comms: re-run signing key and synapse oidc

2026-01-08 05:40:28 -03:00 · 2026-01-08 05:40:28 -03:00 · d3c6ddeead
commit d3c6ddeead
parent 2a6f0a8db3
2 changed files with 5 additions and 5 deletions
--- a/services/comms/synapse-signingkey-ensure-job.yaml
+++ b/services/comms/synapse-signingkey-ensure-job.yaml
@ -2,7 +2,7 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: othrys-synapse-signingkey-ensure-4
+  name: othrys-synapse-signingkey-ensure-5
  namespace: comms
 spec:
  backoffLimit: 2
@ -34,9 +34,9 @@ spec:
              if kubectl -n comms get secret othrys-synapse-signingkey -o jsonpath='{.data.signing\.key}' 2>/dev/null | grep -q .; then
                exit 0
              fi
-              signing_key_b64="$(base64 /work/signing.key | tr -d '\n')"
-              payload="$(printf '{"data":{"signing.key":"%s"}}' "${signing_key_b64}")"
-              kubectl -n comms patch secret othrys-synapse-signingkey --type=merge -p "${payload}" >/dev/null
+              kubectl -n comms create secret generic othrys-synapse-signingkey \
+                --from-file=signing.key=/work/signing.key \
+                --dry-run=client -o yaml | kubectl -n comms apply -f - >/dev/null
          volumeMounts:
            - name: work
              mountPath: /work
--- a/services/keycloak/synapse-oidc-secret-ensure-job.yaml
+++ b/services/keycloak/synapse-oidc-secret-ensure-job.yaml
@ -2,7 +2,7 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: synapse-oidc-secret-ensure-3
+  name: synapse-oidc-secret-ensure-4
  namespace: sso
 spec:
  backoffLimit: 0