[PM-6553] Update backup job to match old self-host backups.

[spacex]

Update example backup job to match old self-hosted server backup script:
https://github.com/bitwarden/server/blob/main/util/MsSql/backup-db.sh

Also add example cronjob that matches the default period from the old self-hosted installation.

[bitwarden-bot]

Thank you for your contribution! We've added this to our internal Community PR board for review.
ID: PM-6553

[bitwarden-bot]

Checkmarx One – Scan Summary & Details – 6d4c176f-fdc7-49fe-a3af-2a66c0eec04a

New Issues

Severity	Issue	Source File / Package	Checkmarx Insight
	Privilege Escalation Allowed	/backup-cronjob.yaml: 23	Containers should not run with allowPrivilegeEscalation in order to prevent them from gaining more privileges than their parent process
	CPU Limits Not Set	/backup-cronjob.yaml: 23	CPU limits should be set because if the system has CPU time free, a container is guaranteed to be allocated as much CPU as it requests
	CPU Requests Not Set	/backup-cronjob.yaml: 23	CPU requests should be set to ensure the sum of the resource requests of the scheduled Containers is less than the capacity of the node
	Container Running As Root	/backup-cronjob.yaml: 23	Containers should only run as non-root user. This limits the exploitability of security misconfigurations and restricts an attacker's possibilities...
	Container Running With Low UID	/backup-cronjob.yaml: 23	Check if containers are running with low UID, which might cause conflicts with the host's user table.
	Memory Limits Not Defined	/backup-cronjob.yaml: 23	Memory limits should be defined for each container. This prevents potential resource exhaustion by ensuring that containers consume not more than t...
	Memory Requests Not Defined	/backup-cronjob.yaml: 23	Memory requests should be defined for each container. This allows the kubelet to reserve the requested amount of system resources and prevents over...
	NET_RAW Capabilities Not Being Dropped	/backup-cronjob.yaml: 23	Containers should drop 'ALL' or at least 'NET_RAW' capabilities
	Seccomp Profile Is Not Configured	/backup-cronjob.yaml: 23	Containers should be configured with a secure Seccomp profile to restrict potentially dangerous syscalls
	Service Account Token Automount Not Disabled	/backup-cronjob.yaml: 21	Service Account Tokens are automatically mounted even if not necessary
	Using Unrecommended Namespace	/backup-cronjob.yaml: 5	Namespaces like 'default', 'kube-system' or 'kube-public' should not be used
	CronJob Deadline Not Configured	/backup-cronjob.yaml: 9	Cronjobs must have a configured deadline, which means the attribute 'startingDeadlineSeconds' must be defined
	Image Without Digest	/backup-cronjob.yaml: 30	Images should be specified together with their digests to ensure integrity
	Invalid Image Tag	/backup-cronjob.yaml: 30	Image tag must be defined and not be empty or equal to latest.
	Missing AppArmor Profile	/backup-cronjob.yaml: 16	Containers should be configured with an AppArmor profile to enforce fine-grained access control over low-level system resources
	No Drop Capabilities for Containers	/backup-cronjob.yaml: 23	Sees if Kubernetes Drop Capabilities exists to ensure containers security context
	Pod or Container Without LimitRange	/backup-cronjob.yaml: 5	Each namespace should have a LimitRange policy associated to ensure that resource allocations of Pods, Containers and PersistentVolumeClaims do not...
	Pod or Container Without ResourceQuota	/backup-cronjob.yaml: 5	Each namespace should have a ResourceQuota policy associated to limit the total amount of resources Pods, Containers and PersistentVolumeClaims can...
	Pod or Container Without Security Context	/backup-cronjob.yaml: 23	A security context defines privilege and access control settings for a Pod or Container
	Root Container Not Mounted Read-only	/backup-cronjob.yaml: 23	Check if the root container filesystem is not being mounted read-only.
	Secrets As Environment Variables	/backup-cronjob.yaml: 27	Container should not use secrets as environment variables

[CLAassistant]

All committers have signed the CLA.