apiVersion: batch/v1 kind: CronJob metadata: annotations: a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git name: ocis-volume-backup-storagesystem namespace: ocis spec: concurrencyPolicy: Forbid failedJobsHistoryLimit: 3 jobTemplate: spec: template: spec: affinity: podAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app: storagesystem topologyKey: kubernetes.io/hostname containers: - args: - | set -eu echo "[backup] Syncing ${PVC}..." rclone sync "/pvc" "storagebox:ocis-volumes/${PVC}" \ --links \ --transfers=4 \ -v echo "[backup] Done." command: - /bin/sh - -c env: - name: PVC value: storagesystem - name: RCLONE_CONFIG_STORAGEBOX_TYPE value: sftp - name: RCLONE_CONFIG_STORAGEBOX_PORT value: "23" - name: RCLONE_CONFIG_STORAGEBOX_KEY_FILE value: /etc/storagebox/ssh-key - name: RCLONE_CONFIG_STORAGEBOX_SHELL_TYPE value: none - name: RCLONE_CONFIG_STORAGEBOX_MD5SUM_COMMAND value: none - name: RCLONE_CONFIG_STORAGEBOX_SHA1SUM_COMMAND value: none - name: RCLONE_CONFIG_STORAGEBOX_HOST valueFrom: secretKeyRef: key: host name: ocis-storagebox-credentials - name: RCLONE_CONFIG_STORAGEBOX_USER valueFrom: secretKeyRef: key: user name: ocis-storagebox-credentials image: rclone/rclone:1.69.0 name: rclone resources: requests: cpu: 100m memory: 256Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true volumeMounts: - mountPath: /pvc name: pvc readOnly: true - mountPath: /etc/storagebox name: storagebox-ssh readOnly: true restartPolicy: OnFailure securityContext: fsGroup: 1009 runAsGroup: 1009 runAsNonRoot: true runAsUser: 1009 seccompProfile: type: RuntimeDefault volumes: - name: pvc persistentVolumeClaim: claimName: storagesystem-data - name: storagebox-ssh secret: defaultMode: 288 items: - key: ssh-key path: ssh-key secretName: ocis-storagebox-credentials ttlSecondsAfterFinished: 86400 schedule: 30 2 * * * successfulJobsHistoryLimit: 3