fix(ocis-backup): Fix S3 backup permissions and update config IDs

Adds `fsGroup` to the S3 backup cronjob's security context to ensure proper volume ownership. Increases the SSH key secret's `defaultMode` to grant group read access, resolving permission failures when reading the SSH key.
2026-05-03 02:16:02 +02:00 · 2026-05-03 02:16:02 +02:00 · d65181de78
parent d048bbb2a5
commit d65181de78
5 changed files with 7 additions and 5 deletions
--- a/prototypes/ocis/ytt/s3-backup-cronjob.ytt.yaml
+++ b/prototypes/ocis/ytt/s3-backup-cronjob.ytt.yaml
@ -31,6 +31,7 @@ spec:
            runAsNonRoot: true
            runAsUser: 1009
            runAsGroup: 1009
+            fsGroup: 1009
            seccompProfile:
              type: RuntimeDefault
          containers:
@ -108,4 +109,4 @@ spec:
                items:
                  - key: ssh-key
                    path: ssh-key
-                defaultMode: 0400
+                defaultMode: 0440
--- a/rendered/envs/production/ocis/configmap-auth-service.yaml
+++ b/rendered/envs/production/ocis/configmap-auth-service.yaml
@ -1,6 +1,6 @@
 apiVersion: v1
 data:
-  service-account-id: af9235cc-560a-4135-8d16-788aa729b35f
+  service-account-id: 6e0e0096-95c0-428e-802d-494cd15a70c2
 kind: ConfigMap
 metadata:
  annotations:
--- a/rendered/envs/production/ocis/configmap-graph.yaml
+++ b/rendered/envs/production/ocis/configmap-graph.yaml
@ -1,6 +1,6 @@
 apiVersion: v1
 data:
-  application-id: 105ef2f0-3450-491e-9df3-9d3567f2377c
+  application-id: 0f44b6c4-08bf-40fd-92c4-fd20a5359244
 kind: ConfigMap
 metadata:
  annotations:
--- a/rendered/envs/production/ocis/configmap-storage-users.yaml
+++ b/rendered/envs/production/ocis/configmap-storage-users.yaml
@ -1,6 +1,6 @@
 apiVersion: v1
 data:
-  storage-uuid: aa2eff14-4594-407b-b06b-aaf7e22a95d1
+  storage-uuid: 0960ac4f-5101-4abf-a28c-6b8202b505fd
 kind: ConfigMap
 metadata:
  annotations:
--- a/rendered/envs/production/ocis/cronjob-ocis-s3-backup.yaml
+++ b/rendered/envs/production/ocis/cronjob-ocis-s3-backup.yaml
@ -82,6 +82,7 @@ spec:
                  readOnly: true
          restartPolicy: OnFailure
          securityContext:
+            fsGroup: 1009
            runAsGroup: 1009
            runAsNonRoot: true
            runAsUser: 1009
@ -91,7 +92,7 @@ spec:
          volumes:
            - name: storagebox-ssh
              secret:
-                defaultMode: 256
+                defaultMode: 288
                items:
                  - key: ssh-key
                    path: ssh-key