minio fixes

2026-05-27 23:08:28 +02:00
parent b26f4d5a59
commit 466a83fcaf
4 changed files with 23 additions and 20 deletions
--- a/infra/values/base/keycloak-values.yaml
+++ b/infra/values/base/keycloak-values.yaml
@@ -338,7 +338,8 @@ extraDeploy:
                upsert_secret() {
                  local ns="$1" name="$2" manifest="$3"
                  local code
-                  code=$(curl -sf -o /dev/null -w "%{http_code}" \
+                  # NOTE: intentionally no -f; we need to capture HTTP 404 without curl exiting 22
+                  code=$(curl -s -o /dev/null -w "%{http_code}" \
                    --cacert "$CA_CERT" \
                    -H "Authorization: Bearer ${SA_TOKEN}" \
                    -H "Content-Type: application/json" \
@@ -347,7 +348,7 @@ extraDeploy:
                  if [ "$code" = "200" ]; then
                    echo "  Updated secret '${ns}/${name}'"
                  elif [ "$code" = "404" ]; then
-                    code=$(curl -sf -o /dev/null -w "%{http_code}" \
+                    code=$(curl -s -o /dev/null -w "%{http_code}" \
                      --cacert "$CA_CERT" \
                      -H "Authorization: Bearer ${SA_TOKEN}" \
                      -H "Content-Type: application/json" \
@@ -394,7 +395,7 @@ extraDeploy:

                  # Get the client secret from Keycloak
                  local secret_value
-                  secret_value=$(curl -sf -H "Authorization: Bearer ${TOKEN}" \
+                  secret_value=$(curl -s -H "Authorization: Bearer ${TOKEN}" \
                    "${KEYCLOAK_URL}/admin/realms/${REALM}/clients/${client_uuid}/client-secret" \
                    | jq -r '.value')

@@ -409,7 +410,7 @@ extraDeploy:

                  # Write to target namespace (if it exists)
                  local ns_status
-                  ns_status=$(curl -sf -o /dev/null -w "%{http_code}" \
+                  ns_status=$(curl -s -o /dev/null -w "%{http_code}" \
                    --cacert "$CA_CERT" \
                    -H "Authorization: Bearer ${SA_TOKEN}" \
                    "${K8S_API}/api/v1/namespaces/${target_ns}")
@@ -433,12 +434,12 @@ extraDeploy:
                  local ns="$1" name="$2" key="$3" value="$4"
                  local patch
                  patch=$(printf '{"metadata":{"annotations":{"%s":"%s"}}}' "$key" "$value")
-                  curl -sf -o /dev/null \
+                  curl -s -o /dev/null \
                    --cacert "$CA_CERT" \
                    -H "Authorization: Bearer ${SA_TOKEN}" \
                    -H "Content-Type: application/strategic-merge-patch+json" \
                    -X PATCH -d "$patch" \
-                    "${K8S_API}/api/v1/namespaces/${ns}/secrets/${name}"
+                    "${K8S_API}/api/v1/namespaces/${ns}/secrets/${name}" || true
                }

                # =============================================