plotting-book: pull image from private ghcr instead of public DockerHub #15
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "wizard/plotting-ghcr"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Wires the cluster to pull plotting-book from private ghcr.io/passionprojectsanca/book-plotter (deployment image + imagePullSecrets; plotting-book ns added to the kyverno ghcr-credentials allowlist). Docs corrected (ci-cd.md, ADR-0003). Image pull verified with the shared ghcr_pull_token before wiring.
Anca's plotting-book app now builds its image in her own GitHub repo to the private package ghcr.io/passionprojectsanca/book-plotter (off public DockerHub viktorbarzin/book-plotter). Wire the cluster to pull it: - stacks/plotting-book: point the deployment baseline image at the ghcr package and add imagePullSecrets {ghcr-credentials} so the pod can pull the private image (the live tag is still CI-owned via ignore_changes). - stacks/kyverno: add the plotting-book namespace to the ghcr-credentials allowlist so the Kyverno generate policy clones the pull secret into it. Verified the shared ghcr_pull_token (Viktor, repo-admin on Anca's repo) can read the private package before wiring this. Docs: correct ci-cd.md (it wrongly listed plotting-book as already on ghcr — it was on DockerHub) and note the special arrangement; amend ADR-0003 to record that this GitHub-first repo builds to its own org's ghcr namespace. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>