docs(07): create phase plan
Phase 07: GitOps Foundation - 2 plan(s) in 2 wave(s) - Wave 1: 07-01 (register application) - Wave 2: 07-02 (verify gitops behavior) - Ready for execution Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Thomas Richter
240
.planning/phases/07-gitops-foundation/07-01-PLAN.md
Normal file
240
.planning/phases/07-gitops-foundation/07-01-PLAN.md
Normal file
@@ -0,0 +1,240 @@
|
||||
---
|
||||
phase: 07-gitops-foundation
|
||||
plan: 01
|
||||
type: execute
|
||||
wave: 1
|
||||
depends_on: []
|
||||
files_modified:
|
||||
- argocd/application.yaml
|
||||
- argocd/repo-secret.yaml
|
||||
autonomous: true
|
||||
|
||||
must_haves:
|
||||
truths:
|
||||
- "ArgoCD can access TaskPlanner Git repository"
|
||||
- "TaskPlanner Application exists in ArgoCD"
|
||||
- "Application shows Synced status"
|
||||
artifacts:
|
||||
- path: "argocd/repo-secret.yaml"
|
||||
provides: "Repository credentials for ArgoCD"
|
||||
contains: "argocd.argoproj.io/secret-type: repository"
|
||||
- path: "argocd/application.yaml"
|
||||
provides: "ArgoCD Application manifest"
|
||||
contains: "kind: Application"
|
||||
key_links:
|
||||
- from: "argocd/application.yaml"
|
||||
to: "ArgoCD server"
|
||||
via: "kubectl apply"
|
||||
pattern: "kind: Application"
|
||||
- from: "argocd/repo-secret.yaml"
|
||||
to: "Gitea repository"
|
||||
via: "repository secret"
|
||||
pattern: "secret-type: repository"
|
||||
---
|
||||
|
||||
<objective>
|
||||
Register TaskPlanner with ArgoCD by creating repository credentials and applying the Application manifest.
|
||||
|
||||
Purpose: Enable GitOps workflow where ArgoCD manages TaskPlanner deployment from Git source of truth.
|
||||
Output: TaskPlanner Application registered in ArgoCD showing "Synced" status.
|
||||
</objective>
|
||||
|
||||
<execution_context>
|
||||
@/home/tho/.claude/get-shit-done/workflows/execute-plan.md
|
||||
@/home/tho/.claude/get-shit-done/templates/summary.md
|
||||
</execution_context>
|
||||
|
||||
<context>
|
||||
@.planning/PROJECT.md
|
||||
@.planning/ROADMAP.md
|
||||
@.planning/STATE.md
|
||||
@.planning/phases/07-gitops-foundation/07-CONTEXT.md
|
||||
@argocd/application.yaml
|
||||
@helm/taskplaner/values.yaml
|
||||
</context>
|
||||
|
||||
<tasks>
|
||||
|
||||
<task type="auto">
|
||||
<name>Task 1: Create ArgoCD repository secret for TaskPlanner</name>
|
||||
<files>argocd/repo-secret.yaml</files>
|
||||
<action>
|
||||
Create a Kubernetes Secret for ArgoCD to access the TaskPlanner Gitea repository.
|
||||
|
||||
The secret must:
|
||||
1. Be in namespace `argocd`
|
||||
2. Have label `argocd.argoproj.io/secret-type: repository`
|
||||
3. Use internal cluster URL: `http://gitea-http.gitea.svc.cluster.local:3000/tho/taskplaner.git`
|
||||
4. Use same credentials as existing gitea-repo secret (username: admin)
|
||||
|
||||
Create the file `argocd/repo-secret.yaml`:
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: taskplaner-repo
|
||||
namespace: argocd
|
||||
labels:
|
||||
argocd.argoproj.io/secret-type: repository
|
||||
stringData:
|
||||
type: git
|
||||
url: http://gitea-http.gitea.svc.cluster.local:3000/tho/taskplaner.git
|
||||
username: admin
|
||||
password: <GET_FROM_EXISTING_SECRET>
|
||||
```
|
||||
|
||||
Get the password from existing gitea-repo secret:
|
||||
```bash
|
||||
kubectl get secret gitea-repo -n argocd -o jsonpath='{.data.password}' | base64 -d
|
||||
```
|
||||
|
||||
Apply the secret:
|
||||
```bash
|
||||
kubectl apply -f argocd/repo-secret.yaml
|
||||
```
|
||||
|
||||
Note: Do NOT commit the password to Git. The file should use a placeholder or be gitignored.
|
||||
Actually, create the secret directly with kubectl instead of a file with real credentials:
|
||||
|
||||
```bash
|
||||
PASSWORD=$(kubectl get secret gitea-repo -n argocd -o jsonpath='{.data.password}' | base64 -d)
|
||||
kubectl create secret generic taskplaner-repo \
|
||||
--namespace argocd \
|
||||
--from-literal=type=git \
|
||||
--from-literal=url=http://gitea-http.gitea.svc.cluster.local:3000/tho/taskplaner.git \
|
||||
--from-literal=username=admin \
|
||||
--from-literal=password="$PASSWORD" \
|
||||
--dry-run=client -o yaml | kubectl label -f - argocd.argoproj.io/secret-type=repository --local -o yaml | kubectl apply -f -
|
||||
```
|
||||
|
||||
Or simpler approach - just apply with label:
|
||||
```bash
|
||||
PASSWORD=$(kubectl get secret gitea-repo -n argocd -o jsonpath='{.data.password}' | base64 -d)
|
||||
cat <<EOF | kubectl apply -f -
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: taskplaner-repo
|
||||
namespace: argocd
|
||||
labels:
|
||||
argocd.argoproj.io/secret-type: repository
|
||||
stringData:
|
||||
type: git
|
||||
url: http://gitea-http.gitea.svc.cluster.local:3000/tho/taskplaner.git
|
||||
username: admin
|
||||
password: "$PASSWORD"
|
||||
EOF
|
||||
```
|
||||
</action>
|
||||
<verify>
|
||||
```bash
|
||||
kubectl get secret taskplaner-repo -n argocd
|
||||
kubectl get secret taskplaner-repo -n argocd -o jsonpath='{.metadata.labels}'
|
||||
```
|
||||
Should show the secret exists with repository label.
|
||||
</verify>
|
||||
<done>Secret `taskplaner-repo` exists in argocd namespace with correct labels and credentials.</done>
|
||||
</task>
|
||||
|
||||
<task type="auto">
|
||||
<name>Task 2: Update and apply ArgoCD Application manifest</name>
|
||||
<files>argocd/application.yaml</files>
|
||||
<action>
|
||||
Update `argocd/application.yaml` to:
|
||||
1. Use internal Gitea URL (matches the repo secret)
|
||||
2. Remove the inline registry secret (it has a placeholder that shouldn't be in Git)
|
||||
3. Ensure the Application references the correct image pull secret name
|
||||
|
||||
Changes needed in application.yaml:
|
||||
1. Change `repoURL` from `https://git.kube2.tricnet.de/tho/taskplaner.git` to `http://gitea-http.gitea.svc.cluster.local:3000/tho/taskplaner.git`
|
||||
2. Remove the `---` separated Secret at the bottom (gitea-registry-secret with placeholder)
|
||||
3. The helm values already reference `gitea-registry-secret` for imagePullSecrets
|
||||
|
||||
The registry secret needs to exist separately. Check if it exists:
|
||||
```bash
|
||||
kubectl get secret gitea-registry-secret -n default
|
||||
```
|
||||
|
||||
If it doesn't exist, create it (the helm chart expects it). Get Gitea registry credentials and create:
|
||||
```bash
|
||||
# Create the registry secret for image pulls
|
||||
kubectl create secret docker-registry gitea-registry-secret \
|
||||
--namespace default \
|
||||
--docker-server=git.kube2.tricnet.de \
|
||||
--docker-username=admin \
|
||||
--docker-password="$(kubectl get secret gitea-repo -n argocd -o jsonpath='{.data.password}' | base64 -d)"
|
||||
```
|
||||
|
||||
Then apply the Application:
|
||||
```bash
|
||||
kubectl apply -f argocd/application.yaml
|
||||
```
|
||||
</action>
|
||||
<verify>
|
||||
```bash
|
||||
kubectl get application taskplaner -n argocd
|
||||
kubectl get application taskplaner -n argocd -o jsonpath='{.status.sync.status}'
|
||||
```
|
||||
Application should exist and show sync status.
|
||||
</verify>
|
||||
<done>ArgoCD Application `taskplaner` exists and ArgoCD begins syncing.</done>
|
||||
</task>
|
||||
|
||||
<task type="auto">
|
||||
<name>Task 3: Wait for sync and verify healthy status</name>
|
||||
<files></files>
|
||||
<action>
|
||||
Wait for ArgoCD to sync the application and verify it reaches Synced + Healthy status.
|
||||
|
||||
```bash
|
||||
# Wait for sync (up to 5 minutes)
|
||||
kubectl wait --for=jsonpath='{.status.sync.status}'=Synced application/taskplaner -n argocd --timeout=300s
|
||||
|
||||
# Check health status
|
||||
kubectl get application taskplaner -n argocd -o jsonpath='{.status.health.status}'
|
||||
|
||||
# Get full status
|
||||
kubectl get application taskplaner -n argocd -o wide
|
||||
```
|
||||
|
||||
If sync fails, check:
|
||||
1. ArgoCD logs: `kubectl logs -n argocd -l app.kubernetes.io/name=argocd-repo-server`
|
||||
2. Application status: `kubectl describe application taskplaner -n argocd`
|
||||
3. Repo connectivity: ArgoCD UI Settings -> Repositories
|
||||
|
||||
Common issues:
|
||||
- Repo credentials incorrect: Check taskplaner-repo secret
|
||||
- Helm chart errors: Check argocd-repo-server logs
|
||||
- Image pull errors: Check gitea-registry-secret
|
||||
</action>
|
||||
<verify>
|
||||
```bash
|
||||
kubectl get application taskplaner -n argocd -o jsonpath='{.status.sync.status}'
|
||||
kubectl get application taskplaner -n argocd -o jsonpath='{.status.health.status}'
|
||||
```
|
||||
Should output: `Synced` and `Healthy`
|
||||
</verify>
|
||||
<done>Application shows "Synced" status and "Healthy" health in ArgoCD.</done>
|
||||
</task>
|
||||
|
||||
</tasks>
|
||||
|
||||
<verification>
|
||||
Phase success indicators:
|
||||
1. `kubectl get secret taskplaner-repo -n argocd` returns the secret
|
||||
2. `kubectl get application taskplaner -n argocd` shows the application
|
||||
3. Application status is Synced and Healthy
|
||||
4. ArgoCD UI at argocd.kube2.tricnet.de shows TaskPlanner with green sync status
|
||||
</verification>
|
||||
|
||||
<success_criteria>
|
||||
- Repository secret created with correct labels
|
||||
- Application manifest applied successfully
|
||||
- ArgoCD shows TaskPlanner as Synced
|
||||
- ArgoCD shows TaskPlanner as Healthy
|
||||
- Requirements GITOPS-01 (already done) and GITOPS-02 satisfied
|
||||
</success_criteria>
|
||||
|
||||
<output>
|
||||
After completion, create `.planning/phases/07-gitops-foundation/07-01-SUMMARY.md`
|
||||
</output>
|
||||
Reference in New Issue
Block a user