diff --git a/apps/auth/services/gateway/k8s/deployment.yaml b/apps/auth/services/gateway/k8s/deployment.yaml
index ade73ba..afd1d61 100644
--- a/apps/auth/services/gateway/k8s/deployment.yaml
+++ b/apps/auth/services/gateway/k8s/deployment.yaml
@@ -15,9 +15,11 @@ spec:
       labels:
         app: gateway
     spec:
+      imagePullSecrets:
+        - name: gitea-registry
       containers:
         - name: gateway
-          image: homelab/gateway:latest
+          image: git.homelab.local/homelab/gateway:latest
           imagePullPolicy: IfNotPresent
           ports:
             - name: http
diff --git a/apps/auth/services/users/k8s/deployment.yaml b/apps/auth/services/users/k8s/deployment.yaml
index 84e3d1d..4f99947 100644
--- a/apps/auth/services/users/k8s/deployment.yaml
+++ b/apps/auth/services/users/k8s/deployment.yaml
@@ -15,9 +15,11 @@ spec:
       labels:
         app: users
     spec:
+      imagePullSecrets:
+        - name: gitea-registry
       containers:
         - name: users
-          image: homelab/users:latest
+          image: git.homelab.local/homelab/users:latest
           imagePullPolicy: IfNotPresent
           ports:
             - name: http
diff --git a/apps/test/services/example-service/k8s/deployment.yaml b/apps/test/services/example-service/k8s/deployment.yaml
index c241473..f2bd90a 100644
--- a/apps/test/services/example-service/k8s/deployment.yaml
+++ b/apps/test/services/example-service/k8s/deployment.yaml
@@ -16,9 +16,11 @@ spec:
       labels:
         app: example-service
     spec:
+      imagePullSecrets:
+        - name: gitea-registry
       containers:
         - name: example-service
-          image: homelab/example-service:latest
+          image: git.homelab.local/homelab/example-service:latest
           imagePullPolicy: IfNotPresent
           ports:
             - name: http
diff --git a/infrastructure/terraform/gitea.tf b/infrastructure/terraform/gitea.tf
index b039604..64e92f7 100644
--- a/infrastructure/terraform/gitea.tf
+++ b/infrastructure/terraform/gitea.tf
@@ -138,13 +138,19 @@ resource "terraform_data" "gitea_runner_registration" {
   }
 }
 
-# imagePullSecret for finance namespace — allows k8s to pull images from Gitea registry.
-# Containerd mirrors "git.homelab.local" to localhost:30002 (see k3d/config.yaml) and
-# forwards these credentials to authenticate against the Gitea NodePort.
-resource "kubernetes_secret" "gitea_registry_finance" {
+# imagePullSecret for all app namespaces — allows k8s to pull images from the
+# local Gitea registry. Containerd mirrors "git.homelab.local" to localhost:30002
+# (see k3d/config.yaml) and forwards these credentials to authenticate.
+locals {
+  app_namespaces = ["auth", "finance", "home", "test"]
+}
+
+resource "kubernetes_secret" "gitea_registry" {
+  for_each = toset(local.app_namespaces)
+
   metadata {
     name      = "gitea-registry"
-    namespace = kubernetes_namespace.domains["finance"].metadata[0].name
+    namespace = kubernetes_namespace.domains[each.value].metadata[0].name
   }
   type = "kubernetes.io/dockerconfigjson"
   data = {