17 changed files with 26 additions and 30 deletions
--- a/services/bstein-dev-home/portal-onboarding-e2e-test-job.yaml
+++ b/services/bstein-dev-home/portal-onboarding-e2e-test-job.yaml
@ -2,7 +2,7 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: portal-onboarding-e2e-test-14
+  name: portal-onboarding-e2e-test-13
  namespace: bstein-dev-home
 spec:
  backoffLimit: 0
--- a/services/gitea/deployment.yaml
+++ b/services/gitea/deployment.yaml
@ -67,9 +67,9 @@ spec:
            - -c
            - |
              set -euo pipefail
-              CLIENT_ID="$(tr -d '\r\n' </vault/secrets/gitea-oidc__client_id)"
+              CLIENT_ID="$(cat /vault/secrets/gitea-oidc__client_id)"
-              CLIENT_SECRET="$(tr -d '\r\n' </vault/secrets/gitea-oidc__client_secret)"
+              CLIENT_SECRET="$(cat /vault/secrets/gitea-oidc__client_secret)"
-              DISCOVERY_URL="$(tr -d '\r\n' </vault/secrets/gitea-oidc__openid_auto_discovery_url)"
+              DISCOVERY_URL="$(cat /vault/secrets/gitea-oidc__openid_auto_discovery_url)"
              APPINI=/data/gitea/conf/app.ini
              BIN=/usr/local/bin/gitea
@ -78,7 +78,7 @@ spec:
              if [ -n "$id" ]; then
                echo "Updating existing auth source id=$id"
-                if ! $BIN -c "$APPINI" admin auth update-oauth \
+                $BIN -c "$APPINI" admin auth update-oauth \
                  --id "$id" \
                  --name keycloak \
                  --provider openidConnect \
@ -90,12 +90,10 @@ spec:
                  --required-claim-value "" \
                  --group-claim-name groups \
                  --admin-group admin \
-                  --skip-local-2fa; then
+                  --skip-local-2fa
                  echo "OIDC update failed; continuing without blocking startup" >&2
                fi
              else
                echo "Creating keycloak auth source"
-                if ! $BIN -c "$APPINI" admin auth add-oauth \
+                $BIN -c "$APPINI" admin auth add-oauth \
                  --name keycloak \
                  --provider openidConnect \
                  --key "$CLIENT_ID" \
@ -106,9 +104,7 @@ spec:
                  --required-claim-value "" \
                  --group-claim-name groups \
                  --admin-group admin \
-                  --skip-local-2fa; then
+                  --skip-local-2fa
                  echo "OIDC create failed; continuing without blocking startup" >&2
                fi
              fi
          volumeMounts:
            - name: gitea-data
@ -137,9 +133,9 @@ spec:
          args:
            - |
              set -euo pipefail
-              export GITEA__security__SECRET_KEY="$(tr -d '\r\n' </vault/secrets/gitea-secret__SECRET_KEY)"
+              export GITEA__security__SECRET_KEY="$(cat /vault/secrets/gitea-secret__SECRET_KEY)"
-              export GITEA__security__INTERNAL_TOKEN="$(tr -d '\r\n' </vault/secrets/gitea-secret__INTERNAL_TOKEN)"
+              export GITEA__security__INTERNAL_TOKEN="$(cat /vault/secrets/gitea-secret__INTERNAL_TOKEN)"
-              export DB_PASS="$(tr -d '\r\n' </vault/secrets/gitea-db-secret__password)"
+              export DB_PASS="$(cat /vault/secrets/gitea-db-secret__password)"
              exec /usr/bin/entrypoint /usr/bin/s6-svscan /etc/s6
          ports:
            - containerPort: 3000
--- a/services/keycloak/endurain-oidc-secret-ensure-job.yaml
+++ b/services/keycloak/endurain-oidc-secret-ensure-job.yaml
@ -2,7 +2,7 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: endurain-oidc-secret-ensure-2
+  name: endurain-oidc-secret-ensure-1
  namespace: sso
 spec:
  backoffLimit: 0
--- a/services/keycloak/harbor-oidc-secret-ensure-job.yaml
+++ b/services/keycloak/harbor-oidc-secret-ensure-job.yaml
@ -2,7 +2,7 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: harbor-oidc-secret-ensure-6
+  name: harbor-oidc-secret-ensure-5
  namespace: sso
 spec:
  backoffLimit: 0
--- a/services/keycloak/ldap-federation-job.yaml
+++ b/services/keycloak/ldap-federation-job.yaml
@ -2,7 +2,7 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: keycloak-ldap-federation-8
+  name: keycloak-ldap-federation-7
  namespace: sso
 spec:
  backoffLimit: 2
--- a/services/keycloak/logs-oidc-secret-ensure-job.yaml
+++ b/services/keycloak/logs-oidc-secret-ensure-job.yaml
@ -2,7 +2,7 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: logs-oidc-secret-ensure-5
+  name: logs-oidc-secret-ensure-4
  namespace: sso
 spec:
  backoffLimit: 0
--- a/services/keycloak/mas-secrets-ensure-job.yaml
+++ b/services/keycloak/mas-secrets-ensure-job.yaml
@ -10,7 +10,7 @@ imagePullSecrets:
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: mas-secrets-ensure-17
+  name: mas-secrets-ensure-16
  namespace: sso
 spec:
  backoffLimit: 0
--- a/services/keycloak/portal-e2e-client-job.yaml
+++ b/services/keycloak/portal-e2e-client-job.yaml
@ -2,7 +2,7 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: keycloak-portal-e2e-client-5
+  name: keycloak-portal-e2e-client-4
  namespace: sso
 spec:
  backoffLimit: 0
--- a/services/keycloak/portal-e2e-execute-actions-email-test-job.yaml
+++ b/services/keycloak/portal-e2e-execute-actions-email-test-job.yaml
@ -2,7 +2,7 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: keycloak-portal-e2e-execute-actions-email-8
+  name: keycloak-portal-e2e-execute-actions-email-7
  namespace: sso
 spec:
  backoffLimit: 3
--- a/services/keycloak/portal-e2e-target-client-job.yaml
+++ b/services/keycloak/portal-e2e-target-client-job.yaml
@ -2,7 +2,7 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: keycloak-portal-e2e-target-4
+  name: keycloak-portal-e2e-target-3
  namespace: sso
 spec:
  backoffLimit: 0
--- a/services/keycloak/portal-e2e-token-exchange-permissions-job.yaml
+++ b/services/keycloak/portal-e2e-token-exchange-permissions-job.yaml
@ -2,7 +2,7 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: keycloak-portal-e2e-token-exchange-permissions-8
+  name: keycloak-portal-e2e-token-exchange-permissions-7
  namespace: sso
 spec:
  backoffLimit: 6
--- a/services/keycloak/portal-e2e-token-exchange-test-job.yaml
+++ b/services/keycloak/portal-e2e-token-exchange-test-job.yaml
@ -2,7 +2,7 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: keycloak-portal-e2e-token-exchange-test-4
+  name: keycloak-portal-e2e-token-exchange-test-3
  namespace: sso
 spec:
  backoffLimit: 6
--- a/services/keycloak/realm-settings-job.yaml
+++ b/services/keycloak/realm-settings-job.yaml
@ -2,7 +2,7 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: keycloak-realm-settings-20
+  name: keycloak-realm-settings-19
  namespace: sso
 spec:
  backoffLimit: 0
--- a/services/keycloak/sparkyfitness-oidc-secret-ensure-job.yaml
+++ b/services/keycloak/sparkyfitness-oidc-secret-ensure-job.yaml
@ -2,7 +2,7 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: sparkyfitness-oidc-secret-ensure-2
+  name: sparkyfitness-oidc-secret-ensure-1
  namespace: sso
 spec:
  backoffLimit: 0
--- a/services/keycloak/synapse-oidc-secret-ensure-job.yaml
+++ b/services/keycloak/synapse-oidc-secret-ensure-job.yaml
@ -2,7 +2,7 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: synapse-oidc-secret-ensure-7
+  name: synapse-oidc-secret-ensure-6
  namespace: sso
 spec:
  backoffLimit: 0
--- a/services/keycloak/user-overrides-job.yaml
+++ b/services/keycloak/user-overrides-job.yaml
@ -2,7 +2,7 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: keycloak-user-overrides-4
+  name: keycloak-user-overrides-3
  namespace: sso
 spec:
  backoffLimit: 0
--- a/services/keycloak/vault-oidc-secret-ensure-job.yaml
+++ b/services/keycloak/vault-oidc-secret-ensure-job.yaml
@ -2,7 +2,7 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: vault-oidc-secret-ensure-4
+  name: vault-oidc-secret-ensure-3
  namespace: sso
 spec:
  backoffLimit: 0