From f5c08d6f02b10cf4e785c3d001b1a7403e1fe56d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gon=C3=A7alo=20Rodrigues?= Date: Sat, 20 Jun 2026 16:01:55 +0100 Subject: [PATCH] fix: add git.homelab.local registry prefix and imagePullSecrets to all app deployments auth/gateway, auth/users, and test/example-service were referencing images without a registry prefix, causing k8s to fall back to Docker Hub (which doesn't have these images). Also generalises the gitea-registry imagePullSecret to all app namespaces (auth, finance, home, test) via a for_each in Terraform. Co-Authored-By: Claude Sonnet 4.6 --- apps/auth/services/gateway/k8s/deployment.yaml | 4 +++- apps/auth/services/users/k8s/deployment.yaml | 4 +++- .../services/example-service/k8s/deployment.yaml | 4 +++- infrastructure/terraform/gitea.tf | 16 +++++++++++----- 4 files changed, 20 insertions(+), 8 deletions(-) diff --git a/apps/auth/services/gateway/k8s/deployment.yaml b/apps/auth/services/gateway/k8s/deployment.yaml index ade73ba..afd1d61 100644 --- a/apps/auth/services/gateway/k8s/deployment.yaml +++ b/apps/auth/services/gateway/k8s/deployment.yaml @@ -15,9 +15,11 @@ spec: labels: app: gateway spec: + imagePullSecrets: + - name: gitea-registry containers: - name: gateway - image: homelab/gateway:latest + image: git.homelab.local/homelab/gateway:latest imagePullPolicy: IfNotPresent ports: - name: http diff --git a/apps/auth/services/users/k8s/deployment.yaml b/apps/auth/services/users/k8s/deployment.yaml index 84e3d1d..4f99947 100644 --- a/apps/auth/services/users/k8s/deployment.yaml +++ b/apps/auth/services/users/k8s/deployment.yaml @@ -15,9 +15,11 @@ spec: labels: app: users spec: + imagePullSecrets: + - name: gitea-registry containers: - name: users - image: homelab/users:latest + image: git.homelab.local/homelab/users:latest imagePullPolicy: IfNotPresent ports: - name: http diff --git a/apps/test/services/example-service/k8s/deployment.yaml b/apps/test/services/example-service/k8s/deployment.yaml index c241473..f2bd90a 100644 --- a/apps/test/services/example-service/k8s/deployment.yaml +++ b/apps/test/services/example-service/k8s/deployment.yaml @@ -16,9 +16,11 @@ spec: labels: app: example-service spec: + imagePullSecrets: + - name: gitea-registry containers: - name: example-service - image: homelab/example-service:latest + image: git.homelab.local/homelab/example-service:latest imagePullPolicy: IfNotPresent ports: - name: http diff --git a/infrastructure/terraform/gitea.tf b/infrastructure/terraform/gitea.tf index b039604..64e92f7 100644 --- a/infrastructure/terraform/gitea.tf +++ b/infrastructure/terraform/gitea.tf @@ -138,13 +138,19 @@ resource "terraform_data" "gitea_runner_registration" { } } -# imagePullSecret for finance namespace — allows k8s to pull images from Gitea registry. -# Containerd mirrors "git.homelab.local" to localhost:30002 (see k3d/config.yaml) and -# forwards these credentials to authenticate against the Gitea NodePort. -resource "kubernetes_secret" "gitea_registry_finance" { +# imagePullSecret for all app namespaces — allows k8s to pull images from the +# local Gitea registry. Containerd mirrors "git.homelab.local" to localhost:30002 +# (see k3d/config.yaml) and forwards these credentials to authenticate. +locals { + app_namespaces = ["auth", "finance", "home", "test"] +} + +resource "kubernetes_secret" "gitea_registry" { + for_each = toset(local.app_namespaces) + metadata { name = "gitea-registry" - namespace = kubernetes_namespace.domains["finance"].metadata[0].name + namespace = kubernetes_namespace.domains[each.value].metadata[0].name } type = "kubernetes.io/dockerconfigjson" data = {