From fb1639d8986e40e0da205687f692486a50ae5dff Mon Sep 17 00:00:00 2001
From: Aftab Alam <81828613+iaftab-alam@users.noreply.github.com>
Date: Fri, 6 Mar 2026 15:16:51 +0100
Subject: [PATCH] Add init container to wait for UAA before starting CredHub

Fixes startup race condition where CredHub attempts to connect to UAA
before UAA is ready, causing CredHub to crash with connection refused
errors.

The wait-for-uaa init container polls UAA's /healthz endpoint until it
responds successfully before allowing the CredHub container to start.
---
 .../app/files/config/credhub/credhub.yml        | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/terraform-modules/concourse/app/files/config/credhub/credhub.yml b/terraform-modules/concourse/app/files/config/credhub/credhub.yml
index be37394f..d4cba765 100644
--- a/terraform-modules/concourse/app/files/config/credhub/credhub.yml
+++ b/terraform-modules/concourse/app/files/config/credhub/credhub.yml
@@ -45,6 +45,23 @@ spec:
       #@overlay/match missing_ok=True
       #@overlay/merge
       initContainers:
+      - name: wait-for-uaa
+        image: curlimages/curl:latest
+        command:
+        - sh
+        - -c
+        - |
+          MAX_RETRIES=35
+          for i in $(seq 1 $MAX_RETRIES); do
+            if curl -f -s --connect-timeout 3 --max-time 5 http://uaa.concourse.svc.cluster.local:8080/healthz > /dev/null; then
+              echo "UAA is ready!"
+              exit 0
+            fi
+            echo "Waiting for UAA... (attempt $i/$MAX_RETRIES)"
+            sleep 5
+          done
+          echo "ERROR: Timeout waiting for UAA after $((MAX_RETRIES * 5)) seconds.  UAA is not ready!"
+          exit 1
       - name: fix-secrets
         image: linuxserver/yq:amd64-latest
         command: