Automated daily backup of the prod economy DB to R2 (CronJob)

Problem

The production economy DB (the Treasury ledger — system of record, ~1.5 GB, ~6.4M rows; ledger_postings + ledger_txns + chestshop_sale are ~93% of it) had no automated backup. The economy-flyway CI operator runbook treats a "pre-deploy DB backup" as the canonical rollback path, but that is a manual dump an operator takes before a Flyway migration. The 2026-05-30 suite audit flags this: "no automated rollback (backup restore only)."

Solution

New GitOps app apps/economy-db-backup/ (ParadauxIO/gitops) — a CronJob in the production namespace:

• 02:00 UTC daily, two ordered steps sharing an emptyDir:
  1. initContainer (mariadb:11) — mariadb-dump --single-transaction (shared-hosting-safe flags) → gzip.
  2. container (rclone/rclone) — upload to Cloudflare R2, prune objects older than 14 days.
• Backs up the external Bloom.host prod DB via the existing treasury-rest-api-democracycraft-secrets (DB_URL/DB_USERNAME/DB_PASSWORD) — nothing new to rotate.
• Reuses the cluster's existing R2 backup target (same account as Longhorn/cnpg). No custom image built; Image Updater skips the app.
• Auto-registered by the apps/*/overlays/* ApplicationSet generator.

Out-of-band prerequisite (operator)

1. Create R2 bucket economy-db-backups.
2. kubectl -n production create secret generic economy-backup-r2-creds with ACCESS_KEY_ID / SECRET_ACCESS_KEY / ENDPOINT / BUCKET.

Until the secret exists, the Job fails harmlessly (nothing reads the dump). Restore + verify procedure documented in apps/economy-db-backup/README.md.

Status

Manifests written + kubectl kustomize validated locally. Pending: commit to gitops main + operator creates the R2 bucket/secret. StateCraft DB not covered (documented how to extend).