Production and testing manifests pull the DSV backend from Docker Hub. Workers do not need a local ctr import.
Published at noambensim/distributed-secrets-vault on Docker Hub:
docker.io/noambensim/distributed-secrets-vault:latest
Pull manually:
docker pull noambensim/distributed-secrets-vault:latestTo change the repository, edit:
k8s/image.env(for build/push scripts)k8s/production/kustomization.yamlandk8s/testing/kustomization.yaml(images.newName/newTag)
- Repository: noambensim/distributed-secrets-vault.
- Create an access token: Docker Hub → Account Settings → Security → New Access Token.
- For GitHub Actions, add repository secrets:
DOCKERHUB_USERNAMEDOCKERHUB_TOKEN(the access token, not your account password)
cp k8s/image.env.example k8s/image.env
# Edit DOCKERHUB_USERNAME if needed
docker login
chmod +x scripts/docker-build-push.sh
./scripts/docker-build-push.shOr publish via GitHub Actions: Actions → Publish Docker image → Run workflow, or push a tag v1.0.0.
kubectl apply -k k8s/production/ --dry-run=client
kubectl apply -k k8s/production/
kubectl get pods -n dsv -wEach node pulls docker.io/noambensim/distributed-secrets-vault:latest when a pod starts (imagePullPolicy: IfNotPresent).
If the image is private, create a pull secret in the dsv namespace:
kubectl create secret docker-registry dockerhub-credentials \
--docker-server=https://index.docker.io/v1/ \
--docker-username=YOUR_USER \
--docker-password=YOUR_TOKEN \
-n dsvAdd to k8s/production/app-statefulset.yaml under spec.template.spec:
imagePullSecrets:
- name: dockerhub-credentialsSee k8s/production/dockerhub-pull-secret.yaml.example.
Set the same tag in k8s/image.env (DSV_IMAGE_TAG) and in both kustomization files (images.newTag), then push and redeploy:
kubectl apply -k k8s/production/
kubectl rollout restart statefulset/dsv-app -n dsv