admin/taskplaner
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f2a289355d5d74e16cce43597f87b4cd9f72c29b
taskplaner/.planning/phases/07-gitops-foundation/07-01-PLAN.md
Thomas Richter 1d4302d5bf docs(07): create phase plan 
Phase 07: GitOps Foundation
- 2 plan(s) in 2 wave(s)
- Wave 1: 07-01 (register application)
- Wave 2: 07-02 (verify gitops behavior)
- Ready for execution

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-03 14:54:41 +01:00

241 lines
7.6 KiB
Markdown
Raw Blame History

---
phase: 07-gitops-foundation
plan: 01
type: execute
wave: 1
depends_on: []
files_modified:
- argocd/application.yaml
- argocd/repo-secret.yaml
autonomous: true
must_haves:
truths:
- "ArgoCD can access TaskPlanner Git repository"
- "TaskPlanner Application exists in ArgoCD"
- "Application shows Synced status"
artifacts:
- path: "argocd/repo-secret.yaml"
provides: "Repository credentials for ArgoCD"
contains: "argocd.argoproj.io/secret-type: repository"
- path: "argocd/application.yaml"
provides: "ArgoCD Application manifest"
contains: "kind: Application"
key_links:
- from: "argocd/application.yaml"
to: "ArgoCD server"
via: "kubectl apply"
pattern: "kind: Application"
- from: "argocd/repo-secret.yaml"
to: "Gitea repository"
via: "repository secret"
pattern: "secret-type: repository"
---
<objective>
Register TaskPlanner with ArgoCD by creating repository credentials and applying the Application manifest.
Purpose: Enable GitOps workflow where ArgoCD manages TaskPlanner deployment from Git source of truth.
Output: TaskPlanner Application registered in ArgoCD showing "Synced" status.
</objective>
<execution_context>
@/home/tho/.claude/get-shit-done/workflows/execute-plan.md
@/home/tho/.claude/get-shit-done/templates/summary.md
</execution_context>
<context>
@.planning/PROJECT.md
@.planning/ROADMAP.md
@.planning/STATE.md
@.planning/phases/07-gitops-foundation/07-CONTEXT.md
@argocd/application.yaml
@helm/taskplaner/values.yaml
</context>
<tasks>
<task type="auto">
<name>Task 1: Create ArgoCD repository secret for TaskPlanner</name>
<files>argocd/repo-secret.yaml</files>
<action>
Create a Kubernetes Secret for ArgoCD to access the TaskPlanner Gitea repository.
The secret must:
1. Be in namespace `argocd`
2. Have label `argocd.argoproj.io/secret-type: repository`
3. Use internal cluster URL: `http://gitea-http.gitea.svc.cluster.local:3000/tho/taskplaner.git`
4. Use same credentials as existing gitea-repo secret (username: admin)
Create the file `argocd/repo-secret.yaml`:
```yaml
apiVersion: v1
kind: Secret
metadata:
name: taskplaner-repo
namespace: argocd
labels:
argocd.argoproj.io/secret-type: repository
stringData:
type: git
url: http://gitea-http.gitea.svc.cluster.local:3000/tho/taskplaner.git
username: admin
password: <GET_FROM_EXISTING_SECRET>
```
Get the password from existing gitea-repo secret:
```bash
kubectl get secret gitea-repo -n argocd -o jsonpath='{.data.password}' | base64 -d
```
Apply the secret:
```bash
kubectl apply -f argocd/repo-secret.yaml
```
Note: Do NOT commit the password to Git. The file should use a placeholder or be gitignored.
Actually, create the secret directly with kubectl instead of a file with real credentials:
```bash
PASSWORD=$(kubectl get secret gitea-repo -n argocd -o jsonpath='{.data.password}' | base64 -d)
kubectl create secret generic taskplaner-repo \
--namespace argocd \
--from-literal=type=git \
--from-literal=url=http://gitea-http.gitea.svc.cluster.local:3000/tho/taskplaner.git \
--from-literal=username=admin \
--from-literal=password="$PASSWORD" \
--dry-run=client -o yaml | kubectl label -f - argocd.argoproj.io/secret-type=repository --local -o yaml | kubectl apply -f -
```
Or simpler approach - just apply with label:
```bash
PASSWORD=$(kubectl get secret gitea-repo -n argocd -o jsonpath='{.data.password}' | base64 -d)
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Secret
metadata:
name: taskplaner-repo
namespace: argocd
labels:
argocd.argoproj.io/secret-type: repository
stringData:
type: git
url: http://gitea-http.gitea.svc.cluster.local:3000/tho/taskplaner.git
username: admin
password: "$PASSWORD"
EOF
```
</action>
<verify>
```bash
kubectl get secret taskplaner-repo -n argocd
kubectl get secret taskplaner-repo -n argocd -o jsonpath='{.metadata.labels}'
```
Should show the secret exists with repository label.
</verify>
<done>Secret `taskplaner-repo` exists in argocd namespace with correct labels and credentials.</done>
</task>
<task type="auto">
<name>Task 2: Update and apply ArgoCD Application manifest</name>
<files>argocd/application.yaml</files>
<action>
Update `argocd/application.yaml` to:
1. Use internal Gitea URL (matches the repo secret)
2. Remove the inline registry secret (it has a placeholder that shouldn't be in Git)
3. Ensure the Application references the correct image pull secret name
Changes needed in application.yaml:
1. Change `repoURL` from `https://git.kube2.tricnet.de/tho/taskplaner.git` to `http://gitea-http.gitea.svc.cluster.local:3000/tho/taskplaner.git`
2. Remove the `---` separated Secret at the bottom (gitea-registry-secret with placeholder)
3. The helm values already reference `gitea-registry-secret` for imagePullSecrets
The registry secret needs to exist separately. Check if it exists:
```bash
kubectl get secret gitea-registry-secret -n default
```
If it doesn't exist, create it (the helm chart expects it). Get Gitea registry credentials and create:
```bash
# Create the registry secret for image pulls
kubectl create secret docker-registry gitea-registry-secret \
--namespace default \
--docker-server=git.kube2.tricnet.de \
--docker-username=admin \
--docker-password="$(kubectl get secret gitea-repo -n argocd -o jsonpath='{.data.password}' | base64 -d)"
```
Then apply the Application:
```bash
kubectl apply -f argocd/application.yaml
```
</action>
<verify>
```bash
kubectl get application taskplaner -n argocd
kubectl get application taskplaner -n argocd -o jsonpath='{.status.sync.status}'
```
Application should exist and show sync status.
</verify>
<done>ArgoCD Application `taskplaner` exists and ArgoCD begins syncing.</done>
</task>
<task type="auto">
<name>Task 3: Wait for sync and verify healthy status</name>
<files></files>
<action>
Wait for ArgoCD to sync the application and verify it reaches Synced + Healthy status.
```bash
# Wait for sync (up to 5 minutes)
kubectl wait --for=jsonpath='{.status.sync.status}'=Synced application/taskplaner -n argocd --timeout=300s
# Check health status
kubectl get application taskplaner -n argocd -o jsonpath='{.status.health.status}'
# Get full status
kubectl get application taskplaner -n argocd -o wide
```
If sync fails, check:
1. ArgoCD logs: `kubectl logs -n argocd -l app.kubernetes.io/name=argocd-repo-server`
2. Application status: `kubectl describe application taskplaner -n argocd`
3. Repo connectivity: ArgoCD UI Settings -> Repositories
Common issues:
- Repo credentials incorrect: Check taskplaner-repo secret
- Helm chart errors: Check argocd-repo-server logs
- Image pull errors: Check gitea-registry-secret
</action>
<verify>
```bash
kubectl get application taskplaner -n argocd -o jsonpath='{.status.sync.status}'
kubectl get application taskplaner -n argocd -o jsonpath='{.status.health.status}'
```
Should output: `Synced` and `Healthy`
</verify>
<done>Application shows "Synced" status and "Healthy" health in ArgoCD.</done>
</task>
</tasks>
<verification>
Phase success indicators:
1. `kubectl get secret taskplaner-repo -n argocd` returns the secret
2. `kubectl get application taskplaner -n argocd` shows the application
3. Application status is Synced and Healthy
4. ArgoCD UI at argocd.kube2.tricnet.de shows TaskPlanner with green sync status
</verification>
<success_criteria>
- Repository secret created with correct labels
- Application manifest applied successfully
- ArgoCD shows TaskPlanner as Synced
- ArgoCD shows TaskPlanner as Healthy
- Requirements GITOPS-01 (already done) and GITOPS-02 satisfied
</success_criteria>
<output>
After completion, create `.planning/phases/07-gitops-foundation/07-01-SUMMARY.md`
</output>
Reference in New Issue View Git Blame Copy Permalink