From df30877b5eaaf2df32ad3b3f150ee5af33f74eeb Mon Sep 17 00:00:00 2001
From: Sten <sten@Sten-sin-MacBook-Pro.local>
Date: Thu, 11 Jun 2026 13:18:20 +0200
Subject: [PATCH] fix(forte-drop-pg-backup): set MC_CONFIG_DIR so mc can write
 its config
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The backup CronJob runs as uid 65532 (runAsNonRoot). mc defaulted its
config dir to $HOME/.mc = /.mc and failed with "mkdir /.mc: permission
denied" on the non-writable root fs — every nightly run died before
uploading, so there are currently no backups in s3://drops/_pgbackups/.
Point MC_CONFIG_DIR at the shared /work emptyDir (writable via fsGroup).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 .../forte-drop-postgresql/resources/pg-backup-cronjob.yaml  | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/apps/overlays/upc-dev/forte-drop-postgresql/resources/pg-backup-cronjob.yaml b/apps/overlays/upc-dev/forte-drop-postgresql/resources/pg-backup-cronjob.yaml
index 4304424..3ba3fef 100644
--- a/apps/overlays/upc-dev/forte-drop-postgresql/resources/pg-backup-cronjob.yaml
+++ b/apps/overlays/upc-dev/forte-drop-postgresql/resources/pg-backup-cronjob.yaml
@@ -77,6 +77,12 @@ spec:
               mc rm --recursive --force --older-than 30d "obj/${S3_BUCKET}/_pgbackups/" || true
               echo "backup retention pass complete"
             env:
+            # mc writes its config under $MC_CONFIG_DIR; point it at the shared
+            # emptyDir (writable by uid 65532 via fsGroup). Without this it tries
+            # to mkdir /.mc on the read-only-to-nonroot root fs -> "mkdir /.mc:
+            # permission denied" and every run fails before uploading.
+            - name: MC_CONFIG_DIR
+              value: "/work/.mc"
             - name: S3_ENDPOINT
               valueFrom:
                 secretKeyRef: { name: forte-drop-secrets, key: S3_ENDPOINT }