From cc394701dccd3cef80c65b9e405b85505783cb1b Mon Sep 17 00:00:00 2001 From: serversidehannes Date: Thu, 22 Jan 2026 11:44:18 +0100 Subject: [PATCH 1/6] fix: install test debug --- .github/workflows/helm-install-test.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/helm-install-test.yml b/.github/workflows/helm-install-test.yml index 1ab296a..3985d87 100644 --- a/.github/workflows/helm-install-test.yml +++ b/.github/workflows/helm-install-test.yml @@ -110,6 +110,7 @@ jobs: OWNER=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]') helm install s3proxy oci://ghcr.io/${OWNER}/charts/s3proxy-python --version 0.0.0-latest \ --namespace s3proxy \ + --debug \ --set image.repository=ghcr.io/${OWNER}/s3proxy-python \ --set image.tag=latest \ --set image.pullPolicy=Always \ From bb6681c26e830ce09c46f8b7df3734cfe47adcd9 Mon Sep 17 00:00:00 2001 From: serversidehannes Date: Thu, 22 Jan 2026 11:47:47 +0100 Subject: [PATCH 2/6] fix: install test image update --- manifests/values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/manifests/values.yaml b/manifests/values.yaml index 8d0f01d..00968be 100644 --- a/manifests/values.yaml +++ b/manifests/values.yaml @@ -3,7 +3,7 @@ replicaCount: 3 image: - repository: ghcr.io/ServerSideHannes/sseproxy-python + repository: ghcr.io/ServerSideHannes/s3proxy-python tag: latest pullPolicy: IfNotPresent @@ -123,7 +123,7 @@ affinity: {} # podAffinityTerm: # labelSelector: # matchLabels: - # app: sseproxy-python + # app: s3proxy-python # topologyKey: kubernetes.io/hostname topologySpreadConstraints: [] @@ -133,7 +133,7 @@ topologySpreadConstraints: [] # whenUnsatisfiable: ScheduleAnyway # labelSelector: # matchLabels: - # app: sseproxy-python + # app: s3proxy-python ingress: enabled: false From 9ddff3283ea06025f97172fbf9a2a01ef938de0a Mon Sep 17 00:00:00 2001 From: serversidehannes Date: Thu, 22 Jan 2026 11:56:57 +0100 Subject: [PATCH 3/6] fix: install test image update --- .github/workflows/helm-install-test.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/workflows/helm-install-test.yml b/.github/workflows/helm-install-test.yml index 3985d87..f80a23a 100644 --- a/.github/workflows/helm-install-test.yml +++ b/.github/workflows/helm-install-test.yml @@ -105,6 +105,15 @@ jobs: EOF kubectl wait --for=condition=ready pod -l app=redis -n s3proxy --timeout=120s + - name: Create K8s Image Pull Secret + run: | + kubectl create secret docker-registry ghcr-login \ + --docker-server=ghcr.io \ + --docker-username=${{ github.actor }} \ + --docker-password=${{ secrets.GITHUB_TOKEN }} \ + --namespace s3proxy \ + --dry-run=client -o yaml | kubectl apply -f - + - name: Install chart from GHCR run: | OWNER=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]') @@ -114,6 +123,7 @@ jobs: --set image.repository=ghcr.io/${OWNER}/s3proxy-python \ --set image.tag=latest \ --set image.pullPolicy=Always \ + --set "imagePullSecrets[0].name=ghcr-login" \ --set s3.host="http://minio:9000" \ --set secrets.encryptKey=test-encryption-key-for-ci \ --set secrets.awsAccessKeyId=minioadmin \ From 6d4f63c5e40b9be0ce78c4e4aa4bfc152432f052 Mon Sep 17 00:00:00 2001 From: serversidehannes Date: Thu, 22 Jan 2026 12:49:51 +0100 Subject: [PATCH 4/6] fix: install test image update --- .github/workflows/helm-install-test.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/helm-install-test.yml b/.github/workflows/helm-install-test.yml index f80a23a..505c632 100644 --- a/.github/workflows/helm-install-test.yml +++ b/.github/workflows/helm-install-test.yml @@ -6,6 +6,10 @@ on: - cron: '0 6 * * *' workflow_dispatch: +permissions: + contents: read + packages: read + jobs: helm-install: runs-on: ubuntu-latest From c4f39874ba85f4889b062e312b3ec56beef86c7b Mon Sep 17 00:00:00 2001 From: serversidehannes Date: Thu, 22 Jan 2026 12:52:55 +0100 Subject: [PATCH 5/6] fix: install test image update --- .github/workflows/helm-install-test.yml | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/.github/workflows/helm-install-test.yml b/.github/workflows/helm-install-test.yml index 505c632..ff25258 100644 --- a/.github/workflows/helm-install-test.yml +++ b/.github/workflows/helm-install-test.yml @@ -6,6 +6,7 @@ on: - cron: '0 6 * * *' workflow_dispatch: +# Explicit permissions are required for GITHUB_TOKEN to pull from GHCR permissions: contents: read packages: read @@ -109,14 +110,19 @@ jobs: EOF kubectl wait --for=condition=ready pod -l app=redis -n s3proxy --timeout=120s - - name: Create K8s Image Pull Secret + - name: Create K8s Image Pull Secret & Patch Namespace run: | + # 1. Create the secret using the workflow token kubectl create secret docker-registry ghcr-login \ --docker-server=ghcr.io \ --docker-username=${{ github.actor }} \ --docker-password=${{ secrets.GITHUB_TOKEN }} \ --namespace s3proxy \ --dry-run=client -o yaml | kubectl apply -f - + + # 2. Patch the default service account to automatically use this secret + # This acts as a fail-safe if the Helm 'imagePullSecrets' set doesn't propagate + kubectl patch serviceaccount default -n s3proxy -p '{"imagePullSecrets": [{"name": "ghcr-login"}]}' - name: Install chart from GHCR run: | @@ -144,7 +150,6 @@ jobs: run: | kubectl wait --for=condition=ready pod -l app.kubernetes.io/name=s3proxy-python -n s3proxy --timeout=120s kubectl get pods -n s3proxy - # Verify we have 3 s3proxy pods POD_COUNT=$(kubectl get pods -n s3proxy -l app.kubernetes.io/name=s3proxy-python --no-headers | grep Running | wc -l) if [ "$POD_COUNT" -lt 3 ]; then echo "Expected 3 s3proxy pods, got $POD_COUNT" @@ -155,7 +160,7 @@ jobs: - name: Check health endpoint run: | kubectl port-forward svc/s3proxy-python 4433:4433 -n s3proxy & - sleep 3 + sleep 5 curl -sf http://localhost:4433/healthz && echo "Health check passed" - name: Run S3 smoke test @@ -217,6 +222,9 @@ jobs: echo "=== Pod Status ===" kubectl get pods -n s3proxy -o wide echo "" + echo "=== Describe Failed Pods ===" + kubectl describe pods -n s3proxy -l app.kubernetes.io/name=s3proxy-python + echo "" echo "=== S3Proxy Logs ===" kubectl logs -l app.kubernetes.io/name=s3proxy-python -n s3proxy --tail=100 echo "" @@ -224,4 +232,4 @@ jobs: kubectl logs -l app=minio -n s3proxy --tail=50 echo "" echo "=== Events ===" - kubectl get events -n s3proxy --sort-by=.lastTimestamp + kubectl get events -n s3proxy --sort-by=.lastTimestamp \ No newline at end of file From f8c76b1b004f388aa7a5891a20e96ae4d561e195 Mon Sep 17 00:00:00 2001 From: serversidehannes Date: Thu, 22 Jan 2026 12:59:37 +0100 Subject: [PATCH 6/6] fix: install test image update --- .github/workflows/helm-install-test.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/helm-install-test.yml b/.github/workflows/helm-install-test.yml index ff25258..e4ef8c0 100644 --- a/.github/workflows/helm-install-test.yml +++ b/.github/workflows/helm-install-test.yml @@ -129,7 +129,6 @@ jobs: OWNER=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]') helm install s3proxy oci://ghcr.io/${OWNER}/charts/s3proxy-python --version 0.0.0-latest \ --namespace s3proxy \ - --debug \ --set image.repository=ghcr.io/${OWNER}/s3proxy-python \ --set image.tag=latest \ --set image.pullPolicy=Always \