apiVersion: batch/v1 kind: CronJob metadata: name: backup spec: schedule: "0 0 * * *" concurrencyPolicy: Forbid jobTemplate: spec: template: spec: volumes: - name: backup-storage emptyDir: {} - name: ipc-storage emptyDir: {} restartPolicy: Never containers: - name: backup-container image: docker.sunet.se/drive/duplicity:bookworm-slim-1 command: ["bash"] args: [ "-c", "duplicity /backup_storage rclone://destination:$(BUCKET) --no-encryption --full-if-older-than 1M; touch /backup_ipc/stop" ] env: - name: RCLONE_CONFIG_DESTINATION_ACL value: private - name: RCLONE_CONFIG_DESTINATION_TYPE value: s3 - name: RCLONE_CONFIG_DESTINATION_ENDPOINT value: s3.sto3.safedc.net - name: RCLONE_CONFIG_DESTINATION_PROVIDER value: Ceph volumeMounts: - name: backup-storage mountPath: /backup_storage mountPropagation: HostToContainer - name: ipc-storage mountPath: /backup_ipc - name: mount-container image: rclone/rclone:1.69.0 args: ["mount", "--allow-non-empty", "source:$(BUCKET)", "/backup_storage"] securityContext: privileged: true env: - name: RCLONE_CONFIG_SOURCE_ACL value: private - name: RCLONE_CONFIG_SOURCE_TYPE value: s3 - name: RCLONE_CONFIG_SOURCE_ENDPOINT value: s3.sto4.safedc.net - name: RCLONE_CONFIG_SOURCE_PROVIDER value: Ceph volumeMounts: - name: backup-storage mountPath: /backup_storage mountPropagation: Bidirectional - name: ipc-storage mountPath: /backup_ipc livenessProbe: exec: command: ["sh", "-c", "if test -f /backup_ipc/stop; then umount /backup_storage; exit 1; fi;"]