From 33d3474d7de124af6ded1cc0961b5c1849ca0db2 Mon Sep 17 00:00:00 2001 From: Prathamesh Musale Date: Thu, 26 Mar 2026 08:36:39 +0000 Subject: [PATCH] Fix registry secret created in wrong namespace (#998) `create_registry_secret()` was hardcoded to use the "default" namespace, but pods are deployed to the spec's configured namespace. The secret must be in the same namespace as the pods for `imagePullSecrets` to work. Co-Authored-By: Claude Opus 4.6 Reviewed-on: https://git.vdb.to/cerc-io/stack-orchestrator/pulls/998 Co-authored-by: Prathamesh Musale Co-committed-by: Prathamesh Musale --- stack_orchestrator/deploy/deployment_create.py | 4 ++-- stack_orchestrator/deploy/k8s/deploy_k8s.py | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stack_orchestrator/deploy/deployment_create.py b/stack_orchestrator/deploy/deployment_create.py index 792d8e3d..58016fca 100644 --- a/stack_orchestrator/deploy/deployment_create.py +++ b/stack_orchestrator/deploy/deployment_create.py @@ -577,7 +577,7 @@ def _generate_and_store_secrets(config_vars: dict, deployment_name: str): return secrets -def create_registry_secret(spec: Spec, deployment_name: str) -> Optional[str]: +def create_registry_secret(spec: Spec, deployment_name: str, namespace: str = "default") -> Optional[str]: """Create K8s docker-registry secret from spec + environment. Reads registry configuration from spec.yml and creates a Kubernetes @@ -586,6 +586,7 @@ def create_registry_secret(spec: Spec, deployment_name: str) -> Optional[str]: Args: spec: The deployment spec containing image-registry config deployment_name: Name of the deployment (used for secret naming) + namespace: Kubernetes namespace to create the secret in Returns: The secret name if created, None if no registry config @@ -633,7 +634,6 @@ def create_registry_secret(spec: Spec, deployment_name: str) -> Optional[str]: return None v1 = client.CoreV1Api() - namespace = "default" k8s_secret = client.V1Secret( metadata=client.V1ObjectMeta(name=secret_name), diff --git a/stack_orchestrator/deploy/k8s/deploy_k8s.py b/stack_orchestrator/deploy/k8s/deploy_k8s.py index d19b26d8..5723fc0c 100644 --- a/stack_orchestrator/deploy/k8s/deploy_k8s.py +++ b/stack_orchestrator/deploy/k8s/deploy_k8s.py @@ -504,7 +504,7 @@ class K8sDeployer(Deployer): # Create registry secret if configured from stack_orchestrator.deploy.deployment_create import create_registry_secret - create_registry_secret(self.cluster_info.spec, self.cluster_info.app_name) + create_registry_secret(self.cluster_info.spec, self.cluster_info.app_name, self.k8s_namespace) self._create_volume_data() self._create_deployment()