From d199af0351d43ea2b2e23c3d56d1055f5371fb39 Mon Sep 17 00:00:00 2001
From: kirson-git <ekirson@nvidia.com>
Date: Wed, 17 Jun 2026 17:27:49 +0300
Subject: [PATCH] fix(setup.sh): set Temporal namespace retention on create

The Temporal namespaces (cloud, site, flow, <site-uuid>) are created with
`temporal operator namespace create -n <ns> --address ... 2>/dev/null || true`
with no --retention. Depending on the Temporal server's default-retention
policy the create can be rejected/incomplete, and the `2>/dev/null || true`
hides the failure. The namespace then never exists, and nico-rest cloud/site/
flow workers CrashLoop with 'Namespace "<ns>" is not found'.

Set an explicit --retention (72h) on each namespace create so it succeeds
deterministically regardless of server defaults.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Signed-off-by: kirson-git <ekirson@nvidia.com>
---
 helm-prereqs/setup.sh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/helm-prereqs/setup.sh b/helm-prereqs/setup.sh
index 8d84de19d7..498c77e888 100755
--- a/helm-prereqs/setup.sh
+++ b/helm-prereqs/setup.sh
@@ -630,12 +630,12 @@ _TEMPORAL_TLS="--tls-cert-path /var/secrets/temporal/certs/server-interservice/t
     --tls-ca-path /var/secrets/temporal/certs/server-interservice/ca.crt \
     --tls-server-name interservice.server.temporal.local"
 kubectl exec -n temporal deploy/temporal-admintools -- \
-    sh -c "temporal operator namespace create -n cloud --address ${_TEMPORAL_ADDR} ${_TEMPORAL_TLS}" 2>/dev/null || true
+    sh -c "temporal operator namespace create -n cloud --retention 72h --address ${_TEMPORAL_ADDR} ${_TEMPORAL_TLS}" 2>/dev/null || true
 kubectl exec -n temporal deploy/temporal-admintools -- \
-    sh -c "temporal operator namespace create -n site --address ${_TEMPORAL_ADDR} ${_TEMPORAL_TLS}" 2>/dev/null || true
+    sh -c "temporal operator namespace create -n site --retention 72h --address ${_TEMPORAL_ADDR} ${_TEMPORAL_TLS}" 2>/dev/null || true
 # flow Temporal namespace — required by NICo Flow workers; pod panics on startup if absent.
 kubectl exec -n temporal deploy/temporal-admintools -- \
-    sh -c "temporal operator namespace create -n flow --address ${_TEMPORAL_ADDR} ${_TEMPORAL_TLS}" 2>/dev/null || true
+    sh -c "temporal operator namespace create -n flow --retention 72h --address ${_TEMPORAL_ADDR} ${_TEMPORAL_TLS}" 2>/dev/null || true
 echo "Temporal namespaces ready"
 
 _SETUP_PHASE="[7g/7] NICo REST helm chart"
@@ -763,7 +763,7 @@ _TEMPORAL_TLS="--tls-cert-path /var/secrets/temporal/certs/server-interservice/t
     --tls-ca-path /var/secrets/temporal/certs/server-interservice/ca.crt \
     --tls-server-name interservice.server.temporal.local"
 kubectl exec -n temporal deploy/temporal-admintools -- \
-    sh -c "temporal operator namespace create -n '${NICO_SITE_UUID}' --address ${_TEMPORAL_ADDR} ${_TEMPORAL_TLS}" 2>/dev/null || true
+    sh -c "temporal operator namespace create -n '${NICO_SITE_UUID}' --retention 72h --address ${_TEMPORAL_ADDR} ${_TEMPORAL_TLS}" 2>/dev/null || true
 echo "Temporal namespace ready"
 
 # FLOW_GRPC_ENABLED toggles the site-agent's Flow gRPC client (see