fix: restart d601 v03 db secret consumers (#986)

Co-authored-by: Codex <codex@noreply.local>
This commit is contained in:
Lyon
2026-06-26 14:37:49 +08:00
committed by GitHub
parent 7b8425c0bb
commit 4a58eb2da1
+25 -4
View File
@@ -1372,7 +1372,7 @@ export function cloudApiDbSecretScript(options: NodeSecretOptions, spec: Runtime
`db_user=${shellQuote(spec.cloudApiDbUser)}`,
`db_host=${shellQuote(spec.cloudApiDbHost)}`,
`cloud_api_deployment=${shellQuote(spec.cloudApiDeployment)}`,
"db_consumer_deployments=\"hwlab-cloud-api hwlab-user-billing hwlab-workbench-runtime\"",
"db_consumer_deployments=\"hwlab-cloud-api hwlab-user-billing hwlab-workbench-runtime hwlab-project-management\"",
`action_request=${shellQuote(options.action)}`,
`dry_run=${shellQuote(options.dryRun ? "true" : "false")}`,
`field_manager=${shellQuote(spec.fieldManager)}`,
@@ -1418,6 +1418,16 @@ export function cloudApiDbSecretScript(options: NodeSecretOptions, spec: Runtime
" if [ \"$role_exit\" -eq 0 ] && [ \"$database_exit\" -eq 0 ]; then probe_exit=0; else probe_exit=$role_exit/$database_exit; fi",
" fi",
"}",
"deployment_ready_flag() {",
" deploy=$1",
" desired=$(kubectl -n \"$namespace\" get deployment \"$deploy\" -o 'jsonpath={.spec.replicas}' 2>/dev/null || true)",
" updated=$(kubectl -n \"$namespace\" get deployment \"$deploy\" -o 'jsonpath={.status.updatedReplicas}' 2>/dev/null || true)",
" available=$(kubectl -n \"$namespace\" get deployment \"$deploy\" -o 'jsonpath={.status.availableReplicas}' 2>/dev/null || true)",
" [ -n \"$desired\" ] || desired=0",
" [ -n \"$updated\" ] || updated=0",
" [ -n \"$available\" ] || available=0",
" if [ \"$updated\" = \"$desired\" ] && [ \"$available\" = \"$desired\" ]; then printf yes; else printf no; fi",
"}",
"before_exists=$(secret_exists_flag \"$name\")",
"before_postgres_exists=$(secret_exists_flag \"$postgres_secret\")",
"before_url_b64=$(secret_b64_key \"$name\" \"$database_url_key\")",
@@ -1437,6 +1447,15 @@ export function cloudApiDbSecretScript(options: NodeSecretOptions, spec: Runtime
"db_role_exists_before=$role_result",
"db_database_exists_before=$database_result",
"db_probe_exit_before=$probe_exit",
"consumer_not_ready=false",
"consumer_ready_before=",
"consumer_not_ready_before=",
"for deployment in $db_consumer_deployments; do",
" ready_flag=$(deployment_ready_flag \"$deployment\")",
" if [ \"$ready_flag\" = yes ]; then consumer_ready_before=\"$consumer_ready_before $deployment\"; else consumer_not_ready=true; consumer_not_ready_before=\"$consumer_not_ready_before $deployment\"; fi",
"done",
"consumer_ready_before=$(printf '%s' \"$consumer_ready_before\" | sed 's/^ //')",
"consumer_not_ready_before=$(printf '%s' \"$consumer_not_ready_before\" | sed 's/^ //')",
"action=observed",
"mutation=false",
"apply_exit=",
@@ -1455,11 +1474,11 @@ export function cloudApiDbSecretScript(options: NodeSecretOptions, spec: Runtime
" [ \"$db_role_exists_before\" = t ] || missing_db=true",
" [ \"$db_database_exists_before\" = t ] || missing_db=true",
" if [ \"$dry_run\" = true ]; then",
" if [ \"$before_postgres_exists\" != yes ] || [ \"$postgres_admin_present\" != yes ] || [ \"$missing_secret\" = true ] || [ \"$missing_db\" = true ]; then action=would-ensure; else action=kept; fi",
" if [ \"$before_postgres_exists\" != yes ] || [ \"$postgres_admin_present\" != yes ] || [ \"$missing_secret\" = true ] || [ \"$missing_db\" = true ] || [ \"$consumer_not_ready\" = true ]; then action=would-ensure; else action=kept; fi",
" elif [ \"$before_postgres_exists\" != yes ] || [ \"$postgres_admin_present\" != yes ] || [ -z \"$postgres_admin_password\" ]; then",
" action=postgres-admin-secret-missing",
" apply_exit=44",
" elif [ \"$missing_secret\" = false ] && [ \"$missing_db\" = false ]; then",
" elif [ \"$missing_secret\" = false ] && [ \"$missing_db\" = false ] && [ \"$consumer_not_ready\" = false ]; then",
" action=kept",
" else",
" database_url=\"postgres://$db_user:$postgres_admin_password@$db_host:5432/$db_name?sslmode=disable\"",
@@ -1478,7 +1497,7 @@ export function cloudApiDbSecretScript(options: NodeSecretOptions, spec: Runtime
"SQL",
" db_ensure_exit=$?",
" if [ \"$db_ensure_exit\" -eq 0 ]; then",
" if [ \"$missing_secret\" = true ] || [ \"$missing_db\" = true ]; then",
" if [ \"$missing_secret\" = true ] || [ \"$missing_db\" = true ] || [ \"$consumer_not_ready\" = true ]; then",
" rollout_restart_exit=0",
" for deployment in $db_consumer_deployments; do",
" kubectl -n \"$namespace\" rollout restart \"deployment/$deployment\" >/tmp/hwlab-db-consumer-rollout-restart-$deployment.out 2>/tmp/hwlab-db-consumer-rollout-restart-$deployment.err",
@@ -1537,6 +1556,8 @@ export function cloudApiDbSecretScript(options: NodeSecretOptions, spec: Runtime
"printf 'beforeDatabaseUrlSslmode\\t%s\\n' \"$before_url_sslmode\"",
"printf 'beforeDatabaseUrlPasswordPresent\\t%s\\n' \"$before_url_password_present\"",
"printf 'beforeDatabaseUrlMatchesExpected\\t%s\\n' \"$before_url_matches_expected\"",
"printf 'beforeConsumerDeploymentsReady\\t%s\\n' \"$consumer_ready_before\"",
"printf 'beforeConsumerDeploymentsNotReady\\t%s\\n' \"$consumer_not_ready_before\"",
"printf 'afterExists\\t%s\\n' \"$after_exists\"",
"printf 'afterDatabaseUrlPresent\\t%s\\n' \"$after_url_present\"",
"printf 'afterDatabaseUrlBytes\\t%s\\n' \"$after_url_bytes\"",