aitbc/infra/k8s/backup-cronjob.yaml

apiVersion: batch/v1
kind: CronJob
metadata:
  name: aitbc-backup
  namespace: default
  labels:
    app: aitbc-backup
    component: backup
spec:
  schedule: "0 2 * * *"  # Run daily at 2 AM
  concurrencyPolicy: Forbid
  successfulJobsHistoryLimit: 7
  failedJobsHistoryLimit: 3
  jobTemplate:
    spec:
      template:
        spec:
          restartPolicy: OnFailure
          containers:
          - name: postgresql-backup
            image: postgres:15-alpine
            command:
            - /bin/bash
            - -c
            - |
              echo "Starting PostgreSQL backup..."
              /scripts/backup_postgresql.sh default postgresql-backup-$(date +%Y%m%d_%H%M%S)
              echo "PostgreSQL backup completed"
            env:
            - name: PGPASSWORD
              valueFrom:
                secretKeyRef:
                  name: coordinator-postgresql
                  key: password
            volumeMounts:
            - name: backup-scripts
              mountPath: /scripts
              readOnly: true
            - name: backup-storage
              mountPath: /backups
            resources:
              requests:
                memory: "256Mi"
                cpu: "100m"
              limits:
                memory: "512Mi"
                cpu: "500m"
          
          - name: redis-backup
            image: redis:7-alpine
            command:
            - /bin/sh
            - -c
            - |
              echo "Waiting for PostgreSQL backup to complete..."
              sleep 60
              echo "Starting Redis backup..."
              /scripts/backup_redis.sh default redis-backup-$(date +%Y%m%d_%H%M%S)
              echo "Redis backup completed"
            volumeMounts:
            - name: backup-scripts
              mountPath: /scripts
              readOnly: true
            - name: backup-storage
              mountPath: /backups
            resources:
              requests:
                memory: "128Mi"
                cpu: "50m"
              limits:
                memory: "256Mi"
                cpu: "200m"
          
          - name: ledger-backup
            image: alpine:3.18
            command:
            - /bin/sh
            - -c
            - |
              echo "Waiting for previous backups to complete..."
              sleep 120
              echo "Starting Ledger backup..."
              /scripts/backup_ledger.sh default ledger-backup-$(date +%Y%m%d_%H%M%S)
              echo "Ledger backup completed"
            volumeMounts:
            - name: backup-scripts
              mountPath: /scripts
              readOnly: true
            - name: backup-storage
              mountPath: /backups
            resources:
              requests:
                memory: "256Mi"
                cpu: "100m"
              limits:
                memory: "512Mi"
                cpu: "500m"
          
          volumes:
          - name: backup-scripts
            configMap:
              name: backup-scripts
              defaultMode: 0755
          
          - name: backup-storage
            persistentVolumeClaim:
              claimName: backup-storage-pvc
          
          # Add service account for cloud storage access
          serviceAccountName: backup-service-account
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: backup-service-account
  namespace: default
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: backup-role
  namespace: default
rules:
- apiGroups: [""]
  resources: ["pods", "pods/exec", "secrets"]
  verbs: ["get", "list"]
- apiGroups: ["batch"]
  resources: ["jobs", "cronjobs"]
  verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: backup-role-binding
  namespace: default
subjects:
- kind: ServiceAccount
  name: backup-service-account
  namespace: default
roleRef:
  kind: Role
  name: backup-role
  apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: backup-storage-pvc
  namespace: default
spec:
  accessModes:
    - ReadWriteOnce
  storageClassName: fast-ssd
  resources:
    requests:
      storage: 500Gi