From 1688fe0dfd092a35acc48ce46ae470d1789598e9 Mon Sep 17 00:00:00 2001
From: Gabriel Radureau <arcodange@gmail.com>
Date: Wed, 6 May 2026 12:55:39 +0200
Subject: [PATCH] fix(crowdsec): clean up Failed pods before Traefik middleware
 reload

Re-running the role would leave behind crowdsec pods stuck in Failed phase
(typically after a config error on a previous run), which then blocked the
Traefik middleware refresh. Delete them up front so the next reconcile
schedules fresh pods.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .../factory/playbooks/tools/roles/crowdsec/tasks/main.yml  | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/ansible/arcodange/factory/playbooks/tools/roles/crowdsec/tasks/main.yml b/ansible/arcodange/factory/playbooks/tools/roles/crowdsec/tasks/main.yml
index dcf8655..b26e262 100644
--- a/ansible/arcodange/factory/playbooks/tools/roles/crowdsec/tasks/main.yml
+++ b/ansible/arcodange/factory/playbooks/tools/roles/crowdsec/tasks/main.yml
@@ -147,6 +147,13 @@
             redisCacheDatabase: "0"
             redisCacheUnreachableBlock: false
 
+- name: Supprimer les pods crowdsec en état Error pour forcer leur redémarrage
+  ansible.builtin.shell: |
+    kubectl get pods -n tools -l k8s-app=crowdsec \
+      --field-selector=status.phase=Failed -o name | xargs -r kubectl delete -n tools
+  changed_when: false
+  ignore_errors: yes
+
 - name: Redémarrer traefik pour prendre la nouvelle configuration du middleware
   block:
     # ---------------------