comms: allow postgres exec for mas db

services/comms/mas-db-ensure-job.yaml

@@ -2,7 +2,7 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: mas-db-ensure-7
+  name: mas-db-ensure-8
   namespace: comms
 spec:
   backoffLimit: 0
@@ -26,9 +26,9 @@ spec:
                 kubectl -n comms create secret generic mas-db --from-literal=password="${MAS_PASS}" >/dev/null
               fi
 
-              POD_NAME="postgres-0"
+              POD_NAME="$(kubectl -n postgres get pods -l app=postgres -o jsonpath='{.items[0].metadata.name}')"
-              if ! kubectl -n postgres get pod "${POD_NAME}" >/dev/null 2>&1; then
+              if [ -z "${POD_NAME}" ]; then
-                echo "postgres pod ${POD_NAME} not found" >&2
+                echo "postgres pod not found" >&2
                 exit 1
               fi
 

services/comms/mas-db-ensure-rbac.yaml

@@ -16,11 +16,9 @@ rules:
     verbs: ["get", "create", "patch", "update"]
   - apiGroups: [""]
     resources: ["pods"]
-    resourceNames: ["postgres-0"]
+    verbs: ["get", "list"]
-    verbs: ["get"]
   - apiGroups: [""]
     resources: ["pods/exec"]
-    resourceNames: ["postgres-0"]
     verbs: ["create"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1