services/comms/synapse-signingkey-ensure-job.yaml

@@ -2,7 +2,7 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: othrys-synapse-signingkey-ensure-4
+  name: othrys-synapse-signingkey-ensure-5
   namespace: comms
 spec:
   backoffLimit: 2
@@ -34,9 +34,9 @@ spec:
               if kubectl -n comms get secret othrys-synapse-signingkey -o jsonpath='{.data.signing\.key}' 2>/dev/null | grep -q .; then
                 exit 0
               fi
-              signing_key_b64="$(base64 /work/signing.key | tr -d '\n')"
+              kubectl -n comms create secret generic othrys-synapse-signingkey \
-              payload="$(printf '{"data":{"signing.key":"%s"}}' "${signing_key_b64}")"
+                --from-file=signing.key=/work/signing.key \
-              kubectl -n comms patch secret othrys-synapse-signingkey --type=merge -p "${payload}" >/dev/null
+                --dry-run=client -o yaml | kubectl -n comms apply -f - >/dev/null
           volumeMounts:
             - name: work
               mountPath: /work

services/keycloak/synapse-oidc-secret-ensure-job.yaml

@@ -2,7 +2,7 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: synapse-oidc-secret-ensure-3
+  name: synapse-oidc-secret-ensure-4
   namespace: sso
 spec:
   backoffLimit: 0