arubis/iam-deployment-solution-fix.patch

## iam-deployment-solution-fix.patch
--- a/solution.sh
+++ b/solution.sh
@@ -283,18 +283,32 @@ update_keycloak_client "$KC_TOKEN" "kong" \
 echo ">>> Configuring Gitea SSO..."

-# Check if auth source already exists
-GITEA_AUTH_EXISTS=$(kubectl exec -n gitea deployment/gitea -- su git -c 'gitea admin auth list' 2>/dev/null | grep -i keycloak || true)
+# Wait for Keycloak to be reachable from within the Gitea pod
+# Note: Inside the cluster, use port 8080 (service port), not port 80 (ingress)
+echo "    Waiting for Keycloak to be reachable from Gitea pod..."
+for i in {1..30}; do
+    if kubectl exec -n gitea deployment/gitea -- curl -s -o /dev/null -w "%{http_code}" \
+        "http://keycloak.keycloak.svc.cluster.local:8080/realms/nebula/.well-known/openid-configuration" 2>/dev/null | grep -q "200"; then
+        echo "    Keycloak is reachable from Gitea pod"
+        break
+    fi
+    echo "    Waiting for Keycloak connectivity... ($i/30)"
+    sleep 5
+done

+# Check if auth source already exists
+GITEA_AUTH_EXISTS=$(kubectl exec -n gitea deployment/gitea -- su git -c 'gitea admin auth list' 2>/dev/null | grep -i keycloak || true)
+
 if [ -z "$GITEA_AUTH_EXISTS" ]; then
     echo "    Adding Keycloak OAuth source via Gitea CLI..."
-    kubectl exec -n gitea deployment/gitea -- su git -c 'gitea admin auth add-oauth \
-        --name "Keycloak" \
-        --provider openidConnect \
-        --key gitea \
-        --secret gitea-client-secret \
-        --auto-discover-url http://keycloak.devops.local/realms/nebula/.well-known/openid-configuration \
-        --scopes "openid profile email groups"' 2>/dev/null
-    echo "    Gitea OAuth source created"
+    # Retry loop for auth configuration
+    # Note: Use internal cluster URL with port 8080 for pod-to-pod communication
+    for attempt in {1..3}; do
+        if kubectl exec -n gitea deployment/gitea -- su git -c 'gitea admin auth add-oauth \
+            --name "Keycloak" \
+            --provider openidConnect \
+            --key gitea \
+            --secret gitea-client-secret \
+            --auto-discover-url http://keycloak.keycloak.svc.cluster.local:8080/realms/nebula/.well-known/openid-configuration \
+            --scopes "openid profile email groups"' 2>/dev/null; then
+            echo "    Gitea OAuth source created"
+            break
+        else
+            echo "    Attempt $attempt failed, retrying in 10s..."
+            sleep 10
+        fi
+    done
 else
     echo "    Gitea OAuth source already exists"
 fi
	--- a/solution.sh
	+++ b/solution.sh
	@@ -283,18 +283,32 @@ update_keycloak_client "$KC_TOKEN" "kong" \
	echo ">>> Configuring Gitea SSO..."

	-# Check if auth source already exists
	-GITEA_AUTH_EXISTS=$(kubectl exec -n gitea deployment/gitea -- su git -c 'gitea admin auth list' 2>/dev/null \| grep -i keycloak \|\| true)
	+# Wait for Keycloak to be reachable from within the Gitea pod
	+# Note: Inside the cluster, use port 8080 (service port), not port 80 (ingress)
	+echo " Waiting for Keycloak to be reachable from Gitea pod..."
	+for i in {1..30}; do
	+ if kubectl exec -n gitea deployment/gitea -- curl -s -o /dev/null -w "%{http_code}" \
	+ "http://keycloak.keycloak.svc.cluster.local:8080/realms/nebula/.well-known/openid-configuration" 2>/dev/null \| grep -q "200"; then
	+ echo " Keycloak is reachable from Gitea pod"
	+ break
	+ fi
	+ echo " Waiting for Keycloak connectivity... ($i/30)"
	+ sleep 5
	+done

	+# Check if auth source already exists
	+GITEA_AUTH_EXISTS=$(kubectl exec -n gitea deployment/gitea -- su git -c 'gitea admin auth list' 2>/dev/null \| grep -i keycloak \|\| true)
	+
	if [ -z "$GITEA_AUTH_EXISTS" ]; then
	echo " Adding Keycloak OAuth source via Gitea CLI..."
	- kubectl exec -n gitea deployment/gitea -- su git -c 'gitea admin auth add-oauth \
	- --name "Keycloak" \
	- --provider openidConnect \
	- --key gitea \
	- --secret gitea-client-secret \
	- --auto-discover-url http://keycloak.devops.local/realms/nebula/.well-known/openid-configuration \
	- --scopes "openid profile email groups"' 2>/dev/null
	- echo " Gitea OAuth source created"
	+ # Retry loop for auth configuration
	+ # Note: Use internal cluster URL with port 8080 for pod-to-pod communication
	+ for attempt in {1..3}; do
	+ if kubectl exec -n gitea deployment/gitea -- su git -c 'gitea admin auth add-oauth \
	+ --name "Keycloak" \
	+ --provider openidConnect \
	+ --key gitea \
	+ --secret gitea-client-secret \
	+ --auto-discover-url http://keycloak.keycloak.svc.cluster.local:8080/realms/nebula/.well-known/openid-configuration \
	+ --scopes "openid profile email groups"' 2>/dev/null; then
	+ echo " Gitea OAuth source created"
	+ break
	+ else
	+ echo " Attempt $attempt failed, retrying in 10s..."
	+ sleep 10
	+ fi
	+ done
	else
	echo " Gitea OAuth source already exists"
	fi
No results found