sso: retry keycloak secret jobs

2026-01-17 03:24:30 -03:00 · 2026-01-17 03:24:30 -03:00 · acfab6a150
commit acfab6a150
parent 728f2cd2ee
3 changed files with 17 additions and 3 deletions
--- a/services/keycloak/actual-oidc-secret-ensure-job.yaml
+++ b/services/keycloak/actual-oidc-secret-ensure-job.yaml
@ -2,7 +2,7 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: actual-oidc-secret-ensure-2
+  name: actual-oidc-secret-ensure-3
  namespace: sso
 spec:
  backoffLimit: 0
--- a/services/keycloak/mas-secrets-ensure-job.yaml
+++ b/services/keycloak/mas-secrets-ensure-job.yaml
@ -10,7 +10,7 @@ imagePullSecrets:
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: mas-secrets-ensure-19
+  name: mas-secrets-ensure-20
  namespace: sso
 spec:
  backoffLimit: 0
@ -49,6 +49,13 @@ spec:
              umask 077

              KC_URL="http://keycloak.sso.svc.cluster.local"
+              for attempt in 1 2 3 4 5 6 7 8 9 10; do
+                if curl -fsS "${KC_URL}/realms/master" >/dev/null 2>&1; then
+                  break
+                fi
+                echo "Waiting for Keycloak to be reachable (attempt ${attempt})" >&2
+                sleep $((attempt * 2))
+              done
              ACCESS_TOKEN=""
              for attempt in 1 2 3 4 5; do
                TOKEN_JSON="$(curl -sS -X POST "$KC_URL/realms/master/protocol/openid-connect/token" \
--- a/services/keycloak/scripts/actual_oidc_secret_ensure.sh
+++ b/services/keycloak/scripts/actual_oidc_secret_ensure.sh
@ -5,6 +5,13 @@ set -euo pipefail

 KC_URL="http://keycloak.sso.svc.cluster.local"
 ACCESS_TOKEN=""
+for attempt in 1 2 3 4 5 6 7 8 9 10; do
+  if curl -fsS "${KC_URL}/realms/master" >/dev/null 2>&1; then
+    break
+  fi
+  echo "Waiting for Keycloak to be reachable (attempt ${attempt})" >&2
+  sleep $((attempt * 2))
+done
 for attempt in 1 2 3 4 5; do
  TOKEN_JSON="$(curl -sS -X POST "$KC_URL/realms/master/protocol/openid-connect/token" \
    -H 'Content-Type: application/x-www-form-urlencoded' \
@ -35,7 +42,7 @@ if [ -z "$CLIENT_ID" ] || [ "$CLIENT_ID" = "null" ]; then
    -H 'Content-Type: application/json' \
    -d "${create_payload}" \
    "$KC_URL/admin/realms/atlas/clients")"
-  if [ "$status" != "201" ] && [ "$status" != "204" ]; then
+  if [ "$status" != "201" ] && [ "$status" != "204" ] && [ "$status" != "409" ]; then
    echo "Keycloak client create failed (status ${status})" >&2
    exit 1
  fi