oadp/manifests/stateful-backups.yaml

---
# Schedule 2: Daily stateful backup (with volume data)
apiVersion: velero.io/v1
kind: Schedule
metadata:
  name: daily-stateful
  namespace: openshift-adp
spec:
  schedule: "0 03 * * *" # 3 AM daily (after config backup)

  nameTemplate: "{{ .ScheduleName }}-{{ .Timestamp }}"

  template:
    # Only namespaces with persistent data
    includedNamespaces:
      - gitea
      - authentik
      - calibre
      - cassandra
      - n8n
      - apim
      - gitea-ci

    #labels:
    #  backup-type: stateful
    #  schedule: daily
    #  retention: short

    # Exclude ephemeral resources
    excludedResources:
      - events
      - events.events.k8s.io
      - pipelineruns.tekton.dev
      - taskruns.tekton.dev
      - replicasets.apps
      - pods

    # Use Kopia for volume backups
    snapshotVolumes: false
    defaultVolumesToFsBackup: true

    # 14 days retention
    ttl: 336h

    # Pre-backup hooks for data consistency
    hooks:
      resources:
        # Cassandra: flush memtables to disk before backup
        - name: cassandra-flush
          includedNamespaces:
            - cassandra
          labelSelector:
            matchLabels:
              app.kubernetes.io/name: cassandra
          pre:
            - exec:
                container: cassandra
                command:
                  - /bin/bash
                  - -c
                  - nodetool flush
                timeout: 5m
                onError: Continue

        # Gitea PostgreSQL: checkpoint before backup
        - name: gitea-postgres-checkpoint
          includedNamespaces:
            - gitea
          labelSelector:
            matchLabels:
              app.kubernetes.io/name: postgresql
              app.kubernetes.io/instance: gitea
          pre:
            - exec:
                container: postgresql
                command:
                  - /bin/bash
                  - -c
                  - psql -U postgres -c 'CHECKPOINT;'
                timeout: 2m
                onError: Continue

        # Authentik PostgreSQL: checkpoint before backup
        - name: authentik-postgres-checkpoint
          includedNamespaces:
            - authentik
          labelSelector:
            matchLabels:
              app.kubernetes.io/name: postgresql
              app.kubernetes.io/instance: authentik
          pre:
            - exec:
                container: postgresql
                command:
                  - /bin/bash
                  - -c
                  - psql -U postgres -c 'CHECKPOINT;'
                timeout: 2m
                onError: Continue