From 2985a7d12cd5e13310ce1dfd934838196a733f44 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@bstein.dev>
Date: Tue, 9 Jun 2026 01:06:18 -0300
Subject: [PATCH] veles: replace secrets oneoff job

---
 services/veles/NOTES.md                              | 2 +-
 services/veles/oneoffs/veles-secrets-ensure-job.yaml | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/services/veles/NOTES.md b/services/veles/NOTES.md
index 1b8c588a..47a93539 100644
--- a/services/veles/NOTES.md
+++ b/services/veles/NOTES.md
@@ -52,7 +52,7 @@ tolerations:
 2. Use Metis with `titan-23` in `METIS_FLASH_HOSTS`; the existing node secret placeholder uses `192.168.22.23`.
 3. Confirm the node normalizer applies the Veles labels and taint.
 4. Add Oceanus Longhorn disks at paths tagged by the Longhorn tag ensure job.
-5. Let Vault policy reconciliation run, then unsuspend `veles-secrets-ensure-1`.
+5. Let Vault policy reconciliation run, then unsuspend `veles-secrets-ensure-2`.
 6. Unsuspend `veles-realm-ensure-1` in `services/keycloak` to create the realm/client secret.
 7. Create the Harbor `veles` project or robot access before image automation is enabled in production.
 8. Scale `veles-postgres`, then backend/frontend once app images exist.
diff --git a/services/veles/oneoffs/veles-secrets-ensure-job.yaml b/services/veles/oneoffs/veles-secrets-ensure-job.yaml
index 80f2d0af..4b7ef67b 100644
--- a/services/veles/oneoffs/veles-secrets-ensure-job.yaml
+++ b/services/veles/oneoffs/veles-secrets-ensure-job.yaml
@@ -1,11 +1,11 @@
 # services/veles/oneoffs/veles-secrets-ensure-job.yaml
-# One-off job for veles/veles-secrets-ensure-1.
+# One-off job for veles/veles-secrets-ensure-2.
 # Purpose: seed Veles Vault paths before app/Postgres pods are scaled up.
 # Keep suspended until the veles Vault role has reconciled, then unsuspend once.
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: veles-secrets-ensure-1
+  name: veles-secrets-ensure-2
   namespace: veles
 spec:
   suspend: true