Taskfile.yml

version: '3'

vars:
  KUBECONFIG: ./infra/terraform/kubeconfig.yaml
  TERRAFORM_DIR: ./infra/terraform
  K8S_DIR: ./infra/k8s
  APPS_DIR: ./apps

tasks:
  default:
    desc: List all available tasks
    cmds:
      - task --list

  # Local k3d + Tilt development tasks
  local:setup:
    desc: Create k3d cluster for local development
    cmds:
      - ./scripts/k3d-setup.sh

  local:start:
    desc: Start Tilt for local development
    cmds:
      - tilt up

  local:down:
    desc: Stop Tilt (keeps cluster running)
    cmds:
      - tilt down

  local:teardown:
    desc: Delete k3d cluster
    cmds:
      - k3d cluster delete roussev-local

  local:status:
    desc: Check status of local k3d cluster
    cmds:
      - k3d cluster list
      - echo ""
      - kubectl get nodes
      - echo ""
      - kubectl get pods

  local:logs:
    desc: View Tilt logs
    cmds:
      - tilt logs

  dev:items-service:
    desc: Run items-service locally with PostgreSQL connection (requires port-forward)
    dir: apps/items-service
    cmds:
      - |
        echo "Make sure PostgreSQL is port-forwarded: task postgres:port-forward"
        echo "Loading credentials from .env..."
        set -a
        source ../../.env
        set +a
        export DB_HOST=localhost
        export DB_PORT=5432
        export DB_USER=$POSTGRES_USER
        export DB_PASSWORD=$POSTGRES_PASSWORD
        export DB_NAME=$POSTGRES_DB
        bun install && bun run dev

  dev:website-app:
    desc: Run website-app in development mode with hot reload
    dir: apps/website-app
    cmds:
      - bun install && bun run dev

  dev:observability-app:
    dir: apps/observability-app
    cmds:
      - http-server

  dev:semcache-service:
    desc: Run semcache-service locally with Air + K8s PostgreSQL (auto port-forwards)
    dir: apps/semcache-service
    cmds:
      - |
        echo "Starting semcache-service with Air hot reload + K8s PostgreSQL..."

        # Check if port-forward is already running
        if lsof -Pi :5432 -sTCP:LISTEN -t >/dev/null 2>&1; then
          echo "✅ PostgreSQL port-forward already running on localhost:5432"
        else
          echo "🔌 Starting PostgreSQL port-forward in background..."
          kubectl port-forward svc/postgres 5432:5432 > /dev/null 2>&1 &
          PF_PID=$!
          echo "   Port-forward PID: $PF_PID"
          sleep 2

          # Verify port-forward is working
          if ! lsof -Pi :5432 -sTCP:LISTEN -t >/dev/null 2>&1; then
            echo "❌ Failed to start port-forward"
            exit 1
          fi
          echo "✅ Port-forward established"
        fi

        echo ""
        if ! command -v air &> /dev/null; then
          echo "Installing Air..."
          go install github.com/air-verse/air@latest
        fi

        set -a
        source ../../.env
        set +a
        export PORT=8090
        export DB_HOST=localhost
        export DB_PORT=5432
        export DB_USER=$POSTGRES_USER
        export DB_PASSWORD=$POSTGRES_PASSWORD
        export DB_NAME=$POSTGRES_DB
        export DB_SSLMODE=disable
        export OTEL_ENABLED=true

        echo "🚀 Starting Air hot reload on port 8090..."
        air -c .air.toml

  dev:pdf-analyzer-service:
    desc: Run pdf-analyzer-service in development mode with hot reload
    dir: apps/pdf-analyzer-service
    cmds:
      - pnpm install && PORT=8091 pnpm dev

  # Docker tasks
  docker:build:items-service:
    desc: Build Docker image for items-service
    cmds:
      - docker build -t items-service:local ./apps/items-service

  docker:build:website-app:
    desc: Build Docker image for website-app
    cmds:
      - docker build -t website-app:local ./apps/website-app

  docker:build:semcache-service:
    desc: Build Docker image for semcache-service
    cmds:
      - docker build -t semcache-service:local ./apps/semcache-service

  docker:build:pdf-analyzer-service:
    desc: Build Docker image for pdf-analyzer-service
    cmds:
      - docker build -t pdf-analyzer-service:local ./apps/pdf-analyzer-service

  docker:build:all:
    desc: Build Docker images for all apps
    cmds:
      - task: docker:build:items-service
      - task: docker:build:website-app
      - task: docker:build:semcache-service
      - task: docker:build:pdf-analyzer-service

  docker:run:items-service:
    desc: Run items-service Docker container locally
    cmds:
      - docker run --rm -p 8080:8080 items-service:local

  docker:run:website-app:
    desc: Run website-app Docker container locally
    cmds:
      - docker run --rm -p 8080:8080 website-app:local

  docker:run:semcache-service:
    desc: Run semcache-service Docker container locally
    cmds:
      - docker run --rm -p 8080:8080 semcache-service:local

  docker:run:pdf-analyzer-service:
    desc: Run pdf-analyzer-service Docker container locally
    cmds:
      - docker run --rm -p 8080:8080 pdf-analyzer-service:local

  # Terraform tasks
  tf:init:
    desc: Initialize Terraform
    dir: "{{.TERRAFORM_DIR}}"
    cmds:
      - terraform init

  tf:plan:
    desc: Run Terraform plan
    dir: "{{.TERRAFORM_DIR}}"
    cmds:
      - terraform plan

  tf:apply:
    desc: Apply Terraform configuration
    dir: "{{.TERRAFORM_DIR}}"
    cmds:
      - terraform apply

  tf:destroy:
    desc: Destroy Terraform infrastructure
    dir: "{{.TERRAFORM_DIR}}"
    cmds:
      - terraform destroy

  tf:output:
    desc: Show Terraform outputs
    dir: "{{.TERRAFORM_DIR}}"
    cmds:
      - terraform output

  tf:get-ip:
    desc: Get server IP from Terraform
    dir: "{{.TERRAFORM_DIR}}"
    cmds:
      - terraform output -raw server_ip

  # Kubernetes tasks
  k8s:config:
    desc: Set KUBECONFIG environment variable
    cmds:
      - echo "export KUBECONFIG={{.KUBECONFIG}}"

  k8s:status:
    desc: Check status of production Kubernetes cluster
    cmds:
      - echo "=================================================="
      - echo "🔍 Kubernetes Cluster Status"
      - echo "=================================================="
      - echo ""
      - echo "📦 Pods:"
      - kubectl --kubeconfig={{.KUBECONFIG}} get pods -o wide
      - echo ""
      - echo "💾 Resource Usage:"
      - kubectl --kubeconfig={{.KUBECONFIG}} top pods 2>/dev/null || echo "Metrics not available"
      - echo ""
      - echo "🌐 Services:"
      - kubectl --kubeconfig={{.KUBECONFIG}} get services
      - echo ""
      - echo "🔗 Ingress:"
      - kubectl --kubeconfig={{.KUBECONFIG}} get ingress
      - echo ""
      - echo "🖥️  Node Status:"
      - kubectl --kubeconfig={{.KUBECONFIG}} get nodes
      - echo ""
      - kubectl --kubeconfig={{.KUBECONFIG}} top node 2>/dev/null || echo "Node metrics not available"
      - echo ""
      - echo "📊 Deployments:"
      - kubectl --kubeconfig={{.KUBECONFIG}} get deployments
      - echo ""

  k8s:get-pods:
    desc: Get all pods
    cmds:
      - kubectl --kubeconfig={{.KUBECONFIG}} get pods

  k8s:get-services:
    desc: Get all services
    cmds:
      - kubectl --kubeconfig={{.KUBECONFIG}} get services

  k8s:get-ingress:
    desc: Get all ingress resources
    cmds:
      - kubectl --kubeconfig={{.KUBECONFIG}} get ingress

  k8s:get-all:
    desc: Get all Kubernetes resources
    cmds:
      - kubectl --kubeconfig={{.KUBECONFIG}} get all

  k8s:logs:items-service:
    desc: Get logs from items-service
    cmds:
      - kubectl --kubeconfig={{.KUBECONFIG}} logs -l app=items-service --tail=100 -f

  k8s:logs:website-app:
    desc: Get logs from website-app
    cmds:
      - kubectl --kubeconfig={{.KUBECONFIG}} logs -l app=website-app --tail=100 -f

  k8s:logs:semcache-service:
    desc: Get logs from semcache-service
    cmds:
      - kubectl --kubeconfig={{.KUBECONFIG}} logs -l app=semcache-service --tail=100 -f

  k8s:logs:pdf-analyzer-service:
    desc: Get logs from pdf-analyzer-service
    cmds:
      - kubectl --kubeconfig={{.KUBECONFIG}} logs -l app=pdf-analyzer-service --tail=100 -f

  k8s:describe:items-service:
    desc: Describe items-service deployment
    cmds:
      - kubectl --kubeconfig={{.KUBECONFIG}} describe deployment items-service

  k8s:describe:website-app:
    desc: Describe website-app deployment
    cmds:
      - kubectl --kubeconfig={{.KUBECONFIG}} describe deployment website-app

  k8s:describe:semcache-service:
    desc: Describe semcache-service deployment
    cmds:
      - kubectl --kubeconfig={{.KUBECONFIG}} describe deployment semcache-service

  k8s:describe:pdf-analyzer-service:
    desc: Describe pdf-analyzer-service deployment
    cmds:
      - kubectl --kubeconfig={{.KUBECONFIG}} describe deployment pdf-analyzer-service

  # Deployment tasks
  deploy:items-service:
    desc: Deploy items-service to Kubernetes
    cmds:
      - kubectl --kubeconfig={{.KUBECONFIG}} apply -f {{.K8S_DIR}}/apps/items-service-deployment.yaml
      - echo "✅ items-service deployed"
      - echo "Waiting for rollout to complete..."
      - kubectl --kubeconfig={{.KUBECONFIG}} rollout status deployment/items-service --timeout=120s

  deploy:website-app:
    desc: Deploy website-app to Kubernetes
    cmds:
      - kubectl --kubeconfig={{.KUBECONFIG}} apply -f {{.K8S_DIR}}/apps/website-app-deployment.yaml

  deploy:semcache-service:
    desc: Deploy semcache-service to Kubernetes
    cmds:
      - kubectl --kubeconfig={{.KUBECONFIG}} apply -f {{.K8S_DIR}}/apps/semcache-service-deployment.yaml
      - echo "✅ semcache-service deployed"
      - echo "Waiting for rollout to complete..."
      - kubectl --kubeconfig={{.KUBECONFIG}} rollout status deployment/semcache-service --timeout=120s

  deploy:pdf-analyzer-service:
    desc: Deploy pdf-analyzer-service to Kubernetes
    cmds:
      - kubectl --kubeconfig={{.KUBECONFIG}} apply -f {{.K8S_DIR}}/apps/pdf-analyzer-service-deployment.yaml
      - echo "✅ pdf-analyzer-service deployed"
      - echo "Waiting for rollout to complete..."
      - kubectl --kubeconfig={{.KUBECONFIG}} rollout status deployment/pdf-analyzer-service --timeout=120s

  deploy:headlamp-readonly:
    desc: Deploy Headlamp Kubernetes Dashboard (Read-Only Public)
    cmds:
      - kubectl --kubeconfig={{.KUBECONFIG}} apply -f {{.K8S_DIR}}/apps/headlamp-readonly-deployment.yaml
      - echo "✅ Headlamp Read-Only deployed"
      - echo "Waiting for rollout to complete..."
      - kubectl --kubeconfig={{.KUBECONFIG}} rollout status deployment/headlamp-readonly -n kube-system --timeout=120s

  deploy:all:
    desc: Deploy all apps to Kubernetes
    cmds:
      - task: deploy:items-service
      - task: deploy:website-app
      - task: deploy:semcache-service
      - task: deploy:pdf-analyzer-service
      - task: deploy:headlamp-readonly

  deploy:items-service:with-postgres:
    desc: Deploy PostgreSQL and items-service together
    cmds:
      - task: deploy:postgres
      - echo "Waiting for PostgreSQL to be ready before deploying items-service..."
      - sleep 5
      - task: deploy:items-service
      - echo "✅ PostgreSQL and items-service deployed successfully!"

  deploy:cert-manager:
    desc: Deploy cert-manager
    cmds:
      - kubectl --kubeconfig={{.KUBECONFIG}} apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.3/cert-manager.yaml

  deploy:cluster-issuer:
    desc: Deploy Let's Encrypt cluster issuer
    cmds:
      - kubectl --kubeconfig={{.KUBECONFIG}} apply -f {{.K8S_DIR}}/cert-manager/cluster-issuer.yaml

  deploy:jaeger:
    desc: Deploy Jaeger for distributed tracing
    cmds:
      - kubectl --kubeconfig={{.KUBECONFIG}} apply -f {{.K8S_DIR}}/observability/jaeger-deployment.yaml
      - echo "Jaeger deployed"
      - echo "Waiting for rollout to complete..."
      - kubectl --kubeconfig={{.KUBECONFIG}} rollout status deployment/jaeger --timeout=120s
      - echo ""
      - echo "Jaeger UI available at https://app.roussev.com/jaeger"

  deploy:prometheus:
    desc: Deploy Prometheus for metrics collection
    cmds:
      - kubectl --kubeconfig={{.KUBECONFIG}} apply -f {{.K8S_DIR}}/observability/prometheus-deployment.yaml
      - echo "Prometheus deployed"
      - echo "Waiting for rollout to complete..."
      - kubectl --kubeconfig={{.KUBECONFIG}} rollout status deployment/prometheus --timeout=120s
      - echo ""
      - echo "Prometheus UI available at https://app.roussev.com/prometheus"

  deploy:grafana:
    desc: Deploy Grafana for metrics visualization
    cmds:
      - kubectl --kubeconfig={{.KUBECONFIG}} apply -f {{.K8S_DIR}}/observability/grafana-deployment.yaml
      - echo "Grafana deployed"
      - echo "Waiting for rollout to complete..."
      - kubectl --kubeconfig={{.KUBECONFIG}} rollout status deployment/grafana --timeout=120s
      - echo ""
      - echo "Grafana UI available at https://app.roussev.com/grafana"
      - echo "Public viewing enabled (Viewer role)"
      - echo "Admin login - admin/admin"

  deploy:loki:
    desc: Deploy Loki for log aggregation
    cmds:
      - kubectl --kubeconfig={{.KUBECONFIG}} apply -f {{.K8S_DIR}}/observability/loki-deployment.yaml
      - echo "Loki deployed"
      - echo "Waiting for rollout to complete..."
      - kubectl --kubeconfig={{.KUBECONFIG}} rollout status deployment/loki --timeout=120s
      - echo ""
      - echo "Loki API available at https://app.roussev.com/loki"

  deploy:promtail:
    desc: Deploy Promtail for log collection
    cmds:
      - kubectl --kubeconfig={{.KUBECONFIG}} apply -f {{.K8S_DIR}}/observability/promtail-deployment.yaml
      - echo "Promtail deployed"
      - echo "Waiting for rollout to complete..."
      - kubectl --kubeconfig={{.KUBECONFIG}} rollout status daemonset/promtail --timeout=120s
      - echo ""
      - echo "Promtail collecting logs from all pods"

  deploy:observability:
    desc: Deploy full observability stack (Jaeger, Prometheus, Loki, Grafana)
    cmds:
      - task: deploy:jaeger
      - task: deploy:prometheus
      - task: deploy:loki
      - task: deploy:promtail
      - task: deploy:grafana

  # Rollout tasks
  rollout:restart:items-service:
    desc: Restart items-service deployment
    cmds:
      - kubectl --kubeconfig={{.KUBECONFIG}} rollout restart deployment/items-service

  rollout:restart:website-app:
    desc: Restart website-app deployment
    cmds:
      - kubectl --kubeconfig={{.KUBECONFIG}} rollout restart deployment/website-app

  rollout:restart:semcache-service:
    desc: Restart semcache-service deployment
    cmds:
      - kubectl --kubeconfig={{.KUBECONFIG}} rollout restart deployment/semcache-service

  rollout:restart:pdf-analyzer-service:
    desc: Restart pdf-analyzer-service deployment
    cmds:
      - kubectl --kubeconfig={{.KUBECONFIG}} rollout restart deployment/pdf-analyzer-service

  rollout:status:items-service:
    desc: Check rollout status for items-service
    cmds:
      - kubectl --kubeconfig={{.KUBECONFIG}} rollout status deployment/items-service

  rollout:status:website-app:
    desc: Check rollout status for website-app
    cmds:
      - kubectl --kubeconfig={{.KUBECONFIG}} rollout status deployment/website-app

  rollout:status:semcache-service:
    desc: Check rollout status for semcache-service
    cmds:
      - kubectl --kubeconfig={{.KUBECONFIG}} rollout status deployment/semcache-service

  rollout:status:pdf-analyzer-service:
    desc: Check rollout status for pdf-analyzer-service
    cmds:
      - kubectl --kubeconfig={{.KUBECONFIG}} rollout status deployment/pdf-analyzer-service

  # DNS and networking tasks
  dns:clear-cache:
    desc: Clear DNS cache (macOS)
    cmds:
      - ./scripts/clear-dns-cache.sh

  dns:check:
    desc: Check DNS resolution for roussev.com
    cmds:
      - dig @8.8.8.8 roussev.com A +short
      - dig @1.1.1.1 roussev.com A +short
      - dig roussev.com A +short

  # Health check tasks
  health:items-service:
    desc: Check health of items-service
    cmds:
      - curl -s https://app.roussev.com/items/v1/health | jq

  health:website-app:
    desc: Check health of website-app
    cmds:
      - curl -s https://roussev.com/health | jq

  health:semcache-service:
    desc: Check health of semcache-service
    cmds:
      - curl -s https://app.roussev.com/semcache/v1/health | jq

  health:pdf-analyzer-service:
    desc: Check health of pdf-analyzer-service
    cmds:
      - curl -s https://app.roussev.com/pdf-analyzer/v1/health | jq

  clean:docker:
    desc: Clean Docker images
    cmds:
      - docker rmi items-service:local website-app:local semcache-service:local pdf-analyzer-service:local || true

  # Port forwarding tasks
#  port-forward:items-service:
#    desc: Port forward to items-service pod
#    cmds:
#      - kubectl --kubeconfig={{.KUBECONFIG}} port-forward svc/items-service 8080:80

#  port-forward:website-app:
#    desc: Port forward to website-app pod
#    cmds:
#      - kubectl --kubeconfig={{.KUBECONFIG}} port-forward svc/website-app 8080:80

#  port-forward:semcache-service:
#    desc: Port forward to semcache-service pod
#    cmds:
#      - kubectl --kubeconfig={{.KUBECONFIG}} port-forward svc/semcache-service 8080:80

  # SSH tasks
  ssh:
    desc: SSH into the K3s server
    dir: "{{.TERRAFORM_DIR}}"
    cmds:
      - ssh -i ssh_key.pem -o StrictHostKeyChecking=no root@$(terraform output -raw server_ip)

  # Hetzner CSI Driver tasks
  deploy:hetzner-csi:
    desc: Install Hetzner CSI driver (required for Hetzner Cloud Volumes)
    cmds:
      - echo "⚠️  Make sure you have created the hcloud secret first!"
      - echo "Run - kubectl --kubeconfig={{.KUBECONFIG}} create secret generic hcloud --from-literal=token=YOUR_HETZNER_API_TOKEN -n kube-system"
      - echo ""
      - echo "Installing Hetzner CSI driver..."
      - kubectl --kubeconfig={{.KUBECONFIG}} apply -f https://raw.githubusercontent.com/hetznercloud/csi-driver/main/deploy/kubernetes/hcloud-csi.yml
      - echo "Waiting for CSI driver to be ready..."
      - kubectl --kubeconfig={{.KUBECONFIG}} wait --namespace kube-system --for=condition=ready pod --selector=app=hcloud-csi-controller --timeout=300s
      - echo "✅ Hetzner CSI driver installed successfully!"
      - kubectl --kubeconfig={{.KUBECONFIG}} get storageclass

  check:hetzner-csi:
    desc: Check if Hetzner CSI driver is installed
    cmds:
      - echo "Checking Hetzner CSI driver..."
      - kubectl --kubeconfig={{.KUBECONFIG}} get pods -n kube-system | grep hcloud || echo "❌ Hetzner CSI driver not found"
      - echo ""
      - echo "Storage classes:"
      - kubectl --kubeconfig={{.KUBECONFIG}} get storageclass

  # PostgreSQL tasks
  postgres:create-secret:
    desc: Create PostgreSQL secret from .env file
    cmds:
      - |
        set -a
        source .env
        set +a
        kubectl --kubeconfig={{.KUBECONFIG}} create secret generic postgres-secret \
          --from-literal=POSTGRES_USER="$POSTGRES_USER" \
          --from-literal=POSTGRES_PASSWORD="$POSTGRES_PASSWORD" \
          --from-literal=POSTGRES_DB="$POSTGRES_DB" \
          --dry-run=client -o yaml | kubectl --kubeconfig={{.KUBECONFIG}} apply -f -
      - echo "✅ PostgreSQL secret created/updated successfully"

  postgres:delete-secret:
    desc: Delete PostgreSQL secret
    cmds:
      - kubectl --kubeconfig={{.KUBECONFIG}} delete secret postgres-secret --ignore-not-found=true
      - echo "✅ PostgreSQL secret deleted"

  deploy:postgres:
    desc: Deploy PostgreSQL with persistent storage
    deps:
      - postgres:create-secret
    cmds:
      - kubectl --kubeconfig={{.KUBECONFIG}} apply -f {{.K8S_DIR}}/storage/postgres-pv.yaml
      - kubectl --kubeconfig={{.KUBECONFIG}} apply -f {{.K8S_DIR}}/storage/postgres-pvc.yaml
      - kubectl --kubeconfig={{.KUBECONFIG}} apply -f {{.K8S_DIR}}/storage/postgres-statefulset.yaml
      - echo "Waiting for PostgreSQL to be ready..."
      - kubectl --kubeconfig={{.KUBECONFIG}} wait --for=condition=ready pod -l app=postgres --timeout=300s
      - echo "✅ PostgreSQL deployed successfully"

  k8s:get-pv:
    desc: Get all persistent volumes
    cmds:
      - kubectl --kubeconfig={{.KUBECONFIG}} get pv

  k8s:get-pvc:
    desc: Get all persistent volume claims
    cmds:
      - kubectl --kubeconfig={{.KUBECONFIG}} get pvc

  k8s:logs:postgres:
    desc: Get logs from PostgreSQL
    cmds:
      - kubectl --kubeconfig={{.KUBECONFIG}} logs -l app=postgres --tail=100 -f

  k8s:describe:postgres:
    desc: Describe PostgreSQL statefulset
    cmds:
      - kubectl --kubeconfig={{.KUBECONFIG}} describe statefulset postgres

  postgres:connect:
    desc: Connect to PostgreSQL using psql
    cmds:
      - |
        POSTGRES_USER=$(kubectl --kubeconfig={{.KUBECONFIG}} get secret postgres-secret -o jsonpath='{.data.POSTGRES_USER}' | base64 -d)
        POSTGRES_DB=$(kubectl --kubeconfig={{.KUBECONFIG}} get secret postgres-secret -o jsonpath='{.data.POSTGRES_DB}' | base64 -d)
        kubectl --kubeconfig={{.KUBECONFIG}} exec -it postgres-0 -- psql -U "$POSTGRES_USER" -d "$POSTGRES_DB"

  postgres:status:
    desc: Check PostgreSQL status
    cmds:
      - kubectl --kubeconfig={{.KUBECONFIG}} get pv
      - kubectl --kubeconfig={{.KUBECONFIG}} get pvc
      - kubectl --kubeconfig={{.KUBECONFIG}} get statefulset postgres
      - kubectl --kubeconfig={{.KUBECONFIG}} get pods -l app=postgres
      - kubectl --kubeconfig={{.KUBECONFIG}} get svc postgres
      - echo ""
      - echo "PostgreSQL Credentials (from secret):"
      - |
        POSTGRES_USER=$(kubectl --kubeconfig={{.KUBECONFIG}} get secret postgres-secret -o jsonpath='{.data.POSTGRES_USER}' | base64 -d)
        POSTGRES_DB=$(kubectl --kubeconfig={{.KUBECONFIG}} get secret postgres-secret -o jsonpath='{.data.POSTGRES_DB}' | base64 -d)
        echo "  User: $POSTGRES_USER"
        echo "  Database: $POSTGRES_DB"

  postgres:port-forward:
    desc: Port forward to PostgreSQL (production on port 5444, local k3d uses 5432)
    cmds:
      - kubectl --kubeconfig={{.KUBECONFIG}} port-forward svc/postgres 5444:5432

  postgres:backup:
    desc: Backup PostgreSQL database
    cmds:
      - |
        POSTGRES_USER=$(kubectl --kubeconfig={{.KUBECONFIG}} get secret postgres-secret -o jsonpath='{.data.POSTGRES_USER}' | base64 -d)
        POSTGRES_DB=$(kubectl --kubeconfig={{.KUBECONFIG}} get secret postgres-secret -o jsonpath='{.data.POSTGRES_DB}' | base64 -d)
        BACKUP_FILE="backup-$(date +%Y%m%d-%H%M%S).sql"
        kubectl --kubeconfig={{.KUBECONFIG}} exec postgres-0 -- pg_dump -U "$POSTGRES_USER" "$POSTGRES_DB" > "$BACKUP_FILE"
        echo "✅ Backup saved to $BACKUP_FILE"

  postgres:disk-usage:
    desc: Check PostgreSQL disk usage
    cmds:
      - kubectl --kubeconfig={{.KUBECONFIG}} exec postgres-0 -- df -h /var/lib/postgresql/data

  postgres:show-credentials:
    desc: Show PostgreSQL credentials from secret
    cmds:
      - |
        echo "PostgreSQL Credentials:"
        echo "  User: $(kubectl --kubeconfig={{.KUBECONFIG}} get secret postgres-secret -o jsonpath='{.data.POSTGRES_USER}' | base64 -d)"
        echo "  Password: $(kubectl --kubeconfig={{.KUBECONFIG}} get secret postgres-secret -o jsonpath='{.data.POSTGRES_PASSWORD}' | base64 -d)"
        echo "  Database: $(kubectl --kubeconfig={{.KUBECONFIG}} get secret postgres-secret -o jsonpath='{.data.POSTGRES_DB}' | base64 -d)"
        echo ""
        echo "⚠️  Keep these credentials secure!"