fix: Use ghcr.io and build for amd64

- Switch from GCP Artifact Registry to GitHub Container Registry - Build images for linux/amd64 (k3s node architecture) - Use PVC for Claude config instead of secret (auth persists across restarts) - Remove credential secret dependency Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-24 20:04:34 -07:00 · 2026-01-24 20:04:34 -07:00 · d4eb41589f
commit d4eb41589f
parent 17aeb1c25b
4 changed files with 41 additions and 32 deletions
--- a/deployments/k8s/base/claudebox.yaml
+++ b/deployments/k8s/base/claudebox.yaml
@ -21,7 +21,7 @@ spec:
    spec:
      containers:
        - name: claudebox
-          image: us-central1-docker.pkg.dev/orchard9/docker-images/rdev-claudebox:v0.1.0
+          image: ghcr.io/orchard9/rdev-claudebox:v0.1.0
          imagePullPolicy: Always

          resources:
@ -37,10 +37,9 @@ spec:
            - name: workspace
              mountPath: /workspace

-            # Claude credentials (from secret)
-            - name: claude-credentials
+            # Claude config directory (persistent for auth)
+            - name: claude-config
              mountPath: /root/.claude
-              readOnly: true

          # Simple liveness check - container is running
          livenessProbe:
@ -66,14 +65,13 @@ spec:
          persistentVolumeClaim:
            claimName: claudebox-workspace

-        - name: claude-credentials
-          secret:
-            secretName: claude-credentials
-            defaultMode: 0600
+        - name: claude-config
+          persistentVolumeClaim:
+            claimName: claudebox-claude-config

-      # Pull from Artifact Registry
+      # Pull from GitHub Container Registry
      imagePullSecrets:
-        - name: gcr-secret
+        - name: ghcr-secret
 ---
 # Headless service for StatefulSet
 apiVersion: v1
--- a/deployments/k8s/base/pvc.yaml
+++ b/deployments/k8s/base/pvc.yaml
@ -13,3 +13,19 @@ spec:
  resources:
    requests:
      storage: 20Gi
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: claudebox-claude-config
+  namespace: rdev
+  labels:
+    app.kubernetes.io/name: claudebox
+    app.kubernetes.io/part-of: rdev
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: longhorn
+  resources:
+    requests:
+      storage: 1Gi
--- a/scripts/build-push.sh
+++ b/scripts/build-push.sh
@ -1,5 +1,5 @@
 #!/bin/bash
-# Build and push claudebox image to Artifact Registry
+# Build and push claudebox image to GitHub Container Registry

 set -e

@ -7,7 +7,7 @@ SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 PROJECT_ROOT="$(dirname "$SCRIPT_DIR")"

 # Image configuration
-REGISTRY="us-central1-docker.pkg.dev/orchard9/docker-images"
+REGISTRY="ghcr.io/orchard9"
 IMAGE_NAME="rdev-claudebox"
 VERSION="${1:-latest}"

@ -19,11 +19,11 @@ echo ""

 cd "$PROJECT_ROOT"

-# Build the image
-docker build -t "$IMAGE_TAG" -t "$REGISTRY/$IMAGE_NAME:latest" .
+# Build the image for linux/amd64 (k3s nodes are amd64)
+docker build --platform linux/amd64 -t "$IMAGE_TAG" -t "$REGISTRY/$IMAGE_NAME:latest" .

 echo ""
-echo "Pushing to Artifact Registry..."
+echo "Pushing to GitHub Container Registry..."

 # Push both tags
 docker push "$IMAGE_TAG"
--- a/scripts/deploy.sh
+++ b/scripts/deploy.sh
@ -24,26 +24,21 @@ kubectl cluster-info > /dev/null || {
    exit 1
 }

-# Check if credentials secret exists
-if ! kubectl get secret claude-credentials -n rdev > /dev/null 2>&1; then
-    echo ""
-    echo "Warning: claude-credentials secret not found!"
-    echo "Run ./scripts/create-credentials-secret.sh first"
-    echo ""
-    read -p "Continue anyway? (y/N) " -n 1 -r
-    echo
-    if [[ ! $REPLY =~ ^[Yy]$ ]]; then
-        exit 1
-    fi
-fi
+# Note: Claude auth is stored in a PVC, not a secret
+# User will authenticate via: kubectl exec -it -n rdev claudebox-0 -- claude login

-# Check if gcr-secret exists in rdev namespace
-if ! kubectl get secret gcr-secret -n rdev > /dev/null 2>&1; then
+# Check if ghcr-secret exists in rdev namespace
+if ! kubectl get secret ghcr-secret -n rdev > /dev/null 2>&1; then
    echo ""
-    echo "Copying gcr-secret from apps namespace to rdev..."
-    kubectl get secret gcr-secret -n apps -o yaml | \
+    echo "Copying ghcr-secret from apps namespace to rdev..."
+    kubectl get secret ghcr-secret -n apps -o yaml | \
        sed 's/namespace: apps/namespace: rdev/' | \
-        kubectl apply -f -
+        kubectl apply -f - 2>/dev/null || {
+        echo "ghcr-secret not found in apps namespace, checking default..."
+        kubectl get secret ghcr-secret -n default -o yaml | \
+            sed 's/namespace: default/namespace: rdev/' | \
+            kubectl apply -f -
+    }
 fi

 # Apply manifests