jordan/rdev
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: Use ghcr.io and build for amd64

Browse Source 
- Switch from GCP Artifact Registry to GitHub Container Registry
- Build images for linux/amd64 (k3s node architecture)
- Use PVC for Claude config instead of secret (auth persists across restarts)
- Remove credential secret dependency

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
jordan 2026-01-24 20:04:34 -07:00
parent 17aeb1c25b
commit d4eb41589f
4 changed files with 41 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
deployments/k8s/base/claudebox.yaml
View File

@ -21,7 +21,7 @@ spec:
spec: spec:
containers: containers:
- name: claudebox - name: claudebox
image: us-central1-docker.pkg.dev/orchard9/docker-images/rdev-claudebox:v0.1.0 image: ghcr.io/orchard9/rdev-claudebox:v0.1.0
imagePullPolicy: Always imagePullPolicy: Always
resources: resources:
@ -37,10 +37,9 @@ spec:
- name: workspace - name: workspace
mountPath: /workspace mountPath: /workspace
# Claude credentials (from secret) # Claude config directory (persistent for auth)
- name: claude-credentials - name: claude-config
mountPath: /root/.claude mountPath: /root/.claude
readOnly: true
# Simple liveness check - container is running # Simple liveness check - container is running
livenessProbe: livenessProbe:
@ -66,14 +65,13 @@ spec:
persistentVolumeClaim: persistentVolumeClaim:
claimName: claudebox-workspace claimName: claudebox-workspace
- name: claude-credentials - name: claude-config
secret: persistentVolumeClaim:
secretName: claude-credentials claimName: claudebox-claude-config
defaultMode: 0600
# Pull from Artifact Registry # Pull from GitHub Container Registry
imagePullSecrets: imagePullSecrets:
- name: gcr-secret - name: ghcr-secret
--- ---
# Headless service for StatefulSet # Headless service for StatefulSet
apiVersion: v1 apiVersion: v1

16
deployments/k8s/base/pvc.yaml
View File

@ -13,3 +13,19 @@ spec:
resources: resources:
requests: requests:
storage: 20Gi storage: 20Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: claudebox-claude-config
namespace: rdev
labels:
app.kubernetes.io/name: claudebox
app.kubernetes.io/part-of: rdev
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn
resources:
requests:
storage: 1Gi

10
scripts/build-push.sh
View File

@ -1,5 +1,5 @@
#!/bin/bash #!/bin/bash
# Build and push claudebox image to Artifact Registry # Build and push claudebox image to GitHub Container Registry
set -e set -e
@ -7,7 +7,7 @@ SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(dirname "$SCRIPT_DIR")" PROJECT_ROOT="$(dirname "$SCRIPT_DIR")"
# Image configuration # Image configuration
REGISTRY="us-central1-docker.pkg.dev/orchard9/docker-images" REGISTRY="ghcr.io/orchard9"
IMAGE_NAME="rdev-claudebox" IMAGE_NAME="rdev-claudebox"
VERSION="${1:-latest}" VERSION="${1:-latest}"
@ -19,11 +19,11 @@ echo ""
cd "$PROJECT_ROOT" cd "$PROJECT_ROOT"
# Build the image # Build the image for linux/amd64 (k3s nodes are amd64)
docker build -t "$IMAGE_TAG" -t "$REGISTRY/$IMAGE_NAME:latest" . docker build --platform linux/amd64 -t "$IMAGE_TAG" -t "$REGISTRY/$IMAGE_NAME:latest" .
echo "" echo ""
echo "Pushing to Artifact Registry..." echo "Pushing to GitHub Container Registry..."
# Push both tags # Push both tags
docker push "$IMAGE_TAG" docker push "$IMAGE_TAG"

29
scripts/deploy.sh
View File

@ -24,26 +24,21 @@ kubectl cluster-info > /dev/null || {
exit 1 exit 1
} }
# Check if credentials secret exists # Note: Claude auth is stored in a PVC, not a secret
if ! kubectl get secret claude-credentials -n rdev > /dev/null 2>&1; then # User will authenticate via: kubectl exec -it -n rdev claudebox-0 -- claude login
echo ""
echo "Warning: claude-credentials secret not found!"
echo "Run ./scripts/create-credentials-secret.sh first"
echo ""
read -p "Continue anyway? (y/N) " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
exit 1
fi
fi
# Check if gcr-secret exists in rdev namespace # Check if ghcr-secret exists in rdev namespace
if ! kubectl get secret gcr-secret -n rdev > /dev/null 2>&1; then if ! kubectl get secret ghcr-secret -n rdev > /dev/null 2>&1; then
echo "" echo ""
echo "Copying gcr-secret from apps namespace to rdev..." echo "Copying ghcr-secret from apps namespace to rdev..."
kubectl get secret gcr-secret -n apps -o yaml | \ kubectl get secret ghcr-secret -n apps -o yaml | \
sed 's/namespace: apps/namespace: rdev/' | \ sed 's/namespace: apps/namespace: rdev/' | \
kubectl apply -f - kubectl apply -f - 2>/dev/null || {
echo "ghcr-secret not found in apps namespace, checking default..."
kubectl get secret ghcr-secret -n default -o yaml | \
sed 's/namespace: default/namespace: rdev/' | \
kubectl apply -f -
}
fi fi
# Apply manifests # Apply manifests