# services/nextcloud/maintenance-cronjob.yaml apiVersion: batch/v1 kind: CronJob metadata: name: nextcloud-maintenance namespace: nextcloud spec: schedule: "30 4 * * *" concurrencyPolicy: Forbid jobTemplate: spec: template: spec: restartPolicy: OnFailure securityContext: runAsUser: 0 runAsGroup: 0 serviceAccountName: nextcloud-vault containers: - name: maintenance image: nextcloud:29-apache imagePullPolicy: IfNotPresent command: ["/bin/sh", "-c"] args: - | set -euo pipefail . /vault/scripts/nextcloud_vault_env.sh exec /maintenance/maintenance.sh env: - name: NC_URL value: https://cloud.bstein.dev volumeMounts: - name: nextcloud-web mountPath: /var/www/html - name: nextcloud-config-pvc mountPath: /var/www/html/config - name: nextcloud-custom-apps mountPath: /var/www/html/custom_apps - name: nextcloud-user-data mountPath: /var/www/html/data - name: maintenance-script mountPath: /maintenance/maintenance.sh subPath: maintenance.sh - name: vault-secrets mountPath: /vault/secrets readOnly: true - name: vault-scripts mountPath: /vault/scripts readOnly: true resources: requests: cpu: 100m memory: 256Mi limits: cpu: 500m memory: 512Mi volumes: - name: nextcloud-config-pvc persistentVolumeClaim: claimName: nextcloud-config-v2 - name: nextcloud-custom-apps persistentVolumeClaim: claimName: nextcloud-custom-apps-v2 - name: nextcloud-user-data persistentVolumeClaim: claimName: nextcloud-user-data-v2 - name: nextcloud-web persistentVolumeClaim: claimName: nextcloud-web-v2 - name: maintenance-script configMap: name: nextcloud-maintenance-script defaultMode: 0755 - name: vault-secrets csi: driver: secrets-store.csi.k8s.io readOnly: true volumeAttributes: secretProviderClass: nextcloud-vault - name: vault-scripts configMap: name: nextcloud-vault-env defaultMode: 0555