup-dir
          containers:
            - name: postgresql-backup
{{ tuple $envAll "postgresql_backup" | include "helm-toolkit.snippets.image" | indent 14 }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.postgresql_backup | include "helm-toolkit.snippets.kubernetes_resources" | indent 14 }}
{{ dict "envAll" $envAll "application" "postgresql_backup" "container" "postgresql_backup" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 14 }}
              command:
                - /tmp/backup_postgresql.sh
              env:
                - name: POSTGRESQL_ADMIN_PASSWORD
                  valueFrom:
                    secretKeyRef:
                      key: POSTGRES_PASSWORD
                      name: postgresql-admin
                - name: POSTGRESQL_ADMIN_USER
                  valueFrom:
                    secretKeyRef:
                      key: POSTGRES_USER
                      name: postgresql-admin
                - name: POSTGRESQL_BACKUP_BASE_DIR
                  value: {{ .Values.conf.backup.base_path }}
                - name: POSTGRESQL_BACKUP_PG_DUMPALL_OPTIONS
                  value: {{ .Values.conf.backup.pg_dumpall_options }}
                - name: POSTGRESQL_LOCAL_BACKUP_DAYS_TO_KEEP
                  value: "{{ .Values.conf.backup.days_to_keep }}"
                - name: POSTGRESQL_POD_NAMESPACE
                  valueFrom:
                    fieldRef:
                      fieldPath: metadata.namespace
                - name: REMOTE_BACKUP_ENABLED
                  value: "{{ .Values.conf.backup.remote_backup.enabled }}"
{{- if .Values.conf.backup.remote_backup.enabled }}
                - name: POSTGRESQL_REMOTE_BACKUP_DAYS_TO_KEEP
                  value: "{{ .Values.conf.backup.remote_backup.days_to_keep }}"
                - name: CONTAINER_NAME
                  value: "{{ .Values.conf.backup.remote_backup.container_name }}"
                - name: STORAGE_POLICY
                  value: "{{ .Values.conf.backup.remote_backup.storage_policy }}"
                - name: NUMBER_OF_RETRIES_SEND_BACKUP_TO_REMOTE
                  value: {{ .Values.conf.backup.remote_backup.number_of_retries | quote }}
                - name: MIN_DELAY_SEND_BACKUP_TO_REMOTE
                  value: {{ .Values.conf.backup.remote_backup.delay_range.min | quote }}
                - name: MAX_DELAY_SEND_BACKUP_TO_REMOTE
                  value: {{ .Values.conf.backup.remote_backup.delay_range.max | quote }}
                - name: THROTTLE_BACKUPS_ENABLED
                  value: "{{ .Values.conf.backup.remote_backup.throttle_backups.enabled }}"
                - name: THROTTLE_LIMIT
                  value: {{ .Values.conf.backup.remote_backup.throttle_backups.sessions_limit | quote }}
                - name: THROTTLE_LOCK_EXPIRE_AFTER
                  value: {{ .Values.conf.backup.remote_backup.throttle_backups.lock_expire_after | quote }}
                - name: THROTTLE_RETRY_AFTER
                  value: {{ .Values.conf.backup.remote_backup.throttle_backups.retry_after | quote }}
                - name: THROTTLE_CONTAINER_NAME
                  value: {{ .Values.conf.backup.remote_backup.throttle_backups.container_name | quote }}
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.postgresql }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 16 }}
{{- end }}
{{- end }}
              volumeMounts:
                - name: pod-tmp
                  mountPath: /tmp
                - mountPath: /tmp/backup_postgresql.sh
                  name: postgresql-bin
                  readOnly: true
                  subPath: backup_postgresql.sh
                - mountPath: /tmp/backup_main.sh
                  name: postgresql-bin
                  readOnly: true
                  subPath: backup_main.sh
                - mountPath: {{ .Values.conf.backup.base_path }}
                  name: postgresql-backup-dir
                - name: postgresql-secrets
                  mountPath: /etc/postgresql/admin_user.conf
                  subPath: admin_user.conf
                  readOnly: true
          volumes:
            - name: pod-tmp
              emptyDir: {}
            - name: postgresql-secrets
              secret:
                secretName: postgresql-secrets
                defaultMode: 292
            - name: postgresql-bin
              secret:
                secretName: postgresql-bin
                defaultMode: 365
            {{- if and .Values.volume.backup.enabled  .Values.manifests.pvc_backup }}
            - name: postgresql-backup-dir
              persistentVolumeClaim:
                claimName: postgresql-backup-data
            {{- else }}
            - hostPath:
                path: {{ .Values.conf.backup.base_path }}
                type: DirectoryOrCreate
              name: postgresql-backup-dir
            {{- end }}
{{- end }}