plane secret patcher and dns

argocd/apps/plane/plane-secret-patcher.yaml

@@ -18,51 +18,41 @@ spec:
         - /bin/sh
         - -c
         - |
-          # Patch plane-app-secrets
+          echo "Patching Plane Secrets & DNS Config…"
-          kubectl patch secret plane-app-secrets -n plane --type='json' -p='[
-            {"op": "replace", "path": "/data/DATABASE_URL", "value": "'$(echo -n "postgresql://plane:plane@plane-pgdb:5432/plane" | base64)'"},
-            {"op": "replace", "path": "/data/REDIS_URL", "value": "'$(echo -n "redis://plane-redis:6379/" | base64)'"},
-            {"op": "replace", "path": "/data/AMQP_URL", "value": "'$(echo -n "amqp://plane:plane@plane-rabbitmq/" | base64)'"}
-          ]'
 
-          # Patch plane-live-secrets
+          DB_URL=$(echo -n "postgresql://plane:plane@plane-pgdb:5432/plane" | base64)
-          kubectl patch secret plane-live-secrets -n plane --type='json' -p='[
+          REDIS_URL=$(echo -n "redis://plane-redis:6379/" | base64)
-            {"op": "replace", "path": "/data/REDIS_URL", "value": "'$(echo -n "redis://plane-redis:6379/" | base64)'"}
+          AMQP_URL=$(echo -n "amqp://plane:plane@plane-rabbitmq/" | base64)
-          ]'
 
-          echo "Secrets patched successfully"
+          kubectl patch secret plane-app-secrets -n plane --type=json -p "
+          [
+            {\"op\": \"replace\", \"path\": \"/data/DATABASE_URL\", \"value\": \"${DB_URL}\"},
+            {\"op\": \"replace\", \"path\": \"/data/REDIS_URL\", \"value\": \"${REDIS_URL}\"},
+            {\"op\": \"replace\", \"path\": \"/data/AMQP_URL\", \"value\": \"${AMQP_URL}\"}
+          ]"
 
-          kubectl patch deployment plane-api-wl -n plane --type='json' -p='[
+          kubectl patch secret plane-live-secrets -n plane --type=json -p "
-            {
+          [
-              "op": "add",
+            {\"op\": \"replace\", \"path\": \"/data/REDIS_URL\", \"value\": \"${REDIS_URL}\"}
-              "path": "/spec/template/spec/dnsConfig",
+          ]"
-              "value": {
+
-                "options": [{"name": "ndots", "value": "1"}]
+          echo "Secrets patched successfully!"
+
+          # Deployments: plane-api-wl, plane-worker-wl, plane-beat-worker-wl
+          for item in plane-api-wl plane-worker-wl plane-beat-worker-wl; do
+            kubectl patch deployment $item -n plane --type=json -p "
+            [
+              {
+                \"op\": \"add\",
+                \"path\": \"/spec/template/spec/dnsConfig\",
+                \"value\": {
+                  \"options\": [{\"name\": \"ndots\", \"value\": \"1\"}]
+                }
               }
-            }
+            ]" || echo "DNS patch failed or already applied for $item"
-          ]'
+          done
 
-          # Patch Worker Deployment
+          echo "All patches completed!"
-          kubectl patch deployment plane-worker-wl -n plane --type='json' -p='[
-            {
-              "op": "add",
-              "path": "/spec/template/spec/dnsConfig",
-              "value": {
-                "options": [{"name": "ndots", "value": "1"}]
-              }
-            }
-          ]'
-
-          # Patch Beat Worker
-          kubectl patch deployment plane-beat-worker-wl -n plane --type='json' -p='[
-            {
-              "op": "add",
-              "path": "/spec/template/spec/dnsConfig",
-              "value": {
-                "options": [{"name": "ndots", "value": "1"}]
-              }
-            }
-          ]'  
 ---
 apiVersion: v1
 kind: ServiceAccount
@@ -79,6 +69,9 @@ rules:
 - apiGroups: [""]
   resources: ["secrets"]
   verbs: ["get", "patch"]
+- apiGroups: ["apps"]
+  resources: ["deployments"]
+  verbs: ["patch", "get"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding