fix: use system pull JWT for registry secret on workload update #46

Merged

adam merged 2 commits from fix/force-rollout-on-taskdef-update into main

2026-02-12 22:00:52 -05:00

adam commented

2026-02-12 22:00:39 -05:00

Owner

The update_workload path was using create_admin_registry_token() which
produces an RS256 registry token. The /v2/token endpoint expects a
Canpute JWT as the pull secret password, so kubelet was getting 401
Unauthorized. Use create_system_pull_jwt() to match the create path.

Co-Authored-By: Claude Opus 4.6 noreply@anthropic.com

The update_workload path was using create_admin_registry_token() which produces an RS256 registry token. The /v2/token endpoint expects a Canpute JWT as the pull secret password, so kubelet was getting 401 Unauthorized. Use create_system_pull_jwt() to match the create path. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

adam added 1 commit

2026-02-12 22:00:39 -05:00

fix: use system pull JWT for registry secret on workload update

CI / test-backend (pull_request) Has been cancelled

Details

CI / test-frontend (pull_request) Has been cancelled

Details

e36736fa93

The update_workload path was using create_admin_registry_token() which
produces an RS256 registry token. The /v2/token endpoint expects a
Canpute JWT as the pull secret password, so kubelet was getting 401
Unauthorized. Use create_system_pull_jwt() to match the create path.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

adam added 1 commit

2026-02-12 22:00:42 -05:00

Merge branch 'main' into fix/force-rollout-on-taskdef-update

CI / test-backend (pull_request) Successful in 40s

Details

CI / test-frontend (pull_request) Successful in 24s

Details

9c9743bd50