apiVersion: v1 kind: Secret metadata: name: rclone-remote-backup-api-key type: Opaque data: backups.pem: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tDQpNSUlFdmdJQkFEQU5CZ2txaGtpRzl3MEJBUUVGQUFTQ0JLZ3dnZ1NrQWdFQUFvSUJBUURjbXR3N0t1cnphMmJ1DQplQ3BQRU9PdlFRRmdKU2I1SjFCbUpNelc1a2pUKy9aekdscjNZT3d6ay9QMVM5UWNBNlZ2YzdPdzNnditSZlZ2DQpWQnd4dkozVVRsNGo0eGRnK2JBWnRrNVpGR0dLSnhIMWo4V1E3Q0RGdU14U3NiRFgzRWVhaWlCMmQrcHJLSlZKDQp2YUFva1JBeHJuTG9oS0tpbEo1OTdwTjd0SnVWY0FjbXFWQTdmNFArZEVTNzUzL3pDNDMzWnJCb2lDeVM5cnVMDQpjWTcvVVMySnlxRXNjcXNVK1l4MmxEV1ZxMHZEMVJEeFdUYUJCSGlWb09RbkMvVmZxcjgxTXVaM2loWmQ2cldpDQpxa1dBN3l6eEhhSzZpdmJHNUVVYzZBOTg5VDhEUi9mOU42MDBFb2ZucGNsMVFyQ0g3SlpYUDNzNkZ6WEZSNXl0DQplTzJ4a1dVL0FnTUJBQUVDZ2dFQVJ6eEFjbUMwOXI2UFFlRU90SEpkTzJuUDBtYWMwNmEweVE4SUVEclRlSlJyDQpyQlp1R21TelVTSnREQ0FjMGFFQnlsLy92ZFN0NWNGY2RFTWlTWk5CR2QzbWUwc284UGtmdXVYS0hleTlaSG1pDQpUSHZORGJPYUQ0N1JkOENHUE9ZV1B4cHNTaVVGenUyUGEzenVtenJna2xKbEs1MHMwVGdSaDlQQ3p4YnVpSTNIDQpURmtXOVUxMGhJdC9wZTBDaWFSeTYwOU9zN2x6NCszeTRKMlM2eTJFbTQraVZ3Z2hzVnEyUnloTjhSNUVWRVZ0DQp2UEJmWjZOb1psYk9YOWpwUnZ3bGVCd3E4STQxYmpSeG02elZ5NmZ5MDBSczZLaENwUjM5eERwdkpKMFg0SGU5DQpvRWlsUjNYWnVVRWFZNndvRGs3VzVxcHVCVzRYVUkwMDFGbHpCZFIzYlFLQmdRRDFHN2VzMXZMYnp0eFM1dW5yDQoxQm55U3RPMm16dmd5Z3hxQlZWdGhKY2EyalNJOGNxQ3VucndCYUw3WlZycitDUmt5ekFUM0dCR2tvUGVjQlBWDQo5VVd6MENKeUN4M3NJbDVrVWdrYVVDWkt0QmIvMGxWQUQ4QmlwZGlCZ1JpNHFGd0J5SVQ3eG81dlhDQXVON095DQpqNEM1VzNLQ29Lbk5peDl5ZzBQVldZaDlyUUtCZ1FEbWFHWk5oTFhEcWZpb0k0Y056U3RLa1VseDRBV3BPUFBSDQpHOWgwVlhnaEp4elFDSEw3cmcrWEtaZ04xSmZOQVhnOWpoYnYvay9MaDlIUVFiMjJJMGN6dkJmeXZJQ0RGMW1KDQppS0g1TisvaVgvaUMyVy8vdEEzSGJRazhUaUVleC9GK3MxbFZMb3pibXhNVDJ1SkRuK1hRdGhVWXJwSkRhaWd5DQpSbkFvMjlrMEd3S0JnUURWVlUrVGh1NlA5RWI5Zk8vaWk1UWR0NVQzbmJzTEZyQ2hZbzBOS2xjZVR3ZGtuaFpsDQpuQXMrZDVsNGQ2b2dNYlR6YVlvcDd5aDRwRE5VV25aWlJnWnB6K0Q3SThQaWI3TjZXNUNDcjNuMGtUUm5hdGs2DQpUYnRqNFBkRkdHaTg2QVJVcFFOaDVGcTZnQk9lUm1zSUlqQ21vL3BSeWFhaE9OS2hKN0RWcy96QmJRS0JnUUNnDQp0S3ErWU5VaXYxZ1hkb2hKZ1JRejgzaEZ2QnBXdU1tZXpZeEJRQ2dFLzdIaURES2ZCdjRLMGxFalBHZ1E3bmgrDQpmcS9TL3crTEI1VzVhMUUyVEE3cXI4UUlZNkJEVHpMOWNkWi83SnNkeXhDYnU2dVpyMjE0N3IxbFdaMVNTZVZRDQpHU295OXIvNm9JUkM4Z1dsWTA2NUwzY3hldm03bWJ5bHJHbW9wZ2N1aHdLQmdIWEg2anJvSm1GOXozV1J4dENTDQorREhOVGVtK3cxem91bWRnL201RGtsU1RrNzBvWHlDTWZXRHdPeGw1U2tRUC9CNUMzYVhZMzJyTEt2eWw5bVZNDQpWQkxWNkJ2WXRRVWxZTXJlVHJCaUNpdGErTHpGUmM1Z3NhWEJldi9NZEhtTHdlaUp0bS9zNWpOT2U0RUx5TWoyDQpjcnZqTTFpMTZ6K2JtdDkyV0ZhWkRRZXoNCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0KT0NJX0FQSV9LRVk= --- apiVersion: v1 kind: ConfigMap metadata: name: rclone-config-oos data: rclone.conf: | [oos] type = oracleobjectstorage namespace = iddpv1jwk1nu region = us-ashburn-1 compartment = ocid1.tenancy.oc1..aaaaaaaatqrfyvsvvwrz4p4y3fbaucueixpm6rg5r5ihpr2szat6cg2ek2aq provider = user_principal_auth config_file = /config/oci/config config_profile = DEFAULT oci.conf: | [DEFAULT] user=ocid1.user.oc1..aaaaaaaapeoqy5glmtljxh6bztwkbcrjk53ux7msfa6ifvxs2ygec364chha fingerprint=d6:06:e3:9c:59:ef:d6:ae:2a:21:6c:06:07:82:c4:70 tenancy=ocid1.tenancy.oc1..aaaaaaaatqrfyvsvvwrz4p4y3fbaucueixpm6rg5r5ihpr2szat6cg2ek2aq region=us-ashburn-1 key_file=/config/oci-keys/backups.pem --- apiVersion: batch/v1 kind: CronJob metadata: name: backup-remote spec: schedule: "5 8 * * 0" jobTemplate: spec: template: spec: initContainers: - name: prepare-wrapper image: busybox command: ["/bin/sh", "-c"] args: - | cat > /shared/wrapper.sh << 'EOF' #!/bin/sh # Execute the original entrypoint with all arguments /usr/local/bin/rclone "$@" # Capture the exit code EXIT_CODE=$? echo $EXIT_CODE > /shared/exit-code echo "Exit code is $EXIT_CODE" exit $EXIT_CODE EOF chmod +x /shared/wrapper.sh volumeMounts: - name: shared-data mountPath: /shared containers: - name: rclone image: rclone/rclone:1.72 command: ["/shared/wrapper.sh"] args: ["sync", "--verbose", "--verbose", "--cache-workers", "4", "--transfers", "4", "--retries", "32", "--oos-attempt-resume-upload", "--oos-leave-parts-on-error", "/data/repo", "oos:backup"] imagePullPolicy: IfNotPresent volumeMounts: - name: restic-repo-vol mountPath: /data/repo - name: rclone-conf-vol mountPath: /config/rclone - name: oci-conf-vol mountPath: /config/oci - name: oci-api-key-vol mountPath: /config/oci-keys - name: shared-data mountPath: /shared - name: notify image: curlimages/curl command: ["/bin/sh"] args: - -c - | while [ ! -f /shared/exit-code ]; do sleep 1; done AUTH_HEADER="Authorization: Bearer tk_up3glyzhhojl1w5lt32jq5vqjzdgb" URL="http://ntfy/backup" MESSAGE="Remote rclone restic repo backup" EXIT_CODE=$(cat /shared/exit-code) echo "Captured exit code is $EXIT_CODE" if [ "$EXIT_CODE" -eq 0 ]; then STATUS="was successful" else STATUS="FAILED" fi curl -X POST -H "$AUTH_HEADER" -d "${MESSAGE} ${STATUS}." "$URL" exit $EXIT_CODE volumeMounts: - name: shared-data mountPath: /shared volumes: - name: restic-repo-vol hostPath: path: /data/backup type: Directory - name: rclone-conf-vol configMap: name: rclone-config-oos items: - key: rclone.conf path: rclone.conf - name: oci-conf-vol configMap: name: rclone-config-oos items: - key: oci.conf path: config - name: oci-api-key-vol secret: secretName: rclone-remote-backup-api-key - name: shared-data emptyDir: {} restartPolicy: Never nodeSelector: kubernetes.io/hostname: raspberrypi4