konveyor · dymurray · Jan 27, 2026 · Jan 27, 2026 · Jan 27, 2026 · Jan 27, 2026
diff --git a/.github/workflows/llm-proxy-test.yml b/.github/workflows/llm-proxy-test.yml
@@ -22,15 +22,31 @@ jobs:
 
     - name: Build operator images
       run: |
+        # Login to Red Hat registry BEFORE switching to minikube context (for pushing to ttl.sh)
+        echo "${{ secrets.RH_REGISTRY_PASS }}" | docker login -u ${{ secrets.RH_REGISTRY_USER }} --password-stdin registry.redhat.io
+
+        # Switch to minikube's docker daemon
         eval $(minikube docker-env)
+
+        # Login to Red Hat registry again in minikube's context (for pulling images in cluster)
+        echo "${{ secrets.RH_REGISTRY_PASS }}" | docker login -u ${{ secrets.RH_REGISTRY_USER }} --password-stdin registry.redhat.io
+
         IMG=ttl.sh/konveyor-tackle-operator-${{ github.run_id }}:2h make docker-build docker-push
         BUNDLE_IMG=ttl.sh/konveyor-tackle-operator-bundle-${{ github.run_id }}:2h make bundle bundle-build bundle-push
 
     - name: Setup test environment
       run: |
         # Create namespace
         kubectl create namespace konveyor-tackle || true
-
+
+        # Create image pull secret for Red Hat registry
+        kubectl create secret docker-registry redhat-pull-secret \
+          --docker-server=registry.redhat.io \
+          --docker-username="${{ secrets.RH_REGISTRY_USER }}" \
+          --docker-password="${{ secrets.RH_REGISTRY_PASS }}" \
+          -n konveyor-tackle \
+          --dry-run=client -o yaml | kubectl apply -f -
+
         # Create API key secret for LLM proxy
         kubectl create secret generic kai-api-keys \
           --from-literal=OPENAI_API_KEY=dummy-key-for-llemulator \

diff --git a/helm/values.yaml b/helm/values.yaml
@@ -26,4 +26,4 @@ images:
   provider_c_sharp: quay.io/konveyor/c-sharp-provider:latest
   kantra: quay.io/konveyor/kantra:latest
   kai: quay.io/konveyor/kai-solution-server:latest
-  llama_stack: docker.io/llamastack/distribution-starter:latest
+  llama_stack: registry.redhat.io/lightspeed-core/lightspeed-stack-rhel9:latest
diff --git a/roles/tackle/defaults/main.yml b/roles/tackle/defaults/main.yml
@@ -329,7 +329,7 @@ kai_database_address: kai-db.{{ app_namespace }}.svc
 
 # LLM Proxy configuration
 kai_llm_proxy_enabled: false
-kai_llm_proxy_image_fqin: "{{ lookup('env', 'RELATED_IMAGE_LLAMA_STACK') | default('docker.io/llamastack/distribution-starter:latest', true) }}"
+kai_llm_proxy_image_fqin: "registry.redhat.io/lightspeed-core/lightspeed-stack-rhel9:latest"
-# LLM Proxy configuration
-kai_llm_proxy_enabled: false
-kai_llm_proxy_image_fqin: "{{ lookup('env', 'RELATED_IMAGE_LLAMA_STACK') | default('docker.io/llamastack/distribution-starter:latest', true) }}"
-kai_llm_proxy_image_fqin: "registry.redhat.io/lightspeed-core/lightspeed-stack-rhel9:latest"
+# LLM Proxy configuration
+kai_llm_proxy_enabled: false
+kai_llm_proxy_image_fqin: "{{ lookup('env', 'RELATED_IMAGE_LLM_PROXY') or 'registry.redhat.io/lightspeed-core/lightspeed-stack-rhel9:latest' }}"
-# LLM Proxy configuration
-kai_llm_proxy_enabled: false
-kai_llm_proxy_image_fqin: "{{ lookup('env', 'RELATED_IMAGE_LLAMA_STACK') | default('docker.io/llamastack/distribution-starter:latest', true) }}"
-kai_llm_proxy_image_fqin: "registry.redhat.io/lightspeed-core/lightspeed-stack-rhel9:latest"
+# LLM Proxy configuration
+kai_llm_proxy_enabled: false
+kai_llm_proxy_image_fqin: "{{ lookup('env', 'RELATED_IMAGE_LLM_PROXY') or 'registry.redhat.io/lightspeed-core/lightspeed-stack-rhel9:latest' }}"
 
 # Internal URL for the LLM proxy service (used by UI reverse proxy)
 kai_llm_proxy_url: "http://llm-proxy.{{ app_namespace }}.svc.cluster.local:8321"

diff --git a/roles/tackle/templates/kai/llm-proxy-deployment.yaml.j2 b/roles/tackle/templates/kai/llm-proxy-deployment.yaml.j2
@@ -25,6 +25,8 @@ spec:
         # Force pod restart when ConfigMap changes
         checksum/config: "{{ lookup('template', 'kai/llm-proxy-configmap.yaml.j2') | hash('sha256') }}"
     spec:
+      imagePullSecrets:
+        - name: redhat-pull-secret
       containers:
         - name: llm-proxy
           image: "{{ kai_llm_proxy_image_fqin }}"