diff options
author | Thong Kuah <tkuah@gitlab.com> | 2019-03-06 02:53:48 +0000 |
---|---|---|
committer | Thong Kuah <tkuah@gitlab.com> | 2019-03-11 12:47:13 +1300 |
commit | 9e04e4c1a5f450fcdef5d27b9e0ffca61ac15d48 (patch) | |
tree | a32d8505d4e6aab755ce7803105e9ea6914f86c6 | |
parent | ab391b779ecf95b3a333dac0c247354c0ef92605 (diff) | |
download | gitlab-ce-9e04e4c1a5f450fcdef5d27b9e0ffca61ac15d48.tar.gz |
Clarify how Auto DevOps deploys using deploy token
We were emphasising a point that's no longer true since we implemented
deploy tokens in 11.0 so rationalize the docs here.
-rw-r--r-- | doc/topics/autodevops/index.md | 36 |
1 files changed, 16 insertions, 20 deletions
diff --git a/doc/topics/autodevops/index.md b/doc/topics/autodevops/index.md index 2e1df9d50d4..e25546ed036 100644 --- a/doc/topics/autodevops/index.md +++ b/doc/topics/autodevops/index.md @@ -506,17 +506,22 @@ enable them. You can make use of [environment variables](#environment-variables) to automatically scale your pod replicas. -It's important to note that when a project is deployed to a Kubernetes cluster, -it relies on a Docker image that has been pushed to the -[GitLab Container Registry](../../user/project/container_registry.md). Kubernetes -fetches this image and uses it to run the application. If the project is public, -the image can be accessed by Kubernetes without any authentication, allowing us -to have deployments more usable. If the project is private/internal, the -Registry requires credentials to pull the image. Currently, this is addressed -by providing `CI_JOB_TOKEN` as the password that can be used, but this token will -no longer be valid as soon as the deployment job finishes. This means that -Kubernetes can run the application, but in case it should be restarted or -executed somewhere else, it cannot be accessed again. +> [Introduced][ce-19507] in GitLab 11.0. + +For internal and private projects a [GitLab Deploy Token](../../user/project/deploy_tokens/index.md#gitlab-deploy-token) +will be automatically created, when Auto DevOps is enabled and the Auto DevOps settings are saved. This Deploy Token +can be used for permanent access to the registry. + +If the GitLab Deploy Token cannot be found, `CI_REGISTRY_PASSWORD` is +used. Note that `CI_REGISTRY_PASSWORD` is only valid during deployment. +This means that Kubernetes will be able to successfully pull the +container image during deployment but in cases where the image needs to +be pulled again, e.g. after pod eviction, Kubernetes will fail to do so +as it will be attempting to fetch the image using +`CI_REGISTRY_PASSWORD`. + +NOTE: **Note:** +When the GitLab Deploy Token has been manually revoked, it won't be automatically created. #### Migrations @@ -551,15 +556,6 @@ The `/app` path is the directory of your project inside the docker image as [configured by Herokuish](https://github.com/gliderlabs/herokuish#paths) -> [Introduced][ce-19507] in GitLab 11.0. - -For internal and private projects a [GitLab Deploy Token](../../user/project/deploy_tokens/index.md#gitlab-deploy-token) -will be automatically created, when Auto DevOps is enabled and the Auto DevOps settings are saved. This Deploy Token -can be used for permanent access to the registry. - -Note: **Note** -When the GitLab Deploy Token has been manually revoked, it won't be automatically created. - ### Auto Monitoring NOTE: **Note:** |