fix: add git.homelab.local registry prefix and imagePullSecrets to all app deployments

auth/gateway, auth/users, and test/example-service were referencing images without a registry prefix, causing k8s to fall back to Docker Hub (which doesn't have these images). Also generalises the gitea-registry imagePullSecret to all app namespaces (auth, finance, home, test) via a for_each in Terraform. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-20 16:01:55 +01:00 · 2026-06-20 16:01:55 +01:00 · f5c08d6f02
commit f5c08d6f02
parent e39840cca2
4 changed files with 20 additions and 8 deletions
--- a/apps/auth/services/gateway/k8s/deployment.yaml
+++ b/apps/auth/services/gateway/k8s/deployment.yaml
@ -15,9 +15,11 @@ spec:
      labels:
        app: gateway
    spec:
+      imagePullSecrets:
+        - name: gitea-registry
      containers:
        - name: gateway
-          image: homelab/gateway:latest
+          image: git.homelab.local/homelab/gateway:latest
          imagePullPolicy: IfNotPresent
          ports:
            - name: http
--- a/apps/auth/services/users/k8s/deployment.yaml
+++ b/apps/auth/services/users/k8s/deployment.yaml
@ -15,9 +15,11 @@ spec:
      labels:
        app: users
    spec:
+      imagePullSecrets:
+        - name: gitea-registry
      containers:
        - name: users
-          image: homelab/users:latest
+          image: git.homelab.local/homelab/users:latest
          imagePullPolicy: IfNotPresent
          ports:
            - name: http
--- a/apps/test/services/example-service/k8s/deployment.yaml
+++ b/apps/test/services/example-service/k8s/deployment.yaml
@ -16,9 +16,11 @@ spec:
      labels:
        app: example-service
    spec:
+      imagePullSecrets:
+        - name: gitea-registry
      containers:
        - name: example-service
-          image: homelab/example-service:latest
+          image: git.homelab.local/homelab/example-service:latest
          imagePullPolicy: IfNotPresent
          ports:
            - name: http
--- a/infrastructure/terraform/gitea.tf
+++ b/infrastructure/terraform/gitea.tf
@ -138,13 +138,19 @@ resource "terraform_data" "gitea_runner_registration" {
  }
 }

-# imagePullSecret for finance namespace — allows k8s to pull images from Gitea registry.
-# Containerd mirrors "git.homelab.local" to localhost:30002 (see k3d/config.yaml) and
-# forwards these credentials to authenticate against the Gitea NodePort.
-resource "kubernetes_secret" "gitea_registry_finance" {
+# imagePullSecret for all app namespaces — allows k8s to pull images from the
+# local Gitea registry. Containerd mirrors "git.homelab.local" to localhost:30002
+# (see k3d/config.yaml) and forwards these credentials to authenticate.
+locals {
+  app_namespaces = ["auth", "finance", "home", "test"]
+}
+
+resource "kubernetes_secret" "gitea_registry" {
+  for_each = toset(local.app_namespaces)
+
  metadata {
    name      = "gitea-registry"
-    namespace = kubernetes_namespace.domains["finance"].metadata[0].name
+    namespace = kubernetes_namespace.domains[each.value].metadata[0].name
  }
  type = "kubernetes.io/dockerconfigjson"
  data = {