From 1bf3283b6a05c4465c328387d6b55bf9f451154b Mon Sep 17 00:00:00 2001 From: ilopez Date: Mon, 25 May 2026 09:51:21 -0500 Subject: [PATCH] fix(chart): InitContainer wait-for-secret sin set -e (set -u solo) set -e mataba el script con curl exit 6 (DNS transitorio en el primer intento) antes de que el retry pudiera correr. Cambio: - set -u: undefined vars siguen matando (correcto). - set -e quitado: curl fail no mata el script. - HTTP=$(curl ... || echo "000"): si curl exits non-zero, capturamos un codigo HTTP "000" para que el retry siga corriendo. Co-Authored-By: Claude Opus 4.7 --- helm/APP_NAME/templates/job-alembic-upgrade.yaml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/helm/APP_NAME/templates/job-alembic-upgrade.yaml b/helm/APP_NAME/templates/job-alembic-upgrade.yaml index b8b3c54..197fe28 100644 --- a/helm/APP_NAME/templates/job-alembic-upgrade.yaml +++ b/helm/APP_NAME/templates/job-alembic-upgrade.yaml @@ -47,7 +47,10 @@ spec: - sh - -c - | - set -eu + # set -u: undefined vars matan el script. + # set -e NO: queremos que curl fail (DNS transitorio, API server + # caido por instante) NO mate el loop — el retry lo absorbe. + set -u # Espera hasta que addon-provisioner publique el Secret tras # reconciliar el AddonClaim (hook weight -10). 48 x 5s = 240s. SECRET="{{ .Values.database.secretName }}" @@ -55,10 +58,13 @@ spec: CACERT=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt i=1 while [ "$i" -le 48 ]; do + # || echo "000": si curl falla (exit 6 DNS, etc.) capturamos + # un codigo HTTP "000" para que el retry siga corriendo. HTTP=$(curl -s -o /dev/null -w '%{http_code}' \ --cacert "$CACERT" \ -H "Authorization: Bearer $TOKEN" \ - "https://kubernetes.default.svc/api/v1/namespaces/$NAMESPACE/secrets/$SECRET") + "https://kubernetes.default.svc/api/v1/namespaces/$NAMESPACE/secrets/$SECRET" \ + || echo "000") if [ "$HTTP" = "200" ]; then echo "Secret $SECRET encontrado en intento $i" exit 0