fix(chart): InitContainer wait-for-secret sin set -e (set -u solo)
Some checks failed
__APP_NAME__ — build & deploy / Calidad + build + push (push) Failing after 3m54s
__APP_NAME__ — build & deploy / Helm upgrade --install (push) Has been skipped

set -e mataba el script con curl exit 6 (DNS transitorio en el primer
intento) antes de que el retry pudiera correr. Cambio:
- set -u: undefined vars siguen matando (correcto).
- set -e quitado: curl fail no mata el script.
- HTTP=$(curl ... || echo "000"): si curl exits non-zero, capturamos
  un codigo HTTP "000" para que el retry siga corriendo.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
ilopez
2026-05-25 09:51:21 -05:00
parent eae346684f
commit 1bf3283b6a

View File

@@ -47,7 +47,10 @@ spec:
- sh
- -c
- |
set -eu
# set -u: undefined vars matan el script.
# set -e NO: queremos que curl fail (DNS transitorio, API server
# caido por instante) NO mate el loop — el retry lo absorbe.
set -u
# Espera hasta que addon-provisioner publique el Secret tras
# reconciliar el AddonClaim (hook weight -10). 48 x 5s = 240s.
SECRET="{{ .Values.database.secretName }}"
@@ -55,10 +58,13 @@ spec:
CACERT=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
i=1
while [ "$i" -le 48 ]; do
# || echo "000": si curl falla (exit 6 DNS, etc.) capturamos
# un codigo HTTP "000" para que el retry siga corriendo.
HTTP=$(curl -s -o /dev/null -w '%{http_code}' \
--cacert "$CACERT" \
-H "Authorization: Bearer $TOKEN" \
"https://kubernetes.default.svc/api/v1/namespaces/$NAMESPACE/secrets/$SECRET")
"https://kubernetes.default.svc/api/v1/namespaces/$NAMESPACE/secrets/$SECRET" \
|| echo "000")
if [ "$HTTP" = "200" ]; then
echo "Secret $SECRET encontrado en intento $i"
exit 0