k8s-and-chill/rendered/envs/production/ocis/cronjob-ocis-s3-backup.yaml

apiVersion: batch/v1
kind: CronJob
metadata:
  annotations:
    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  name: ocis-s3-backup
  namespace: ocis
spec:
  concurrencyPolicy: Forbid
  failedJobsHistoryLimit: 3
  jobTemplate:
    spec:
      template:
        spec:
          containers:
            - command:
                - sh
                - -c
                - |
                  set -e
                  apk add --no-cache rclone >/dev/null 2>&1

                  mkdir -p /tmp/rclone
                  cat > /tmp/rclone/rclone.conf <<CONF
                  [s3]
                  type = s3
                  provider = Other
                  access_key_id = ${S3_ACCESS_KEY}
                  secret_access_key = ${S3_SECRET_KEY}
                  endpoint = https://nbg1.your-objectstorage.com
                  acl = private

                  [storagebox]
                  type = sftp
                  host = ${STORAGEBOX_HOST}
                  port = 23
                  user = ${STORAGEBOX_USER}
                  key_file = /etc/storagebox/ssh-key
                  shell_type = none
                  md5sum_command = none
                  sha1sum_command = none

                  [backup]
                  type = compress
                  remote = storagebox:ocis-backup
                  CONF

                  echo "Syncing S3 bucket to Storage Box (compressed)..."
                  rclone sync s3:ocis-tr1ceracop backup: \
                    --config /tmp/rclone/rclone.conf \
                    --transfers 4 \
                    -v

                  rm -rf /tmp/rclone
                  echo "Backup complete."                  
              env:
                - name: S3_ACCESS_KEY
                  valueFrom:
                    secretKeyRef:
                      key: accessKey
                      name: ocis-s3-credentials
                - name: S3_SECRET_KEY
                  valueFrom:
                    secretKeyRef:
                      key: secretKey
                      name: ocis-s3-credentials
                - name: STORAGEBOX_HOST
                  valueFrom:
                    secretKeyRef:
                      key: host
                      name: ocis-storagebox-credentials
                - name: STORAGEBOX_USER
                  valueFrom:
                    secretKeyRef:
                      key: user
                      name: ocis-storagebox-credentials
              image: alpine:3.20
              name: backup
              resources:
                requests:
                  cpu: 50m
                  memory: 128Mi
              volumeMounts:
                - mountPath: /etc/storagebox
                  name: storagebox-ssh
                  readOnly: true
          restartPolicy: OnFailure
          serviceAccountName: ocis-s3-backup
          volumes:
            - name: storagebox-ssh
              secret:
                defaultMode: 256
                items:
                  - key: ssh-key
                    path: ssh-key
                secretName: ocis-storagebox-credentials
      ttlSecondsAfterFinished: 86400
  schedule: 0 2 * * *
  successfulJobsHistoryLimit: 3