admin/taskplaner
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
taskplaner/.planning/phases/07-gitops-foundation/07-01-PLAN.md
Thomas Richter 1d4302d5bf docs(07): create phase plan 
Phase 07: GitOps Foundation
- 2 plan(s) in 2 wave(s)
- Wave 1: 07-01 (register application)
- Wave 2: 07-02 (verify gitops behavior)
- Ready for execution

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-03 14:54:41 +01:00

7.6 KiB
Raw Permalink Blame History

phase, plan, type, wave, depends_on, files_modified, autonomous, must_haves
phase plan type wave depends_on files_modified autonomous must_haves
07-gitops-foundation 01 execute 1
argocd/application.yaml
argocd/repo-secret.yaml
true
truths artifacts key_links
ArgoCD can access TaskPlanner Git repository
TaskPlanner Application exists in ArgoCD
Application shows Synced status
path provides contains
argocd/repo-secret.yaml Repository credentials for ArgoCD argocd.argoproj.io/secret-type: repository
path provides contains
argocd/application.yaml ArgoCD Application manifest kind: Application
from to via pattern
argocd/application.yaml ArgoCD server kubectl apply kind: Application
from to via pattern
argocd/repo-secret.yaml Gitea repository repository secret secret-type: repository
Register TaskPlanner with ArgoCD by creating repository credentials and applying the Application manifest.

Purpose: Enable GitOps workflow where ArgoCD manages TaskPlanner deployment from Git source of truth. Output: TaskPlanner Application registered in ArgoCD showing "Synced" status.

<execution_context> @/home/tho/.claude/get-shit-done/workflows/execute-plan.md @/home/tho/.claude/get-shit-done/templates/summary.md </execution_context>

@.planning/PROJECT.md @.planning/ROADMAP.md @.planning/STATE.md @.planning/phases/07-gitops-foundation/07-CONTEXT.md @argocd/application.yaml @helm/taskplaner/values.yaml Task 1: Create ArgoCD repository secret for TaskPlanner argocd/repo-secret.yaml Create a Kubernetes Secret for ArgoCD to access the TaskPlanner Gitea repository.

The secret must:

  1. Be in namespace argocd
  2. Have label argocd.argoproj.io/secret-type: repository
  3. Use internal cluster URL: http://gitea-http.gitea.svc.cluster.local:3000/tho/taskplaner.git
  4. Use same credentials as existing gitea-repo secret (username: admin)

Create the file argocd/repo-secret.yaml:

apiVersion: v1
kind: Secret
metadata:
  name: taskplaner-repo
  namespace: argocd
  labels:
    argocd.argoproj.io/secret-type: repository
stringData:
  type: git
  url: http://gitea-http.gitea.svc.cluster.local:3000/tho/taskplaner.git
  username: admin
  password: <GET_FROM_EXISTING_SECRET>

Get the password from existing gitea-repo secret:

kubectl get secret gitea-repo -n argocd -o jsonpath='{.data.password}' | base64 -d

Apply the secret:

kubectl apply -f argocd/repo-secret.yaml

Note: Do NOT commit the password to Git. The file should use a placeholder or be gitignored. Actually, create the secret directly with kubectl instead of a file with real credentials:

PASSWORD=$(kubectl get secret gitea-repo -n argocd -o jsonpath='{.data.password}' | base64 -d)
kubectl create secret generic taskplaner-repo \
  --namespace argocd \
  --from-literal=type=git \
  --from-literal=url=http://gitea-http.gitea.svc.cluster.local:3000/tho/taskplaner.git \
  --from-literal=username=admin \
  --from-literal=password="$PASSWORD" \
  --dry-run=client -o yaml | kubectl label -f - argocd.argoproj.io/secret-type=repository --local -o yaml | kubectl apply -f -

Or simpler approach - just apply with label:

PASSWORD=$(kubectl get secret gitea-repo -n argocd -o jsonpath='{.data.password}' | base64 -d)
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Secret
metadata:
  name: taskplaner-repo
  namespace: argocd
  labels:
    argocd.argoproj.io/secret-type: repository
stringData:
  type: git
  url: http://gitea-http.gitea.svc.cluster.local:3000/tho/taskplaner.git
  username: admin
  password: "$PASSWORD"
EOF
```bash kubectl get secret taskplaner-repo -n argocd kubectl get secret taskplaner-repo -n argocd -o jsonpath='{.metadata.labels}' ``` Should show the secret exists with repository label. Secret `taskplaner-repo` exists in argocd namespace with correct labels and credentials. Task 2: Update and apply ArgoCD Application manifest argocd/application.yaml Update `argocd/application.yaml` to: 1. Use internal Gitea URL (matches the repo secret) 2. Remove the inline registry secret (it has a placeholder that shouldn't be in Git) 3. Ensure the Application references the correct image pull secret name

Changes needed in application.yaml:

  1. Change repoURL from https://git.kube2.tricnet.de/tho/taskplaner.git to http://gitea-http.gitea.svc.cluster.local:3000/tho/taskplaner.git
  2. Remove the --- separated Secret at the bottom (gitea-registry-secret with placeholder)
  3. The helm values already reference gitea-registry-secret for imagePullSecrets

The registry secret needs to exist separately. Check if it exists:

kubectl get secret gitea-registry-secret -n default

If it doesn't exist, create it (the helm chart expects it). Get Gitea registry credentials and create:

# Create the registry secret for image pulls
kubectl create secret docker-registry gitea-registry-secret \
  --namespace default \
  --docker-server=git.kube2.tricnet.de \
  --docker-username=admin \
  --docker-password="$(kubectl get secret gitea-repo -n argocd -o jsonpath='{.data.password}' | base64 -d)"

Then apply the Application:

kubectl apply -f argocd/application.yaml
```bash kubectl get application taskplaner -n argocd kubectl get application taskplaner -n argocd -o jsonpath='{.status.sync.status}' ``` Application should exist and show sync status. ArgoCD Application `taskplaner` exists and ArgoCD begins syncing. Task 3: Wait for sync and verify healthy status Wait for ArgoCD to sync the application and verify it reaches Synced + Healthy status. 
# Wait for sync (up to 5 minutes)
kubectl wait --for=jsonpath='{.status.sync.status}'=Synced application/taskplaner -n argocd --timeout=300s

# Check health status
kubectl get application taskplaner -n argocd -o jsonpath='{.status.health.status}'

# Get full status
kubectl get application taskplaner -n argocd -o wide

If sync fails, check:

  1. ArgoCD logs: kubectl logs -n argocd -l app.kubernetes.io/name=argocd-repo-server
  2. Application status: kubectl describe application taskplaner -n argocd
  3. Repo connectivity: ArgoCD UI Settings -> Repositories

Common issues:

  • Repo credentials incorrect: Check taskplaner-repo secret
  • Helm chart errors: Check argocd-repo-server logs
  • Image pull errors: Check gitea-registry-secret 
kubectl get application taskplaner -n argocd -o jsonpath='{.status.sync.status}'
kubectl get application taskplaner -n argocd -o jsonpath='{.status.health.status}'

Should output: Synced and Healthy Application shows "Synced" status and "Healthy" health in ArgoCD.

Phase success indicators: 1. `kubectl get secret taskplaner-repo -n argocd` returns the secret 2. `kubectl get application taskplaner -n argocd` shows the application 3. Application status is Synced and Healthy 4. ArgoCD UI at argocd.kube2.tricnet.de shows TaskPlanner with green sync status

<success_criteria>

  • Repository secret created with correct labels
  • Application manifest applied successfully
  • ArgoCD shows TaskPlanner as Synced
  • ArgoCD shows TaskPlanner as Healthy
  • Requirements GITOPS-01 (already done) and GITOPS-02 satisfied </success_criteria>
After completion, create `.planning/phases/07-gitops-foundation/07-01-SUMMARY.md`
Reference in New Issue View Git Blame Copy Permalink