gitea_admin/k8s-and-chill
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

fix(ocis-backup): Fix S3 backup permissions and update config IDs

Browse source 
Adds `fsGroup` to the S3 backup cronjob's security context to ensure proper volume ownership. Increases the SSH key secret's `defaultMode` to grant group read access, resolving permission failures when reading the SSH key.
This commit is contained in:
Felix Wolf 2026-05-03 02:16:02 +02:00
parent d048bbb2a5
commit d65181de78
5 changed files with 7 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
prototypes/ocis/ytt/s3-backup-cronjob.ytt.yaml
View file

@ -31,6 +31,7 @@ spec:
runAsNonRoot: true runAsNonRoot: true
runAsUser: 1009 runAsUser: 1009
runAsGroup: 1009 runAsGroup: 1009
fsGroup: 1009
seccompProfile: seccompProfile:
type: RuntimeDefault type: RuntimeDefault
containers: containers:
@ -108,4 +109,4 @@ spec:
items: items:
- key: ssh-key - key: ssh-key
path: ssh-key path: ssh-key
defaultMode: 0400 defaultMode: 0440

2
rendered/envs/production/ocis/configmap-auth-service.yaml
View file

@ -1,6 +1,6 @@
apiVersion: v1 apiVersion: v1
data: data:
service-account-id: af9235cc-560a-4135-8d16-788aa729b35f service-account-id: 6e0e0096-95c0-428e-802d-494cd15a70c2
kind: ConfigMap kind: ConfigMap
metadata: metadata:
annotations: annotations:

2
rendered/envs/production/ocis/configmap-graph.yaml
View file

@ -1,6 +1,6 @@
apiVersion: v1 apiVersion: v1
data: data:
application-id: 105ef2f0-3450-491e-9df3-9d3567f2377c application-id: 0f44b6c4-08bf-40fd-92c4-fd20a5359244
kind: ConfigMap kind: ConfigMap
metadata: metadata:
annotations: annotations:

2
rendered/envs/production/ocis/configmap-storage-users.yaml
View file

@ -1,6 +1,6 @@
apiVersion: v1 apiVersion: v1
data: data:
storage-uuid: aa2eff14-4594-407b-b06b-aaf7e22a95d1 storage-uuid: 0960ac4f-5101-4abf-a28c-6b8202b505fd
kind: ConfigMap kind: ConfigMap
metadata: metadata:
annotations: annotations:

3
rendered/envs/production/ocis/cronjob-ocis-s3-backup.yaml
View file

@ -82,6 +82,7 @@ spec:
readOnly: true readOnly: true
restartPolicy: OnFailure restartPolicy: OnFailure
securityContext: securityContext:
fsGroup: 1009
runAsGroup: 1009 runAsGroup: 1009
runAsNonRoot: true runAsNonRoot: true
runAsUser: 1009 runAsUser: 1009
@ -91,7 +92,7 @@ spec:
volumes: volumes:
- name: storagebox-ssh - name: storagebox-ssh
secret: secret:
defaultMode: 256 defaultMode: 288
items: items:
- key: ssh-key - key: ssh-key
path: ssh-key path: ssh-key