diff --git a/templates/backend-deployment.yaml b/templates/backend-deployment.yaml index 814a4cd..288be6e 100644 --- a/templates/backend-deployment.yaml +++ b/templates/backend-deployment.yaml @@ -101,6 +101,32 @@ spec: - name: TOWER_OPS_PERSIST_PATH value: /var/lib/tower/operations.json {{- end }} + # Docker-mirror credentials threaded into Connect's + # ApplyConnectSecrets so every customer cluster gets a + # docker-mirror-pull Secret automatically. Phase H — + # without these, every connected cluster wedged on + # addon-build with "secret docker-mirror-pull not found". + # + # Read from the same existingSecret as the rest of the + # platform credentials so they're rotated together. + - name: TOWER_DOCKER_MIRROR_REGISTRY + valueFrom: + secretKeyRef: + name: {{ .Values.config.existingSecret }} + key: DOCKER_MIRROR_REGISTRY + optional: true + - name: TOWER_DOCKER_MIRROR_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Values.config.existingSecret }} + key: DOCKER_MIRROR_USERNAME + optional: true + - name: TOWER_DOCKER_MIRROR_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.config.existingSecret }} + key: DOCKER_MIRROR_PASSWORD + optional: true readinessProbe: httpGet: path: /healthz diff --git a/values.yaml b/values.yaml index 07e5866..d2afe8f 100644 --- a/values.yaml +++ b/values.yaml @@ -9,7 +9,7 @@ backend: # so every cluster that runs Tower needs the same imagePullSecret # provisioned out-of-band (until cluster-platform-v3 owns it). repository: registry.odoosky.cloud/odoosky/docker-mirror/tower - tag: "0.61.7" + tag: "0.61.8" pullPolicy: IfNotPresent imagePullSecrets: - name: docker-mirror-pull