fix: allow cockroack to pull with docker creds

infra/tf/k8s_infra/cockroachdb.tf

@@ -70,7 +70,13 @@ resource "helm_release" "cockroachdb" {
 				]
 			}
 		}
-
+		image = {
+			credentials = var.authenticate_all_docker_hub_pulls ? {
+				registry = "https://index.docker.io/v1/"
+				username = module.docker_auth.docker_secrets[0].values["docker/registry/docker.io/read/username"]
+				password = module.docker_auth.docker_secrets[0].values["docker/registry/docker.io/read/password"]
+			} : null
+		}
 		serviceMonitor = {
 			# TODO: Doesn't work without insecure TLS
 			enabled = false

infra/tf/k8s_infra/init.tf

@@ -21,7 +21,8 @@ module "docker_auth" {
 			kubernetes_namespace.rivet_service,
 			],
 			var.imagor_enabled ? [kubernetes_namespace.imagor.0] : [],
-			var.nsfw_api_enabled ? [kubernetes_namespace.nsfw_api.0] : []
+			var.nsfw_api_enabled ? [kubernetes_namespace.nsfw_api.0] : [],
+			local.cockroachdb_k8s ? [kubernetes_namespace.cockroachdb.0] : [],
 		]) :
 		x.metadata.0.name
 	]

infra/tf/modules/k8s_auth/main.tf

@@ -33,13 +33,13 @@ resource "kubernetes_secret" "docker_auth" {
 		".dockerconfigjson" = jsonencode({
 			auths = {
 				"https://index.docker.io/v1/" = (
-					var.authenticate_all_docker_hub_pulls ?
-					{
-						auth = base64encode(
-							"${module.docker_secrets.values["docker/registry/docker.io/read/username"]}:${module.docker_secrets.values["docker/registry/docker.io/read/password"]}"
-						)
-					}
-					: null
+				var.authenticate_all_docker_hub_pulls ?
+				{
+					auth = base64encode(
+						"${module.docker_secrets[0].values["docker/registry/docker.io/read/username"]}:${module.docker_secrets[0].values["docker/registry/docker.io/read/password"]}"
+					)
+				}
+				: null
 				)
 				"ghcr.io" = (
 					var.deploy_method_cluster ?