From e681a810ca8c47621d458de4a92e9b8adb8e4b15 Mon Sep 17 00:00:00 2001
From: richard <r_morgan@sympatico.ca>
Date: Mon, 22 Sep 2025 12:35:46 -0400
Subject: [PATCH] Fixed dkregistry secret

---
 .../roles/prod.k3s/files/dkregistry/values.yaml  |  8 +++-----
 .../prod.k3s/tasks/deployments/dkregistry.yaml   |  4 ++--
 .../templates/dkregistry/deployment.yaml         | 16 ++++++++--------
 .../prod.k3s/templates/dkregistry/ingress.yaml   |  2 ++
 4 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/ansible-5/roles/prod.k3s/files/dkregistry/values.yaml b/ansible-5/roles/prod.k3s/files/dkregistry/values.yaml
index 9611621..cf1c5b2 100644
--- a/ansible-5/roles/prod.k3s/files/dkregistry/values.yaml
+++ b/ansible-5/roles/prod.k3s/files/dkregistry/values.yaml
@@ -11,15 +11,13 @@ ingress:
 #  className: traefik
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt-production
+##    kubernetes.io/ingress.class: traefik
+#    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+#    traefik.ingress.kubernetes.io/router.tls: 'true'
   tls:
     - secretName: xai-corp-production-tls-registry
   hosts:
     - dkregistry.xai-corp.net
-#  annotations:
-#    cert-manager.io/cluster-issuer: letsencrypt-production
-##    kubernetes.io/ingress.class: traefik
-#    traefik.ingress.kubernetes.io/router.entrypoints: websecure
-#    traefik.ingress.kubernetes.io/router.tls: 'true'
 
 persistence:
   enabled: true
diff --git a/ansible-5/roles/prod.k3s/tasks/deployments/dkregistry.yaml b/ansible-5/roles/prod.k3s/tasks/deployments/dkregistry.yaml
index 469e0c7..874456f 100644
--- a/ansible-5/roles/prod.k3s/tasks/deployments/dkregistry.yaml
+++ b/ansible-5/roles/prod.k3s/tasks/deployments/dkregistry.yaml
@@ -33,10 +33,10 @@
       kind: Secret
       type: Opaque
       metadata:
-        name: auth-secret
+        name: auth-secret-2025
         namespace: "{{apps.dkregistry.namespace}}"
       stringData:
-        htpasswd: "richard:$2y$05$Zp.GEiUbsGYYVOYWE71truuERCAE.D5wwGzU3Xi3wIVAWjH60t/U."
+        htpasswd: "richard:$2y$05$E7B3.iHmoLLSyFZJJWEj3u6eMdm2gPGBu1vAn7VPo9Axk3Wbict2m"
   become: true
 
 - name: create docker-registry resources
diff --git a/ansible-5/roles/prod.k3s/templates/dkregistry/deployment.yaml b/ansible-5/roles/prod.k3s/templates/dkregistry/deployment.yaml
index 4e7a0ad..0638c43 100644
--- a/ansible-5/roles/prod.k3s/templates/dkregistry/deployment.yaml
+++ b/ansible-5/roles/prod.k3s/templates/dkregistry/deployment.yaml
@@ -21,13 +21,13 @@ spec:
         - name: auth-secret
           mountPath: "/auth"
           readOnly: true
-#      env:
-#        - name: REGISTRY_AUTH
-#          value: "htpasswd"
-#        - name: REGISTRY_AUTH_HTPASSWD_REALM
-#          value: "Registry Realm"
-#        - name: REGISTRY_AUTH_HTPASSWD_PATH
-#          value: "/auth/htpasswd"
+      env:
+        - name: REGISTRY_AUTH
+          value: "htpasswd"
+        - name: REGISTRY_AUTH_HTPASSWD_REALM
+          value: "Registry Realm"
+        - name: REGISTRY_AUTH_HTPASSWD_PATH
+          value: "/auth/htpasswd"
 #        - name: REGISTRY_HTTP_SECRET
 #          value: "/auth/htpasswd"
 #        - name: REGISTRY_HTTP_TLS_CERTIFICATE
@@ -44,4 +44,4 @@ spec:
 
     - name: auth-secret
       secret:
-        secretName: auth-secret
+        secretName: auth-secret-2025
diff --git a/ansible-5/roles/prod.k3s/templates/dkregistry/ingress.yaml b/ansible-5/roles/prod.k3s/templates/dkregistry/ingress.yaml
index ebe2086..b1d754b 100644
--- a/ansible-5/roles/prod.k3s/templates/dkregistry/ingress.yaml
+++ b/ansible-5/roles/prod.k3s/templates/dkregistry/ingress.yaml
@@ -23,3 +23,5 @@ spec:
 
   tls: # < placing a host in the TLS config will determine what ends up in the cert's subjectAltNames
     - secretName: xai-corp-production-tls
+      hosts:
+        - dkregistry.xai-corp.net