Clarify how Auto DevOps deploys using deploy token
We were emphasising a point that's no longer true since we implemented deploy tokens in 11.0 so rationalize the docs here.
This commit is contained in:
Thong Kuah
parent
ab391b779e
commit
9e04e4c1a5
1 changed files with 16 additions and 20 deletions
|
|
@ -506,17 +506,22 @@ enable them.
|
|||
You can make use of [environment variables](#environment-variables) to automatically
|
||||
scale your pod replicas.
|
||||
|
||||
It's important to note that when a project is deployed to a Kubernetes cluster,
|
||||
it relies on a Docker image that has been pushed to the
|
||||
[GitLab Container Registry](../../user/project/container_registry.md). Kubernetes
|
||||
fetches this image and uses it to run the application. If the project is public,
|
||||
the image can be accessed by Kubernetes without any authentication, allowing us
|
||||
to have deployments more usable. If the project is private/internal, the
|
||||
Registry requires credentials to pull the image. Currently, this is addressed
|
||||
by providing `CI_JOB_TOKEN` as the password that can be used, but this token will
|
||||
no longer be valid as soon as the deployment job finishes. This means that
|
||||
Kubernetes can run the application, but in case it should be restarted or
|
||||
executed somewhere else, it cannot be accessed again.
|
||||
> [Introduced][ce-19507] in GitLab 11.0.
|
||||
|
||||
For internal and private projects a [GitLab Deploy Token](../../user/project/deploy_tokens/index.md#gitlab-deploy-token)
|
||||
will be automatically created, when Auto DevOps is enabled and the Auto DevOps settings are saved. This Deploy Token
|
||||
can be used for permanent access to the registry.
|
||||
|
||||
If the GitLab Deploy Token cannot be found, `CI_REGISTRY_PASSWORD` is
|
||||
used. Note that `CI_REGISTRY_PASSWORD` is only valid during deployment.
|
||||
This means that Kubernetes will be able to successfully pull the
|
||||
container image during deployment but in cases where the image needs to
|
||||
be pulled again, e.g. after pod eviction, Kubernetes will fail to do so
|
||||
as it will be attempting to fetch the image using
|
||||
`CI_REGISTRY_PASSWORD`.
|
||||
|
||||
NOTE: **Note:**
|
||||
When the GitLab Deploy Token has been manually revoked, it won't be automatically created.
|
||||
|
||||
#### Migrations
|
||||
|
||||
|
|
@ -551,15 +556,6 @@ The `/app` path is the directory of your project inside the docker image
|
|||
as [configured by
|
||||
Herokuish](https://github.com/gliderlabs/herokuish#paths)
|
||||
|
||||
> [Introduced][ce-19507] in GitLab 11.0.
|
||||
|
||||
For internal and private projects a [GitLab Deploy Token](../../user/project/deploy_tokens/index.md#gitlab-deploy-token)
|
||||
will be automatically created, when Auto DevOps is enabled and the Auto DevOps settings are saved. This Deploy Token
|
||||
can be used for permanent access to the registry.
|
||||
|
||||
Note: **Note**
|
||||
When the GitLab Deploy Token has been manually revoked, it won't be automatically created.
|
||||
|
||||
### Auto Monitoring
|
||||
|
||||
NOTE: **Note:**
|
||||
|
|
|
|||
Loading…
Reference in a new issue