Initial

2025-07-30 14:10:55 +12:00
commit fa3ea2d21f
6 changed files with 498 additions and 0 deletions
--- a/k8s-cronjob.yaml
+++ b/k8s-cronjob.yaml
@@ -0,0 +1,91 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: postgres-backup
+  namespace: default
+spec:
+  # Run daily at 2:00 AM
+  schedule: "0 2 * * *"
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          restartPolicy: OnFailure
+          containers:
+          - name: postgres-backup
+            image: your-registry/postgres-backup:latest
+            imagePullPolicy: Always
+            env:
+            # PostgreSQL connection settings
+            - name: POSTGRES_HOST
+              value: "postgres-service.database.svc.cluster.local"
+            - name: POSTGRES_PORT
+              value: "5432"
+            - name: POSTGRES_USER
+              valueFrom:
+                secretKeyRef:
+                  name: postgres-backup-secret
+                  key: postgres-user
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: postgres-backup-secret
+                  key: postgres-password
+            # Optionally specify specific databases (comma-separated)
+            # If not set, all databases will be backed up
+            - name: POSTGRES_DATABASES
+              value: "myapp,analytics"
+            # S3-compatible storage settings
+            - name: S3_BUCKET
+              value: "my-postgres-backups"
+            - name: S3_PREFIX
+              value: "production/postgres-backups"
+            - name: S3_ENDPOINT
+              value: "https://s3.your-provider.com" # Required for third-party S3
+            - name: S3_ACCESS_KEY_ID
+              valueFrom:
+                secretKeyRef:
+                  name: postgres-backup-secret
+                  key: s3-access-key-id
+            - name: S3_SECRET_ACCESS_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: postgres-backup-secret
+                  key: s3-secret-access-key
+            - name: S3_REGION
+              value: "us-east-1"
+            # Backup settings
+            - name: BACKUP_RETENTION_DAYS
+              value: "7"
+            - name: COMPRESSION
+              value: "gzip"
+            # Optional webhook for notifications
+            # - name: WEBHOOK_URL
+            #   value: "https://hooks.slack.com/services/YOUR/SLACK/WEBHOOK"
+            resources:
+              requests:
+                memory: "256Mi"
+                cpu: "100m"
+              limits:
+                memory: "512Mi"
+                cpu: "500m"
+            # Security context
+            securityContext:
+              runAsNonRoot: true
+              runAsUser: 1001
+              runAsGroup: 1001
+              allowPrivilegeEscalation: false
+              capabilities:
+                drop:
+                - ALL
+              readOnlyRootFilesystem: true
+            # Temporary volume for backup files
+            volumeMounts:
+            - name: tmp-volume
+              mountPath: /backups
+          volumes:
+          - name: tmp-volume
+            emptyDir: {}
+          # Job settings
+          activeDeadlineSeconds: 3600 # 1 hour timeout
+          backoffLimit: 2