From e463281205560f6779c08db9a70e34bf5f4763af Mon Sep 17 00:00:00 2001
From: Viktor Barzin <viktorbarzin@meta.com>
Date: Mon, 23 Mar 2026 02:24:34 +0200
Subject: [PATCH] optimize backup schedules: compress dumps, stagger to weekly,
 extend retention
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- dbaas: gzip MySQL/PostgreSQL dumps, stagger to 0:30, clean old uncompressed
- infra-maintenance: etcd backup daily→weekly Sunday 1am
- redis: backup hourly→weekly Sunday 3am, retention 7→28 days
- vault: raft backup daily→weekly Sunday 2am
---
 stacks/dbaas/modules/dbaas/main.tf               | 16 +++++++++-------
 .../modules/infra-maintenance/main.tf            |  2 +-
 stacks/redis/modules/redis/main.tf               |  4 ++--
 stacks/vault/main.tf                             |  2 +-
 4 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/stacks/dbaas/modules/dbaas/main.tf b/stacks/dbaas/modules/dbaas/main.tf
index 69c1793e..44abb784 100644
--- a/stacks/dbaas/modules/dbaas/main.tf
+++ b/stacks/dbaas/modules/dbaas/main.tf
@@ -314,7 +314,7 @@ resource "kubernetes_cron_job_v1" "mysql-backup" {
   spec {
     concurrency_policy        = "Replace"
     failed_jobs_history_limit = 5
-    schedule                  = "0 0 * * *"
+    schedule                  = "30 0 * * *"
     # schedule                      = "* * * * *"
     starting_deadline_seconds     = 10
     successful_jobs_history_limit = 10
@@ -341,11 +341,12 @@ resource "kubernetes_cron_job_v1" "mysql-backup" {
               command = ["/bin/bash", "-c", <<-EOT
                 set -euxo pipefail
                 export now=$(date +"%Y_%m_%d_%H_%M")
-                mysqldump --all-databases -u root --host mysql.dbaas.svc.cluster.local > /backup/dump_$now.sql
+                mysqldump --all-databases -u root --host mysql.dbaas.svc.cluster.local | gzip -9 > /backup/dump_$now.sql.gz
 
-                # Rotate - delete last log file
+                # Rotate — 14 day retention
                 cd /backup
-                find . -name "dump_*.sql" -type f -mtime +14 -delete # 14 day retention of backups
+                find . -name "dump_*.sql.gz" -type f -mtime +14 -delete
+                find . -name "dump_*.sql" -type f -mtime +14 -delete  # clean up old uncompressed
                 echo Done
               EOT
               ]
@@ -1077,11 +1078,12 @@ resource "kubernetes_cron_job_v1" "postgresql-backup" {
               command = ["/bin/bash", "-c", <<-EOT
                 set -euxo pipefail
                 export now=$(date +"%Y_%m_%d_%H_%M")
-                PGPASSWORD=$PGPASSWORD pg_dumpall -h postgresql.dbaas -U postgres > /backup/dump_$now.sql
+                PGPASSWORD=$PGPASSWORD pg_dumpall -h postgresql.dbaas -U postgres | gzip -9 > /backup/dump_$now.sql.gz
 
-                # Rotate - delete last log file
+                # Rotate — 14 day retention
                 cd /backup
-                find . -name "dump_*.sql" -type f -mtime +14 -delete # 14 day retention of backups
+                find . -name "dump_*.sql.gz" -type f -mtime +14 -delete
+                find . -name "dump_*.sql" -type f -mtime +14 -delete  # clean up old uncompressed
                 echo Done
               EOT
               ]
diff --git a/stacks/infra-maintenance/modules/infra-maintenance/main.tf b/stacks/infra-maintenance/modules/infra-maintenance/main.tf
index d69a8f14..edaa912d 100644
--- a/stacks/infra-maintenance/modules/infra-maintenance/main.tf
+++ b/stacks/infra-maintenance/modules/infra-maintenance/main.tf
@@ -81,7 +81,7 @@ resource "kubernetes_cron_job_v1" "backup-etcd" {
     namespace = "default"
   }
   spec {
-    schedule                      = "0 0 * * *"
+    schedule                      = "0 1 * * 0"
     successful_jobs_history_limit = 1
     failed_jobs_history_limit     = 1
     concurrency_policy            = "Forbid"
diff --git a/stacks/redis/modules/redis/main.tf b/stacks/redis/modules/redis/main.tf
index 1a89deea..cfb508d7 100644
--- a/stacks/redis/modules/redis/main.tf
+++ b/stacks/redis/modules/redis/main.tf
@@ -267,7 +267,7 @@ resource "kubernetes_cron_job_v1" "redis-backup" {
   spec {
     concurrency_policy            = "Replace"
     failed_jobs_history_limit     = 3
-    schedule                      = "0 * * * *"
+    schedule                      = "0 3 * * 0"
     starting_deadline_seconds     = 10
     successful_jobs_history_limit = 3
     job_template {
@@ -290,7 +290,7 @@ resource "kubernetes_cron_job_v1" "redis-backup" {
                 # Copy the RDB via redis-cli --rdb
                 redis-cli -h redis.redis --rdb /backup/redis-$TIMESTAMP.rdb
                 # Rotate — 7-day retention
-                find /backup -name 'redis-*.rdb' -type f -mtime +7 -delete
+                find /backup -name 'redis-*.rdb' -type f -mtime +28 -delete
                 echo "Backup complete: redis-$TIMESTAMP.rdb"
               EOT
               ]
diff --git a/stacks/vault/main.tf b/stacks/vault/main.tf
index 3f893643..dcfe5ffd 100644
--- a/stacks/vault/main.tf
+++ b/stacks/vault/main.tf
@@ -249,7 +249,7 @@ resource "kubernetes_cron_job_v1" "vault_backup" {
     namespace = kubernetes_namespace.vault.metadata[0].name
   }
   spec {
-    schedule                      = "0 2 * * *"
+    schedule                      = "0 2 * * 0"
     successful_jobs_history_limit = 3
     failed_jobs_history_limit     = 3
     concurrency_policy            = "Forbid"