{{- if .Values.clusterBackup.enabled }}
apiVersion: batch/v1
kind: CronJob
metadata:
  name: kubezero-backup
  namespace: kube-system
spec:
  schedule: "0 * * * *"
  concurrencyPolicy: "Replace"
  jobTemplate:
    spec:
      backoffLimit: 1
      activeDeadlineSeconds: 300
      ttlSecondsAfterFinished: 3600
      template:
        spec:
          containers:
          - name: kubezero-admin
            image: "{{ .Values.clusterBackup.image.name }}:{{ default .Chart.AppVersion .Values.clusterBackup.image.tag }}"
            imagePullPolicy: Always
            command: ["kubezero.sh"]
            args:
            - backup
            volumeMounts:
            - name: host
              mountPath: /host
            - name: workdir
              mountPath: /tmp
            env: 
            - name: DEBUG
              value: ""
            - name: RESTIC_REPOSITORY
              valueFrom: 
                secretKeyRef: 
                  name: kubezero-backup-restic
                  key: repository
            - name: RESTIC_PASSWORD
              valueFrom: 
                secretKeyRef: 
                  name: kubezero-backup-restic
                  key: password 
            {{- with .Values.clusterBackup.extraEnv }}
              {{- toYaml . | nindent 12 }}
            {{- end }}
            #securityContext:
            # readOnlyRootFilesystem: true
          hostNetwork: true
          volumes:
          - name: host
            hostPath:
              path: /
              type: Directory
          - name: workdir
            emptyDir: {}
          nodeSelector:
            node-role.kubernetes.io/control-plane: ""
          tolerations:
          - key: node-role.kubernetes.io/master
            effect: NoSchedule
          - key: node-role.kubernetes.io/control-plane
            effect: NoSchedule
          restartPolicy: Never
{{- end }}