88 lines
2.6 KiB
YAML
88 lines
2.6 KiB
YAML
apiVersion: batch/v1
|
|
kind: Job
|
|
metadata:
|
|
name: plane-secret-patcher
|
|
namespace: plane
|
|
annotations:
|
|
argocd.argoproj.io/hook: PostSync
|
|
argocd.argoproj.io/hook-delete-policy: BeforeHookCreation
|
|
spec:
|
|
template:
|
|
spec:
|
|
serviceAccountName: plane-secret-patcher
|
|
restartPolicy: Never
|
|
containers:
|
|
- name: patcher
|
|
image: bitnami/kubectl:latest
|
|
command:
|
|
- /bin/sh
|
|
- -c
|
|
- |
|
|
echo "Patching Plane Secrets & DNS Config…"
|
|
|
|
DB_URL=$(echo -n "postgresql://plane:plane@plane-pgdb:5432/plane" | base64)
|
|
REDIS_URL=$(echo -n "redis://plane-redis:6379/" | base64)
|
|
AMQP_URL=$(echo -n "amqp://plane:plane@plane-rabbitmq/" | base64)
|
|
|
|
kubectl patch secret plane-app-secrets -n plane --type=json -p "
|
|
[
|
|
{\"op\": \"replace\", \"path\": \"/data/DATABASE_URL\", \"value\": \"${DB_URL}\"},
|
|
{\"op\": \"replace\", \"path\": \"/data/REDIS_URL\", \"value\": \"${REDIS_URL}\"},
|
|
{\"op\": \"replace\", \"path\": \"/data/AMQP_URL\", \"value\": \"${AMQP_URL}\"}
|
|
]"
|
|
|
|
kubectl patch secret plane-live-secrets -n plane --type=json -p "
|
|
[
|
|
{\"op\": \"replace\", \"path\": \"/data/REDIS_URL\", \"value\": \"${REDIS_URL}\"}
|
|
]"
|
|
|
|
echo "Secrets patched successfully!"
|
|
|
|
# Deployments: plane-api-wl, plane-worker-wl, plane-beat-worker-wl
|
|
for item in plane-api-wl plane-worker-wl plane-beat-worker-wl; do
|
|
kubectl patch deployment $item -n plane --type=json -p "
|
|
[
|
|
{
|
|
\"op\": \"add\",
|
|
\"path\": \"/spec/template/spec/dnsConfig\",
|
|
\"value\": {
|
|
\"options\": [{\"name\": \"ndots\", \"value\": \"1\"}]
|
|
}
|
|
}
|
|
]" || echo "DNS patch failed or already applied for $item"
|
|
done
|
|
|
|
echo "All patches completed!"
|
|
---
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: plane-secret-patcher
|
|
namespace: plane
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: Role
|
|
metadata:
|
|
name: plane-secret-patcher
|
|
namespace: plane
|
|
rules:
|
|
- apiGroups: [""]
|
|
resources: ["secrets"]
|
|
verbs: ["get", "patch"]
|
|
- apiGroups: ["apps"]
|
|
resources: ["deployments"]
|
|
verbs: ["patch", "get"]
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: RoleBinding
|
|
metadata:
|
|
name: plane-secret-patcher
|
|
namespace: plane
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: Role
|
|
name: plane-secret-patcher
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: plane-secret-patcher
|
|
namespace: plane |