comms: allow postgres exec for mas db

2026-01-08 03:06:34 -03:00 · 2026-01-08 03:06:34 -03:00 · e18accc099
commit e18accc099
parent 0250de8636
2 changed files with 5 additions and 7 deletions
--- a/services/comms/mas-db-ensure-job.yaml
+++ b/services/comms/mas-db-ensure-job.yaml
@ -2,7 +2,7 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: mas-db-ensure-7
+  name: mas-db-ensure-8
  namespace: comms
 spec:
  backoffLimit: 0
@ -26,9 +26,9 @@ spec:
                kubectl -n comms create secret generic mas-db --from-literal=password="${MAS_PASS}" >/dev/null
              fi

-              POD_NAME="postgres-0"
-              if ! kubectl -n postgres get pod "${POD_NAME}" >/dev/null 2>&1; then
-                echo "postgres pod ${POD_NAME} not found" >&2
+              POD_NAME="$(kubectl -n postgres get pods -l app=postgres -o jsonpath='{.items[0].metadata.name}')"
+              if [ -z "${POD_NAME}" ]; then
+                echo "postgres pod not found" >&2
                exit 1
              fi

--- a/services/comms/mas-db-ensure-rbac.yaml
+++ b/services/comms/mas-db-ensure-rbac.yaml
@ -16,11 +16,9 @@ rules:
    verbs: ["get", "create", "patch", "update"]
  - apiGroups: [""]
    resources: ["pods"]
-    resourceNames: ["postgres-0"]
-    verbs: ["get"]
+    verbs: ["get", "list"]
  - apiGroups: [""]
    resources: ["pods/exec"]
-    resourceNames: ["postgres-0"]
    verbs: ["create"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1