fix: fix backup CronJob template bugs

- Fix MYSQL_HOST/PORT: were referencing non-existent .Values.backup.mysql.host/port;
  now correctly read from .Values.phpmyadmin.hosts[0] as documented in README
- Remove broken BACKUP_TIMESTAMP env var (shell command substitution does not
  execute in k8s env vars; timestamp is already defined inside the script)
- Fix NFS readOnly: was always outputting "readOnly: false" even when
  .Values.backup.nfs.readOnly was true; now renders the actual value
- Add MYSQL_HISTFILE=/dev/null to prevent mysql client from writing history
  file when readOnlyRootFilesystem: true
- Fix variable name collision: renamed shell var DATABASES -> DB_LIST in the
  all-databases branch to avoid conflict with the DATABASES env var
- Use /bin/bash (available in mysql:8.0 Debian image) for set -euo pipefail
  and local keyword support
- Split retention find into separate *.sql and *.sql.gz patterns
- Add -mindepth 1 to empty dir cleanup to avoid removing the root backup dir

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

templates/cronjob.yaml

@@ -49,10 +49,11 @@ spec:
               runAsNonRoot: true
               runAsUser: 999
             env:
+            # MySQL接続情報は phpmyadmin.hosts[0] から取得
             - name: MYSQL_HOST
-              value: {{ .Values.backup.mysql.host | quote }}
+              value: {{ (index .Values.phpmyadmin.hosts 0).host | quote }}
             - name: MYSQL_PORT
-              value: {{ .Values.backup.mysql.port | quote }}
+              value: {{ (index .Values.phpmyadmin.hosts 0).port | quote }}
             - name: MYSQL_USER
               valueFrom:
                 secretKeyRef:
@@ -63,8 +64,9 @@ spec:
                 secretKeyRef:
                   name: {{ .Values.backup.mysql.existingSecret | default (printf "%s-backup" (include "phpmyadmin-nginx.fullname" .)) }}
                   key: {{ .Values.backup.mysql.passwordKey | default "mysql-password" }}
-            - name: BACKUP_TIMESTAMP
+            # readOnlyRootFilesystem: true のためmysqlコマンドの履歴ファイルを無効化
-              value: $(date +%Y%m%d_%H%M%S)
+            - name: MYSQL_HISTFILE
+              value: /dev/null
             {{- if .Values.backup.databases }}
             - name: DATABASES
               value: {{ join " " .Values.backup.databases | quote }}
@@ -90,12 +92,13 @@ spec:
               DATE_DIR=$(date +%Y%m%d)
 
               echo "=== MySQL Backup Started at $(date) ==="
+              echo "Host: ${MYSQL_HOST}:${MYSQL_PORT}"
               echo "Backup destination: ${BACKUP_DIR}/${DATE_DIR}"
 
               # Create backup directory
               mkdir -p "${BACKUP_DIR}/${DATE_DIR}"
 
-              # Function to backup a database
+              # Function to backup a single database
               backup_database() {
                 local db=$1
                 local backup_file="${BACKUP_DIR}/${DATE_DIR}/${db}_${TIMESTAMP}.sql"
@@ -121,7 +124,6 @@ spec:
                 backup_file="${backup_file}.gz"
                 {{- end }}
 
-                # Verify backup file
                 if [ -f "${backup_file}" ]; then
                   size=$(du -h "${backup_file}" | cut -f1)
                   echo "✓ Backup completed: ${backup_file} (${size})"
@@ -131,14 +133,14 @@ spec:
                 fi
               }
 
-              # Backup specified databases or all databases
               {{- if .Values.backup.databases }}
+              # Backup specified databases
               for db in ${DATABASES}; do
                 backup_database "${db}" || echo "Warning: Failed to backup ${db}"
               done
               {{- else }}
               # Get all databases except system databases
-              DATABASES=$(mysql \
+              DB_LIST=$(mysql \
                 -h "${MYSQL_HOST}" \
                 -P "${MYSQL_PORT}" \
                 -u "${MYSQL_USER}" \
@@ -146,25 +148,25 @@ spec:
                 -N -B -e "SHOW DATABASES" | \
                 grep -Ev '^(information_schema|performance_schema|mysql|sys)$')
 
-              for db in ${DATABASES}; do
+              for db in ${DB_LIST}; do
                 backup_database "${db}" || echo "Warning: Failed to backup ${db}"
               done
               {{- end }}
 
               {{- if .Values.backup.retention.enabled }}
               # Cleanup old backups
-              echo "Cleaning up backups older than {{ .Values.backup.retention.days }} days"
+              echo "Cleaning up backups older than {{ .Values.backup.retention.days }} days..."
-              find "${BACKUP_DIR}" -type f -name "*.sql*" -mtime +{{ .Values.backup.retention.days }} -delete
+              find "${BACKUP_DIR}" -type f -name "*.sql" -mtime +{{ .Values.backup.retention.days }} -delete
-              find "${BACKUP_DIR}" -type d -empty -delete
+              find "${BACKUP_DIR}" -type f -name "*.sql.gz" -mtime +{{ .Values.backup.retention.days }} -delete
+              find "${BACKUP_DIR}" -mindepth 1 -type d -empty -delete
               {{- end }}
 
               # Summary
               echo "=== Backup Summary ==="
               echo "Total backup size:"
-              du -sh "${BACKUP_DIR}/${DATE_DIR}"
+              du -sh "${BACKUP_DIR}/${DATE_DIR}" 2>/dev/null || echo "(no files)"
               echo "Backup files:"
-              ls -lh "${BACKUP_DIR}/${DATE_DIR}"
+              ls -lh "${BACKUP_DIR}/${DATE_DIR}" 2>/dev/null || echo "(none)"
-              
               echo "=== MySQL Backup Completed at $(date) ==="
             resources:
               {{- toYaml .Values.backup.resources | nindent 14 }}
@@ -179,9 +181,7 @@ spec:
             nfs:
               server: {{ .Values.backup.nfs.server }}
               path: {{ .Values.backup.nfs.path }}
-              {{- if .Values.backup.nfs.readOnly }}
+              readOnly: {{ .Values.backup.nfs.readOnly }}
-              readOnly: false
-              {{- end }}
             {{- else }}
             persistentVolumeClaim:
               claimName: {{ .Values.backup.existingClaim | default (printf "%s-backup" (include "phpmyadmin-nginx.fullname" .)) }}