apiVersion: batch/v1
kind: CronJob
metadata:
  annotations:
    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  name: ocis-s3-backup
  namespace: ocis
spec:
  concurrencyPolicy: Forbid
  failedJobsHistoryLimit: 3
  jobTemplate:
    spec:
      template:
        spec:
          containers:
            - args:
                - sync
                - s3:ocis-tr1ceracop
                - 'backup:'
                - --transfers=4
                - -v
              env:
                - name: RCLONE_CONFIG_S3_TYPE
                  value: s3
                - name: RCLONE_CONFIG_S3_PROVIDER
                  value: Other
                - name: RCLONE_CONFIG_S3_ENDPOINT
                  value: https://nbg1.your-objectstorage.com
                - name: RCLONE_CONFIG_S3_ACL
                  value: private
                - name: RCLONE_CONFIG_S3_ACCESS_KEY_ID
                  valueFrom:
                    secretKeyRef:
                      key: accessKey
                      name: ocis-s3-credentials
                - name: RCLONE_CONFIG_S3_SECRET_ACCESS_KEY
                  valueFrom:
                    secretKeyRef:
                      key: secretKey
                      name: ocis-s3-credentials
                - name: RCLONE_CONFIG_STORAGEBOX_TYPE
                  value: sftp
                - name: RCLONE_CONFIG_STORAGEBOX_PORT
                  value: "23"
                - name: RCLONE_CONFIG_STORAGEBOX_KEY_FILE
                  value: /etc/storagebox/ssh-key
                - name: RCLONE_CONFIG_STORAGEBOX_SHELL_TYPE
                  value: none
                - name: RCLONE_CONFIG_STORAGEBOX_MD5SUM_COMMAND
                  value: none
                - name: RCLONE_CONFIG_STORAGEBOX_SHA1SUM_COMMAND
                  value: none
                - name: RCLONE_CONFIG_STORAGEBOX_HOST
                  valueFrom:
                    secretKeyRef:
                      key: host
                      name: ocis-storagebox-credentials
                - name: RCLONE_CONFIG_STORAGEBOX_USER
                  valueFrom:
                    secretKeyRef:
                      key: user
                      name: ocis-storagebox-credentials
                - name: RCLONE_CONFIG_BACKUP_TYPE
                  value: compress
                - name: RCLONE_CONFIG_BACKUP_REMOTE
                  value: storagebox:ocis-backup
              image: rclone/rclone:1.69.0
              name: backup
              resources:
                requests:
                  cpu: 50m
                  memory: 128Mi
              securityContext:
                allowPrivilegeEscalation: false
                capabilities:
                  drop:
                    - ALL
                readOnlyRootFilesystem: true
              volumeMounts:
                - mountPath: /etc/storagebox
                  name: storagebox-ssh
                  readOnly: true
          restartPolicy: OnFailure
          securityContext:
            runAsGroup: 1009
            runAsNonRoot: true
            runAsUser: 1009
            seccompProfile:
              type: RuntimeDefault
          serviceAccountName: ocis-s3-backup
          volumes:
            - name: storagebox-ssh
              secret:
                defaultMode: 256
                items:
                  - key: ssh-key
                    path: ssh-key
                secretName: ocis-storagebox-credentials
      ttlSecondsAfterFinished: 86400
  schedule: 0 2 * * *
  successfulJobsHistoryLimit: 3