HetznerTerra/infrastructure/addons/cnpg/pgdump-cronjob.yaml

apiVersion: batch/v1
kind: CronJob
metadata:
  name: pgdump-rancher
  namespace: cnpg-cluster
spec:
  schedule: "0 2 * * 0"
  concurrencyPolicy: Forbid
  successfulJobsHistoryLimit: 4
  failedJobsHistoryLimit: 4
  jobTemplate:
    spec:
      backoffLimit: 3
      template:
        spec:
          restartPolicy: OnFailure
          containers:
            - name: pgdump
              image: ghcr.io/cloudnative-pg/pgbackrest:latest
              command:
                - /bin/sh
                - -c
                - |
                  set -e
                  export AWS_ACCESS_KEY_ID=$(cat /etc/b2/credentials/B2_ACCOUNT_ID)
                  export AWS_SECRET_ACCESS_KEY=$(cat /etc/b2/credentials/B2_APPLICATION_KEY)
                  export AWS_ENDPOINT=https://s3.us-east-005.backblazeb2.com

                  BACKUP_FILE="rancher-backup-$(date +%Y%m%d-%H%M%S).sql.gz"

                  pg_dump -h cnpg-cluster-rw.cnpg-cluster.svc -U postgres -d postgres --no-owner --clean | gzip | \
                    aws s3 cp - s3://HetznerTerra/rancher-backups/$BACKUP_FILE

                  echo "Backup completed: $BACKUP_FILE"
              env:
                - name: PGPASSWORD
                  valueFrom:
                    secretKeyRef:
                      name: rancher-db-password
                      key: password
              volumeMounts:
                - name: b2-credentials
                  mountPath: /etc/b2/credentials
                  readOnly: true
              resources:
                requests:
                  cpu: 100m
                  memory: 128Mi
                limits:
                  cpu: 500m
                  memory: 512Mi
          volumes:
            - name: b2-credentials
              secret:
                secretName: b2-credentials
          nodeSelector:
            kubernetes.io/hostname: k8s-cluster-cp-1
          tolerations:
            - key: node-role.kubernetes.io/control-plane
              operator: Exists
              effect: NoSchedule