luneski/onelab-k8s-1.27
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(statefulset): roll pods when docker registry auth changes; doc stale pull secret recovery

Browse Source 
Made-with: Cursor
This commit is contained in:
timotheereausanofi
2026-03-20 10:25:47 +01:00
parent e2d50d8d16
commit e0e294a944
3 changed files with 22 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
gitops/docs/BOOTSTRAP.md
View File

@@ -15,6 +15,16 @@ kubectl create secret docker-registry hub-andrewalliance -n onelab \
…and set `registry.createPullSecret: false` plus `imagePullSecrets: [{ name: hub-andrewalliance }]`.
### StatefulSet pods still get `401 Unauthorized` / `ImagePullBackOff` after enabling registry auth
If `db-0` / `rabbitmq-0` were created **before** `imagePullSecrets` existed, their **Pod** spec can still use anonymous pulls until they are recreated:
```bash
kubectl delete pod -n onelab db-0 rabbitmq-0
```
The chart adds a pod-template checksum so a `helm upgrade` after changing registry credentials normally rolls these pods; a one-time delete is enough if you toggled pull secrets outside that path.
## 2. Argo CD + private Git (`git.luneski.fr`)
If the Application shows `authentication required: Unauthorized`, register the repo in Argo CD (CLI or UI):