generated from coulomb/repo-seed
chore(workplan): NK-WP-0003-T07 done — KeyCape running
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -214,17 +214,20 @@ Verify: `bash sso-mfa/k8s/verify-t05.sh` (covers LLDAP + Authelia together)
|
|||||||
|
|
||||||
```task
|
```task
|
||||||
id: NK-WP-0003-T07
|
id: NK-WP-0003-T07
|
||||||
status: blocked
|
status: done
|
||||||
priority: high
|
priority: high
|
||||||
state_hub_task_id: "496a97c9-3e2a-486e-ba62-18449868c6cf"
|
state_hub_task_id: "496a97c9-3e2a-486e-ba62-18449868c6cf"
|
||||||
note: Blocked 2026-03-21 — keycape:v0.1 image cannot be built on the k3s node (no Docker/Go).
|
note: Completed 2026-03-22. KEY-WP-0002 delivered image to Gitea OCI registry
|
||||||
Deployment applied; pod stuck in ImagePullBackOff.
|
(92.205.130.254:32166/coulomb/key-cape:latest). Three issues fixed:
|
||||||
Secrets keycape-config + keycape-pi-token already in cluster (both correct, real PI token).
|
1. deployment.yaml image ref updated to Gitea registry (correct namespace: coulomb)
|
||||||
Capability request filed: hub ID 0e0aefd7 (routed to railiance, direct msg sent to key-cape).
|
2. k3s hosts.toml fixed: server endpoint must be http:// for plain-HTTP Gitea NodePort
|
||||||
key-cape repo must deliver:
|
(k3s generated https:// by default → "http: server gave HTTP response to HTTPS client")
|
||||||
1. .github/workflows/publish.yml — build+push to ghcr.io/<owner>/keycape:v0.1 on main
|
3. keycape-config clients: [] → added demo-app client (required for startup + T08 tests)
|
||||||
2. Update net-kingdom/sso-mfa/k8s/keycape/deployment.yaml image: to GHCR reference
|
Pod 1/1 Running; /healthz OK; OIDC discovery live.
|
||||||
Once image is published: kubectl rollout restart deployment/keycape -n sso
|
Note: hosts.toml at /var/lib/rancher/k3s/agent/etc/containerd/certs.d/92.205.130.254:32166/
|
||||||
|
is generated from /etc/rancher/k3s/registries.yaml — will revert on k3s restart.
|
||||||
|
Permanent fix: registries.yaml mirror config generates HTTPS server by default;
|
||||||
|
need to manually maintain hosts.toml or find k3s config that forces HTTP server.
|
||||||
```
|
```
|
||||||
|
|
||||||
Deploy KeyCape into the `sso` namespace.
|
Deploy KeyCape into the `sso` namespace.
|
||||||
|
|||||||
Reference in New Issue
Block a user