services/comms/mas-db-ensure-job.yaml

@@ -2,10 +2,11 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: mas-db-ensure-4
+  name: mas-db-ensure-6
   namespace: comms
 spec:
-  backoffLimit: 2
+  backoffLimit: 0
+  ttlSecondsAfterFinished: 600
   template:
     spec:
       serviceAccountName: mas-db-ensure
@@ -19,8 +20,9 @@ spec:
           command: ["/bin/sh", "-c"]
           args:
             - |
-              set -euo pipefail
+              set -eu
               umask 077
+              echo "ensuring postgres auth secret"
               if kubectl -n postgres get secret postgres-auth >/dev/null 2>&1; then
                 kubectl -n postgres get secret postgres-auth -o jsonpath='{.data.POSTGRES_PASSWORD}' | base64 -d > /work/postgres_password
               else
@@ -32,6 +34,7 @@ spec:
                 printf '%s' "${POSTGRES_PASS}" > /work/postgres_password
                 kubectl -n postgres create secret generic postgres-auth --from-file=POSTGRES_PASSWORD=/work/postgres_password >/dev/null
               fi
+              echo "ensuring mas db secret"
               if kubectl -n comms get secret mas-db >/dev/null 2>&1; then
                 kubectl -n comms get secret mas-db -o jsonpath='{.data.password}' | base64 -d > /work/mas_password
               else
@@ -56,9 +59,10 @@ spec:
           command: ["/bin/sh", "-c"]
           args:
             - |
-              set -euo pipefail
+              set -eu
               export PGPASSWORD="$(cat /work/postgres_password)"
               MAS_PASS="$(cat /work/mas_password)"
+              echo "ensuring mas role/database"
               psql -v ON_ERROR_STOP=1 -v mas_pass="${MAS_PASS}" <<'SQL'
               DO $$
               BEGIN