apiVersion: batch/v1 kind: CronJob metadata: name: postgres-backup namespace: default spec: # Run daily at 2:00 AM schedule: "0 2 * * *" jobTemplate: spec: template: spec: restartPolicy: OnFailure containers: - name: postgres-backup image: your-registry/postgres-backup:latest imagePullPolicy: Always env: # PostgreSQL connection settings - name: POSTGRES_HOST value: "postgres-service.database.svc.cluster.local" - name: POSTGRES_PORT value: "5432" - name: POSTGRES_USER valueFrom: secretKeyRef: name: postgres-backup-secret key: postgres-user - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: postgres-backup-secret key: postgres-password # Optionally specify specific databases (comma-separated) # If not set, all databases will be backed up - name: POSTGRES_DATABASES value: "myapp,analytics" # S3-compatible storage settings - name: S3_BUCKET value: "my-postgres-backups" - name: S3_PREFIX value: "production/postgres-backups" - name: S3_ENDPOINT value: "https://s3.your-provider.com" # Required for third-party S3 - name: S3_ACCESS_KEY_ID valueFrom: secretKeyRef: name: postgres-backup-secret key: s3-access-key-id - name: S3_SECRET_ACCESS_KEY valueFrom: secretKeyRef: name: postgres-backup-secret key: s3-secret-access-key - name: S3_REGION value: "us-east-1" # Backup settings - name: BACKUP_RETENTION_DAYS value: "7" - name: COMPRESSION value: "gzip" # Optional webhook for notifications # - name: WEBHOOK_URL # value: "https://hooks.slack.com/services/YOUR/SLACK/WEBHOOK" resources: requests: memory: "256Mi" cpu: "100m" limits: memory: "512Mi" cpu: "500m" # Security context securityContext: runAsNonRoot: true runAsUser: 1001 runAsGroup: 1001 allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true # Temporary volume for backup files volumeMounts: - name: tmp-volume mountPath: /backups volumes: - name: tmp-volume emptyDir: {} # Job settings activeDeadlineSeconds: 3600 # 1 hour timeout backoffLimit: 2