From d3c6ddeead3a4868159d71a09ccbf83427bf0676 Mon Sep 17 00:00:00 2001 From: Brad Stein Date: Thu, 8 Jan 2026 05:40:28 -0300 Subject: [PATCH] comms: re-run signing key and synapse oidc --- services/comms/synapse-signingkey-ensure-job.yaml | 8 ++++---- services/keycloak/synapse-oidc-secret-ensure-job.yaml | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/services/comms/synapse-signingkey-ensure-job.yaml b/services/comms/synapse-signingkey-ensure-job.yaml index a76948d..5ebaeda 100644 --- a/services/comms/synapse-signingkey-ensure-job.yaml +++ b/services/comms/synapse-signingkey-ensure-job.yaml @@ -2,7 +2,7 @@ apiVersion: batch/v1 kind: Job metadata: - name: othrys-synapse-signingkey-ensure-4 + name: othrys-synapse-signingkey-ensure-5 namespace: comms spec: backoffLimit: 2 @@ -34,9 +34,9 @@ spec: if kubectl -n comms get secret othrys-synapse-signingkey -o jsonpath='{.data.signing\.key}' 2>/dev/null | grep -q .; then exit 0 fi - signing_key_b64="$(base64 /work/signing.key | tr -d '\n')" - payload="$(printf '{"data":{"signing.key":"%s"}}' "${signing_key_b64}")" - kubectl -n comms patch secret othrys-synapse-signingkey --type=merge -p "${payload}" >/dev/null + kubectl -n comms create secret generic othrys-synapse-signingkey \ + --from-file=signing.key=/work/signing.key \ + --dry-run=client -o yaml | kubectl -n comms apply -f - >/dev/null volumeMounts: - name: work mountPath: /work diff --git a/services/keycloak/synapse-oidc-secret-ensure-job.yaml b/services/keycloak/synapse-oidc-secret-ensure-job.yaml index 16a7283..7486ced 100644 --- a/services/keycloak/synapse-oidc-secret-ensure-job.yaml +++ b/services/keycloak/synapse-oidc-secret-ensure-job.yaml @@ -2,7 +2,7 @@ apiVersion: batch/v1 kind: Job metadata: - name: synapse-oidc-secret-ensure-3 + name: synapse-oidc-secret-ensure-4 namespace: sso spec: backoffLimit: 0