From 6d13ba12dadca85434596c5a3db1b28187a9ccd1 Mon Sep 17 00:00:00 2001 From: Viktor Barzin Date: Wed, 27 May 2026 09:19:46 +0000 Subject: [PATCH] broker-sync: add fsGroup=10001 to trading212 cron pod spec MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Without supplementary GID 10001, the broker user (uid=10001 gid=999) cannot write sqlite3 journal files next to /data/sync.db. The cron hits a "readonly database" error in dedup.record() AFTER successfully importing fills to Wealthfolio — so data lands but the dedup store never updates, leaving every subsequent run to re-fetch the same window and exit 1 again. Same fix that's already on imap + ibkr crons. Co-Authored-By: Claude Opus 4.7 --- stacks/broker-sync/main.tf | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/stacks/broker-sync/main.tf b/stacks/broker-sync/main.tf index a8348a14..e74020f6 100644 --- a/stacks/broker-sync/main.tf +++ b/stacks/broker-sync/main.tf @@ -164,6 +164,13 @@ resource "kubernetes_cron_job_v1" "trading212" { } spec { restart_policy = "OnFailure" + # See imap cron — without fsGroup=10001 the broker user (uid=10001 + # gid=999) can't write the sqlite3 journal next to /data/sync.db + # and the dedup.record() call after a successful WF import crashes + # with "attempt to write a readonly database". + security_context { + fs_group = 10001 + } container { name = "broker-sync" image = local.broker_sync_image @@ -328,15 +335,6 @@ resource "kubernetes_cron_job_v1" "ibkr" { } } } - env { - name = "IBKR_ACCOUNT_ID" - value_from { - secret_key_ref { - name = "broker-sync-secrets" - key = "ibkr_account_id" - } - } - } env { name = "IBKR_ACCOUNT_ID_UPSTREAM" value_from {