From 72d4766d68256273180a0796e16d67f8d80d2bf7 Mon Sep 17 00:00:00 2001 From: Brad Stein Date: Thu, 8 Jan 2026 03:00:19 -0300 Subject: [PATCH] comms: stabilize mas db job --- services/comms/mas-db-ensure-job.yaml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/services/comms/mas-db-ensure-job.yaml b/services/comms/mas-db-ensure-job.yaml index 71a9dad..9a8cebd 100644 --- a/services/comms/mas-db-ensure-job.yaml +++ b/services/comms/mas-db-ensure-job.yaml @@ -2,10 +2,11 @@ apiVersion: batch/v1 kind: Job metadata: - name: mas-db-ensure-4 + name: mas-db-ensure-6 namespace: comms spec: - backoffLimit: 2 + backoffLimit: 0 + ttlSecondsAfterFinished: 600 template: spec: serviceAccountName: mas-db-ensure @@ -19,8 +20,9 @@ spec: command: ["/bin/sh", "-c"] args: - | - set -euo pipefail + set -eu umask 077 + echo "ensuring postgres auth secret" if kubectl -n postgres get secret postgres-auth >/dev/null 2>&1; then kubectl -n postgres get secret postgres-auth -o jsonpath='{.data.POSTGRES_PASSWORD}' | base64 -d > /work/postgres_password else @@ -32,6 +34,7 @@ spec: printf '%s' "${POSTGRES_PASS}" > /work/postgres_password kubectl -n postgres create secret generic postgres-auth --from-file=POSTGRES_PASSWORD=/work/postgres_password >/dev/null fi + echo "ensuring mas db secret" if kubectl -n comms get secret mas-db >/dev/null 2>&1; then kubectl -n comms get secret mas-db -o jsonpath='{.data.password}' | base64 -d > /work/mas_password else @@ -56,9 +59,10 @@ spec: command: ["/bin/sh", "-c"] args: - | - set -euo pipefail + set -eu export PGPASSWORD="$(cat /work/postgres_password)" MAS_PASS="$(cat /work/mas_password)" + echo "ensuring mas role/database" psql -v ON_ERROR_STOP=1 -v mas_pass="${MAS_PASS}" <<'SQL' DO $$ BEGIN