apiVersion: batch/v1
kind: CronJob
metadata:
name: backup
spec:
schedule: "0 0 * * *"
concurrencyPolicy: Forbid
jobTemplate:
spec:
template:
spec:
volumes:
- name: backup-storage
emptyDir: {}
- name: ipc-storage
emptyDir: {}
restartPolicy: Never
containers:
- name: backup-container
image: docker.sunet.se/drive/duplicity:bookworm-slim-1
command: ["bash"]
args: [ "-c", "duplicity /backup_storage rclone://destination:$(BUCKET) --no-encryption --full-if-older-than 1M; touch /backup_ipc/stop" ]
env:
- name: RCLONE_CONFIG_DESTINATION_ACL
value: private
- name: RCLONE_CONFIG_DESTINATION_TYPE
value: s3
- name: RCLONE_CONFIG_DESTINATION_ENDPOINT
value: s3.sto3.safedc.net
- name: RCLONE_CONFIG_DESTINATION_PROVIDER
value: Ceph
volumeMounts:
- name: backup-storage
mountPath: /backup_storage
mountPropagation: HostToContainer
- name: ipc-storage
mountPath: /backup_ipc
- name: mount-container
image: rclone/rclone:1.69.0
args: ["mount", "--allow-non-empty", "source:$(BUCKET)", "/backup_storage"]
securityContext:
privileged: true
env:
- name: RCLONE_CONFIG_SOURCE_ACL
value: private
- name: RCLONE_CONFIG_SOURCE_TYPE
value: s3
- name: RCLONE_CONFIG_SOURCE_ENDPOINT
value: s3.sto4.safedc.net
- name: RCLONE_CONFIG_SOURCE_PROVIDER
value: Ceph
volumeMounts:
- name: backup-storage
mountPath: /backup_storage
mountPropagation: Bidirectional
- name: ipc-storage
mountPath: /backup_ipc
livenessProbe:
exec:
command: ["sh", "-c", "if test -f /backup_ipc/stop; then umount /backup_storage; exit 1; fi;"]