diff --git a/manifests/bin/deploy.sh b/manifests/bin/deploy.sh
index d3775b4..2b92530 100755
--- a/manifests/bin/deploy.sh
+++ b/manifests/bin/deploy.sh
@@ -42,10 +42,13 @@ export POSTGRES_DB;       POSTGRES_DB="$(kgseckey postgres-app dbname)"
 export POSTGRES_USER;     POSTGRES_USER="$(kgseckey postgres-app user)"
 export POSTGRES_PASSWORD; POSTGRES_PASSWORD="$(kgseckey postgres-app password)"
 
+export GITEA_USERNAME="$(kgseckey gitea-admin username || echo gitea)"
+export GITEA_PASSWORD="$(kgseckey gitea-admin password || openssl rand -hex 32)"
+
 kcreatesec gitea-admin \
     --from-literal=email="gitea@$BASE_URL" \
-    --from-literal=username="$(kgseckey gitea-admin username || echo gitea)" \
-    --from-literal=password="$(kgseckey gitea-admin password || openssl rand -hex 32)"
+    --from-literal=username="$GITEA_USERNAME" \
+    --from-literal=password="$GITEA_PASSWORD"
 
 kcreatesec gitea-secrets \
     --from-literal=secret_key="$(kgseckey gitea-secrets secret_key || openssl rand -hex 32)"  \
@@ -60,13 +63,16 @@ kapply common/job.yaml \
 
 kubectl rollout restart statefulset app
 
-for i in {0..9}; do
-    RUNNER_TOKEN="$(curl -sS "https://$GITEA_USERNAME:$GITEA_PASSWORD@$BASE_URL/api/v1/admin/runners/registration-token" | jq .token)"
+kubectl rollout status sts app
 
-    if [ "$RUNNER_TOKEN" != null ]; then
+for i in {0..9}; do
+    RUNNER_TOKEN="$(kubectl exec app-0 -- curl -sS "http://$GITEA_USERNAME:$GITEA_PASSWORD@app/api/v1/admin/runners/registration-token" | jq -r '.token // empty' || true)"
+
+    if [ -n "$RUNNER_TOKEN" ]; then
         kcreatesec runner-secret --from-literal=token="$RUNNER_TOKEN"
         kapply common/runner.yaml
         kubectl rollout restart statefulset runner
         break
     fi
+    sleep 5
 done