fix(keycape): NK-WP-0003-T07 — fix deployment image + add demo-app client

- deployment.yaml: image → 92.205.130.254:32166/coulomb/key-cape:latest
  (Gitea OCI registry, delivered by KEY-WP-0002; imagePullPolicy: Always)
- k3s insecure registry hosts.toml: fixed server endpoint to http:// so
  containerd does not attempt HTTPS against the plain-HTTP Gitea NodePort
- create-secrets.sh: add demo-app OIDC client (required for KeyCape to
  start; also needed for T08 acceptance tests)
- keycape-config Secret updated in-place (no re-bootstrap needed)

KeyCape pod 1/1 Running; /healthz OK; OIDC discovery live at
https://kc.coulomb.social/.well-known/openid-configuration

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
2026-03-22 00:30:58 +00:00
parent d0629e7f20
commit 880f89bf98
2 changed files with 13 additions and 18 deletions

View File

@@ -49,13 +49,10 @@ spec:
containers:
- name: keycape
# EDIT before applying — see README.md "Building the image".
# Option A (registry): docker build -t <registry>/keycape:v0.1 ~/key-cape/ && docker push ...
# Option B (K3s local): docker build -t keycape:v0.1 ~/key-cape/ &&
# docker save keycape:v0.1 | sudo k3s ctr images import -
# After Option B, set imagePullPolicy: Never.
image: keycape:v0.1
imagePullPolicy: IfNotPresent
# Image published to self-hosted Gitea OCI registry on CoulombCore (KEY-WP-0002).
# k3s insecure registry configured for 92.205.130.254:32166 — no pull secret needed.
image: 92.205.130.254:32166/coulomb/key-cape:latest
imagePullPolicy: Always
ports:
- name: http