From 3155ad9f1205b1cfc008ce2f73bb2dda49abc3df Mon Sep 17 00:00:00 2001
From: Forest Anderson <forestkzanderson@gmail.com>
Date: Tue, 18 Jun 2024 02:50:12 +0000
Subject: [PATCH] fix: allow cockroack to pull with docker creds

---
 infra/tf/k8s_infra/cockroachdb.tf |  8 +++++++-
 infra/tf/k8s_infra/init.tf        |  3 ++-
 infra/tf/modules/k8s_auth/main.tf | 14 +++++++-------
 3 files changed, 16 insertions(+), 9 deletions(-)

diff --git a/infra/tf/k8s_infra/cockroachdb.tf b/infra/tf/k8s_infra/cockroachdb.tf
index 503db6c9a..e9d6b2981 100644
--- a/infra/tf/k8s_infra/cockroachdb.tf
+++ b/infra/tf/k8s_infra/cockroachdb.tf
@@ -70,7 +70,13 @@ resource "helm_release" "cockroachdb" {
 				]
 			}
 		}
-
+		image = {
+			credentials = var.authenticate_all_docker_hub_pulls ? {
+				registry = "https://index.docker.io/v1/"
+				username = module.docker_auth.docker_secrets[0].values["docker/registry/docker.io/read/username"]
+				password = module.docker_auth.docker_secrets[0].values["docker/registry/docker.io/read/password"]
+			} : null
+		}
 		serviceMonitor = {
 			# TODO: Doesn't work without insecure TLS
 			enabled = false
diff --git a/infra/tf/k8s_infra/init.tf b/infra/tf/k8s_infra/init.tf
index 5e344926b..225e73a6e 100644
--- a/infra/tf/k8s_infra/init.tf
+++ b/infra/tf/k8s_infra/init.tf
@@ -21,7 +21,8 @@ module "docker_auth" {
 			kubernetes_namespace.rivet_service,
 			],
 			var.imagor_enabled ? [kubernetes_namespace.imagor.0] : [],
-			var.nsfw_api_enabled ? [kubernetes_namespace.nsfw_api.0] : []
+			var.nsfw_api_enabled ? [kubernetes_namespace.nsfw_api.0] : [],
+			local.cockroachdb_k8s ? [kubernetes_namespace.cockroachdb.0] : [],
 		]) :
 		x.metadata.0.name
 	]
diff --git a/infra/tf/modules/k8s_auth/main.tf b/infra/tf/modules/k8s_auth/main.tf
index 17513e82c..350900d31 100644
--- a/infra/tf/modules/k8s_auth/main.tf
+++ b/infra/tf/modules/k8s_auth/main.tf
@@ -33,13 +33,13 @@ resource "kubernetes_secret" "docker_auth" {
 		".dockerconfigjson" = jsonencode({
 			auths = {
 				"https://index.docker.io/v1/" = (
-					var.authenticate_all_docker_hub_pulls ?
-					{
-						auth = base64encode(
-							"${module.docker_secrets.values["docker/registry/docker.io/read/username"]}:${module.docker_secrets.values["docker/registry/docker.io/read/password"]}"
-						)
-					}
-					: null
+				var.authenticate_all_docker_hub_pulls ?
+				{
+					auth = base64encode(
+						"${module.docker_secrets[0].values["docker/registry/docker.io/read/username"]}:${module.docker_secrets[0].values["docker/registry/docker.io/read/password"]}"
+					)
+				}
+				: null
 				)
 				"ghcr.io" = (
 					var.deploy_method_cluster ?