coilyco-flight-deck/eco-jobs-tracker
1
0
Fork 0
Code Issues 9 Pull requests Projects Releases Packages Wiki Activity Actions

Deploy verification blocked on DinD->in-cluster-registry push reachability (shared, backend#26) #20

New issue
Open
opened 2026-05-28 13:28:05 +00:00 by coilysiren · 0 comments
coilysiren commented 2026-05-28 13:28:05 +00:00
Owner
Copy link

State

The Forgejo migration (#19) is code-complete and merged on main:

  • deployer ServiceAccount + Role/RoleBinding + token Secret applied in coilysiren-eco-spec-tracker (least-privilege: patch/get deployments, list pods; verified via impersonation).
  • DEPLOY_KUBECONFIG set as a Forgejo Actions secret (server https://192.168.0.194:6443, authenticates as the deployer SA).
  • .forgejo/workflows/build-publish-deploy.yml in place, mirroring backend's current runner shape (install docker/kubectl static binaries, resolve the DinD host via the job-container gateway, legacy docker build).
  • deploy/main.yml app image switched to the registry ref + imagePullPolicy: Always.
  • Dead .github/workflows/build-and-publish.yml removed.
  • test job passes (run #15).

Blocker (shared, not repo-local)

The deploy job now gets all the way through docker build and fails only at docker push:

The push refers to repository [192.168.0.194:30500/coilysiren-eco-spec-tracker]
Get "http://192.168.0.194:30500/v2/": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)

The runner's DinD daemon (reachable at tcp://172.18.0.1:2375) cannot reach the in-cluster registry NodePort. This is identical to coilysiren/backend's deploy failure (run #29) and is a property of the shared runner/registry networking, not anything in this repo's workflow. Tracking + fix live in coilysiren/backend#26 (and the registry is coilysiren/infrastructure#168, #171).

To finish

Once the DinD-to-registry reachability is fixed upstream, a no-op push to main re-runs the pipeline and should deploy green with no further changes in this repo. Verify a pod then pulls 192.168.0.194:30500/coilysiren-eco-spec-tracker:<sha>.

## State The Forgejo migration (#19) is code-complete and merged on `main`: - deployer ServiceAccount + Role/RoleBinding + token Secret applied in `coilysiren-eco-spec-tracker` (least-privilege: patch/get deployments, list pods; verified via impersonation). - `DEPLOY_KUBECONFIG` set as a Forgejo Actions secret (server `https://192.168.0.194:6443`, authenticates as the deployer SA). - `.forgejo/workflows/build-publish-deploy.yml` in place, mirroring backend's current runner shape (install docker/kubectl static binaries, resolve the DinD host via the job-container gateway, legacy `docker build`). - `deploy/main.yml` app image switched to the registry ref + `imagePullPolicy: Always`. - Dead `.github/workflows/build-and-publish.yml` removed. - `test` job passes (run #15). ## Blocker (shared, not repo-local) The `deploy` job now gets all the way through `docker build` and fails only at `docker push`: ``` The push refers to repository [192.168.0.194:30500/coilysiren-eco-spec-tracker] Get "http://192.168.0.194:30500/v2/": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers) ``` The runner's DinD daemon (reachable at `tcp://172.18.0.1:2375`) cannot reach the in-cluster registry NodePort. This is identical to `coilysiren/backend`'s deploy failure (run #29) and is a property of the shared runner/registry networking, not anything in this repo's workflow. Tracking + fix live in coilysiren/backend#26 (and the registry is coilysiren/infrastructure#168, #171). ## To finish Once the DinD-to-registry reachability is fixed upstream, a no-op push to `main` re-runs the pipeline and should deploy green with **no further changes in this repo**. Verify a pod then pulls `192.168.0.194:30500/coilysiren-eco-spec-tracker:<sha>`.
coilysiren added
P1
 and removed
P0
 labels 2026-05-31 07:00:17 +00:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
No results found.
Labels
Clear labels
  
P0
now / blocking / urgent

  
P1
next / important

  
P2
backlog / will do

  
P3
someday / low

  
P4
icebox / frozen / reopen if it becomes real

No labels
P0
P1
P2
P3
P4
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
coilyco-flight-deck/eco-jobs-tracker#20
No description provided.