broker-sync: repoint image to ghcr (was frozen on pre-migration DockerHub)
All checks were successful
ci/woodpecker/push/default Pipeline was successful
All checks were successful
ci/woodpecker/push/default Pipeline was successful
The nightly ibkr sync failed with 'No such command ibkr': every broker-sync CronJob still pulled viktorbarzin/broker-sync:latest from DockerHub, which nothing has pushed to since the ADR-0002 move to GHA->ghcr on 2026-06-13 — the jobs were silently running a frozen pre-ibkr build. The migration had allowlisted only the wealthfolio namespace for the private ghcr.io/viktorbarzin/wealthfolio-sync image, so broker-sync also lacked pull credentials. Repoint the image, add ghcr-credentials imagePullSecrets to all eight CronJobs, and allowlist the broker-sync namespace (wealthfolio stays — its own monthly sync pulls the same image). Related: code-9ko8. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
parent
a12b09af04
commit
f1e81772d5
2 changed files with 30 additions and 1 deletions
|
|
@ -87,7 +87,7 @@ resource "kubernetes_persistent_volume_claim" "data_encrypted" {
|
||||||
}
|
}
|
||||||
|
|
||||||
locals {
|
locals {
|
||||||
broker_sync_image = "viktorbarzin/broker-sync:${var.image_tag}"
|
broker_sync_image = "ghcr.io/viktorbarzin/wealthfolio-sync:${var.image_tag}"
|
||||||
|
|
||||||
# Shared env block for every CronJob: auth into Wealthfolio + data path.
|
# Shared env block for every CronJob: auth into Wealthfolio + data path.
|
||||||
common_env = [
|
common_env = [
|
||||||
|
|
@ -123,6 +123,9 @@ resource "kubernetes_cron_job_v1" "version_probe" {
|
||||||
}
|
}
|
||||||
spec {
|
spec {
|
||||||
restart_policy = "OnFailure"
|
restart_policy = "OnFailure"
|
||||||
|
image_pull_secrets {
|
||||||
|
name = "ghcr-credentials"
|
||||||
|
}
|
||||||
container {
|
container {
|
||||||
name = "broker-sync"
|
name = "broker-sync"
|
||||||
image = local.broker_sync_image
|
image = local.broker_sync_image
|
||||||
|
|
@ -167,6 +170,9 @@ resource "kubernetes_cron_job_v1" "trading212" {
|
||||||
}
|
}
|
||||||
spec {
|
spec {
|
||||||
restart_policy = "OnFailure"
|
restart_policy = "OnFailure"
|
||||||
|
image_pull_secrets {
|
||||||
|
name = "ghcr-credentials"
|
||||||
|
}
|
||||||
# Pin every job that mounts the shared RWO data volume to one node:
|
# Pin every job that mounts the shared RWO data volume to one node:
|
||||||
# cross-node scheduling forced a nightly detach/attach cycle whose
|
# cross-node scheduling forced a nightly detach/attach cycle whose
|
||||||
# QMP hotplug intermittently ghost-attaches on disk-heavy VMs and
|
# QMP hotplug intermittently ghost-attaches on disk-heavy VMs and
|
||||||
|
|
@ -283,6 +289,9 @@ resource "kubernetes_cron_job_v1" "ibkr" {
|
||||||
}
|
}
|
||||||
spec {
|
spec {
|
||||||
restart_policy = "OnFailure"
|
restart_policy = "OnFailure"
|
||||||
|
image_pull_secrets {
|
||||||
|
name = "ghcr-credentials"
|
||||||
|
}
|
||||||
# Pin every job that mounts the shared RWO data volume to one node:
|
# Pin every job that mounts the shared RWO data volume to one node:
|
||||||
# cross-node scheduling forced a nightly detach/attach cycle whose
|
# cross-node scheduling forced a nightly detach/attach cycle whose
|
||||||
# QMP hotplug intermittently ghost-attaches on disk-heavy VMs and
|
# QMP hotplug intermittently ghost-attaches on disk-heavy VMs and
|
||||||
|
|
@ -423,6 +432,9 @@ resource "kubernetes_cron_job_v1" "imap" {
|
||||||
}
|
}
|
||||||
spec {
|
spec {
|
||||||
restart_policy = "OnFailure"
|
restart_policy = "OnFailure"
|
||||||
|
image_pull_secrets {
|
||||||
|
name = "ghcr-credentials"
|
||||||
|
}
|
||||||
# Pin every job that mounts the shared RWO data volume to one node:
|
# Pin every job that mounts the shared RWO data volume to one node:
|
||||||
# cross-node scheduling forced a nightly detach/attach cycle whose
|
# cross-node scheduling forced a nightly detach/attach cycle whose
|
||||||
# QMP hotplug intermittently ghost-attaches on disk-heavy VMs and
|
# QMP hotplug intermittently ghost-attaches on disk-heavy VMs and
|
||||||
|
|
@ -581,6 +593,9 @@ resource "kubernetes_cron_job_v1" "csv_drop" {
|
||||||
}
|
}
|
||||||
spec {
|
spec {
|
||||||
restart_policy = "OnFailure"
|
restart_policy = "OnFailure"
|
||||||
|
image_pull_secrets {
|
||||||
|
name = "ghcr-credentials"
|
||||||
|
}
|
||||||
# Pin every job that mounts the shared RWO data volume to one node:
|
# Pin every job that mounts the shared RWO data volume to one node:
|
||||||
# cross-node scheduling forced a nightly detach/attach cycle whose
|
# cross-node scheduling forced a nightly detach/attach cycle whose
|
||||||
# QMP hotplug intermittently ghost-attaches on disk-heavy VMs and
|
# QMP hotplug intermittently ghost-attaches on disk-heavy VMs and
|
||||||
|
|
@ -679,6 +694,9 @@ resource "kubernetes_cron_job_v1" "fx_reconcile" {
|
||||||
}
|
}
|
||||||
spec {
|
spec {
|
||||||
restart_policy = "OnFailure"
|
restart_policy = "OnFailure"
|
||||||
|
image_pull_secrets {
|
||||||
|
name = "ghcr-credentials"
|
||||||
|
}
|
||||||
# Pin every job that mounts the shared RWO data volume to one node:
|
# Pin every job that mounts the shared RWO data volume to one node:
|
||||||
# cross-node scheduling forced a nightly detach/attach cycle whose
|
# cross-node scheduling forced a nightly detach/attach cycle whose
|
||||||
# QMP hotplug intermittently ghost-attaches on disk-heavy VMs and
|
# QMP hotplug intermittently ghost-attaches on disk-heavy VMs and
|
||||||
|
|
@ -777,6 +795,9 @@ resource "kubernetes_cron_job_v1" "backup" {
|
||||||
}
|
}
|
||||||
spec {
|
spec {
|
||||||
restart_policy = "OnFailure"
|
restart_policy = "OnFailure"
|
||||||
|
image_pull_secrets {
|
||||||
|
name = "ghcr-credentials"
|
||||||
|
}
|
||||||
# Pin every job that mounts the shared RWO data volume to one node:
|
# Pin every job that mounts the shared RWO data volume to one node:
|
||||||
# cross-node scheduling forced a nightly detach/attach cycle whose
|
# cross-node scheduling forced a nightly detach/attach cycle whose
|
||||||
# QMP hotplug intermittently ghost-attaches on disk-heavy VMs and
|
# QMP hotplug intermittently ghost-attaches on disk-heavy VMs and
|
||||||
|
|
@ -886,6 +907,9 @@ resource "kubernetes_cron_job_v1" "fidelity" {
|
||||||
}
|
}
|
||||||
spec {
|
spec {
|
||||||
restart_policy = "OnFailure"
|
restart_policy = "OnFailure"
|
||||||
|
image_pull_secrets {
|
||||||
|
name = "ghcr-credentials"
|
||||||
|
}
|
||||||
# Pin every job that mounts the shared RWO data volume to one node:
|
# Pin every job that mounts the shared RWO data volume to one node:
|
||||||
# cross-node scheduling forced a nightly detach/attach cycle whose
|
# cross-node scheduling forced a nightly detach/attach cycle whose
|
||||||
# QMP hotplug intermittently ghost-attaches on disk-heavy VMs and
|
# QMP hotplug intermittently ghost-attaches on disk-heavy VMs and
|
||||||
|
|
|
||||||
|
|
@ -22,6 +22,11 @@ locals {
|
||||||
"instagram-poster",
|
"instagram-poster",
|
||||||
"payslip-ingest",
|
"payslip-ingest",
|
||||||
"wealthfolio",
|
"wealthfolio",
|
||||||
|
# broker-sync pulls the same PRIVATE ghcr.io/viktorbarzin/wealthfolio-sync
|
||||||
|
# image; the ADR-0002 migration only allowlisted the wealthfolio namespace,
|
||||||
|
# so broker-sync silently kept running the frozen pre-migration DockerHub
|
||||||
|
# image (its CronJobs lacked pull auth for ghcr).
|
||||||
|
"broker-sync",
|
||||||
"fire-planner",
|
"fire-planner",
|
||||||
"recruiter-responder",
|
"recruiter-responder",
|
||||||
# openclaw's install-recruiter-plugin init container pulls the PRIVATE
|
# openclaw's install-recruiter-plugin init container pulls the PRIVATE
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue