fix: restart d601 v03 db secret consumers (#986)
Co-authored-by: Codex <codex@noreply.local>
This commit is contained in:
@@ -1372,7 +1372,7 @@ export function cloudApiDbSecretScript(options: NodeSecretOptions, spec: Runtime
|
||||
`db_user=${shellQuote(spec.cloudApiDbUser)}`,
|
||||
`db_host=${shellQuote(spec.cloudApiDbHost)}`,
|
||||
`cloud_api_deployment=${shellQuote(spec.cloudApiDeployment)}`,
|
||||
"db_consumer_deployments=\"hwlab-cloud-api hwlab-user-billing hwlab-workbench-runtime\"",
|
||||
"db_consumer_deployments=\"hwlab-cloud-api hwlab-user-billing hwlab-workbench-runtime hwlab-project-management\"",
|
||||
`action_request=${shellQuote(options.action)}`,
|
||||
`dry_run=${shellQuote(options.dryRun ? "true" : "false")}`,
|
||||
`field_manager=${shellQuote(spec.fieldManager)}`,
|
||||
@@ -1418,6 +1418,16 @@ export function cloudApiDbSecretScript(options: NodeSecretOptions, spec: Runtime
|
||||
" if [ \"$role_exit\" -eq 0 ] && [ \"$database_exit\" -eq 0 ]; then probe_exit=0; else probe_exit=$role_exit/$database_exit; fi",
|
||||
" fi",
|
||||
"}",
|
||||
"deployment_ready_flag() {",
|
||||
" deploy=$1",
|
||||
" desired=$(kubectl -n \"$namespace\" get deployment \"$deploy\" -o 'jsonpath={.spec.replicas}' 2>/dev/null || true)",
|
||||
" updated=$(kubectl -n \"$namespace\" get deployment \"$deploy\" -o 'jsonpath={.status.updatedReplicas}' 2>/dev/null || true)",
|
||||
" available=$(kubectl -n \"$namespace\" get deployment \"$deploy\" -o 'jsonpath={.status.availableReplicas}' 2>/dev/null || true)",
|
||||
" [ -n \"$desired\" ] || desired=0",
|
||||
" [ -n \"$updated\" ] || updated=0",
|
||||
" [ -n \"$available\" ] || available=0",
|
||||
" if [ \"$updated\" = \"$desired\" ] && [ \"$available\" = \"$desired\" ]; then printf yes; else printf no; fi",
|
||||
"}",
|
||||
"before_exists=$(secret_exists_flag \"$name\")",
|
||||
"before_postgres_exists=$(secret_exists_flag \"$postgres_secret\")",
|
||||
"before_url_b64=$(secret_b64_key \"$name\" \"$database_url_key\")",
|
||||
@@ -1437,6 +1447,15 @@ export function cloudApiDbSecretScript(options: NodeSecretOptions, spec: Runtime
|
||||
"db_role_exists_before=$role_result",
|
||||
"db_database_exists_before=$database_result",
|
||||
"db_probe_exit_before=$probe_exit",
|
||||
"consumer_not_ready=false",
|
||||
"consumer_ready_before=",
|
||||
"consumer_not_ready_before=",
|
||||
"for deployment in $db_consumer_deployments; do",
|
||||
" ready_flag=$(deployment_ready_flag \"$deployment\")",
|
||||
" if [ \"$ready_flag\" = yes ]; then consumer_ready_before=\"$consumer_ready_before $deployment\"; else consumer_not_ready=true; consumer_not_ready_before=\"$consumer_not_ready_before $deployment\"; fi",
|
||||
"done",
|
||||
"consumer_ready_before=$(printf '%s' \"$consumer_ready_before\" | sed 's/^ //')",
|
||||
"consumer_not_ready_before=$(printf '%s' \"$consumer_not_ready_before\" | sed 's/^ //')",
|
||||
"action=observed",
|
||||
"mutation=false",
|
||||
"apply_exit=",
|
||||
@@ -1455,11 +1474,11 @@ export function cloudApiDbSecretScript(options: NodeSecretOptions, spec: Runtime
|
||||
" [ \"$db_role_exists_before\" = t ] || missing_db=true",
|
||||
" [ \"$db_database_exists_before\" = t ] || missing_db=true",
|
||||
" if [ \"$dry_run\" = true ]; then",
|
||||
" if [ \"$before_postgres_exists\" != yes ] || [ \"$postgres_admin_present\" != yes ] || [ \"$missing_secret\" = true ] || [ \"$missing_db\" = true ]; then action=would-ensure; else action=kept; fi",
|
||||
" if [ \"$before_postgres_exists\" != yes ] || [ \"$postgres_admin_present\" != yes ] || [ \"$missing_secret\" = true ] || [ \"$missing_db\" = true ] || [ \"$consumer_not_ready\" = true ]; then action=would-ensure; else action=kept; fi",
|
||||
" elif [ \"$before_postgres_exists\" != yes ] || [ \"$postgres_admin_present\" != yes ] || [ -z \"$postgres_admin_password\" ]; then",
|
||||
" action=postgres-admin-secret-missing",
|
||||
" apply_exit=44",
|
||||
" elif [ \"$missing_secret\" = false ] && [ \"$missing_db\" = false ]; then",
|
||||
" elif [ \"$missing_secret\" = false ] && [ \"$missing_db\" = false ] && [ \"$consumer_not_ready\" = false ]; then",
|
||||
" action=kept",
|
||||
" else",
|
||||
" database_url=\"postgres://$db_user:$postgres_admin_password@$db_host:5432/$db_name?sslmode=disable\"",
|
||||
@@ -1478,7 +1497,7 @@ export function cloudApiDbSecretScript(options: NodeSecretOptions, spec: Runtime
|
||||
"SQL",
|
||||
" db_ensure_exit=$?",
|
||||
" if [ \"$db_ensure_exit\" -eq 0 ]; then",
|
||||
" if [ \"$missing_secret\" = true ] || [ \"$missing_db\" = true ]; then",
|
||||
" if [ \"$missing_secret\" = true ] || [ \"$missing_db\" = true ] || [ \"$consumer_not_ready\" = true ]; then",
|
||||
" rollout_restart_exit=0",
|
||||
" for deployment in $db_consumer_deployments; do",
|
||||
" kubectl -n \"$namespace\" rollout restart \"deployment/$deployment\" >/tmp/hwlab-db-consumer-rollout-restart-$deployment.out 2>/tmp/hwlab-db-consumer-rollout-restart-$deployment.err",
|
||||
@@ -1537,6 +1556,8 @@ export function cloudApiDbSecretScript(options: NodeSecretOptions, spec: Runtime
|
||||
"printf 'beforeDatabaseUrlSslmode\\t%s\\n' \"$before_url_sslmode\"",
|
||||
"printf 'beforeDatabaseUrlPasswordPresent\\t%s\\n' \"$before_url_password_present\"",
|
||||
"printf 'beforeDatabaseUrlMatchesExpected\\t%s\\n' \"$before_url_matches_expected\"",
|
||||
"printf 'beforeConsumerDeploymentsReady\\t%s\\n' \"$consumer_ready_before\"",
|
||||
"printf 'beforeConsumerDeploymentsNotReady\\t%s\\n' \"$consumer_not_ready_before\"",
|
||||
"printf 'afterExists\\t%s\\n' \"$after_exists\"",
|
||||
"printf 'afterDatabaseUrlPresent\\t%s\\n' \"$after_url_present\"",
|
||||
"printf 'afterDatabaseUrlBytes\\t%s\\n' \"$after_url_bytes\"",
|
||||
|
||||
Reference in New Issue
Block a user