From 9e04e4c1a5f450fcdef5d27b9e0ffca61ac15d48 Mon Sep 17 00:00:00 2001 From: Thong Kuah Date: Wed, 6 Mar 2019 02:53:48 +0000 Subject: Clarify how Auto DevOps deploys using deploy token We were emphasising a point that's no longer true since we implemented deploy tokens in 11.0 so rationalize the docs here. --- doc/topics/autodevops/index.md | 36 ++++++++++++++++-------------------- 1 file changed, 16 insertions(+), 20 deletions(-) diff --git a/doc/topics/autodevops/index.md b/doc/topics/autodevops/index.md index 2e1df9d50d4..e25546ed036 100644 --- a/doc/topics/autodevops/index.md +++ b/doc/topics/autodevops/index.md @@ -506,17 +506,22 @@ enable them. You can make use of [environment variables](#environment-variables) to automatically scale your pod replicas. -It's important to note that when a project is deployed to a Kubernetes cluster, -it relies on a Docker image that has been pushed to the -[GitLab Container Registry](../../user/project/container_registry.md). Kubernetes -fetches this image and uses it to run the application. If the project is public, -the image can be accessed by Kubernetes without any authentication, allowing us -to have deployments more usable. If the project is private/internal, the -Registry requires credentials to pull the image. Currently, this is addressed -by providing `CI_JOB_TOKEN` as the password that can be used, but this token will -no longer be valid as soon as the deployment job finishes. This means that -Kubernetes can run the application, but in case it should be restarted or -executed somewhere else, it cannot be accessed again. +> [Introduced][ce-19507] in GitLab 11.0. + +For internal and private projects a [GitLab Deploy Token](../../user/project/deploy_tokens/index.md#gitlab-deploy-token) +will be automatically created, when Auto DevOps is enabled and the Auto DevOps settings are saved. This Deploy Token +can be used for permanent access to the registry. + +If the GitLab Deploy Token cannot be found, `CI_REGISTRY_PASSWORD` is +used. Note that `CI_REGISTRY_PASSWORD` is only valid during deployment. +This means that Kubernetes will be able to successfully pull the +container image during deployment but in cases where the image needs to +be pulled again, e.g. after pod eviction, Kubernetes will fail to do so +as it will be attempting to fetch the image using +`CI_REGISTRY_PASSWORD`. + +NOTE: **Note:** +When the GitLab Deploy Token has been manually revoked, it won't be automatically created. #### Migrations @@ -551,15 +556,6 @@ The `/app` path is the directory of your project inside the docker image as [configured by Herokuish](https://github.com/gliderlabs/herokuish#paths) -> [Introduced][ce-19507] in GitLab 11.0. - -For internal and private projects a [GitLab Deploy Token](../../user/project/deploy_tokens/index.md#gitlab-deploy-token) -will be automatically created, when Auto DevOps is enabled and the Auto DevOps settings are saved. This Deploy Token -can be used for permanent access to the registry. - -Note: **Note** -When the GitLab Deploy Token has been manually revoked, it won't be automatically created. - ### Auto Monitoring NOTE: **Note:** -- cgit v1.2.1