Merge branch 'docs-auto-devops-deploy-token' into 'master'

Docs: Clarify how Auto DevOps deploys using deploy token See merge request gitlab-org/gitlab-ce!25787

Merge branch 'docs-auto-devops-deploy-token' into 'master'
Docs: Clarify how Auto DevOps deploys using deploy token See merge request gitlab-org/gitlab-ce!25787
f2a53ee4 · Evan Read · f75471dd · 9e04e4c1 · f2a53ee4
Commit f2a53ee4 authored Mar 11, 2019 by Evan Read
Hide whitespace changes
Inline Side-by-side

Showing with 16 additions and 20 deletions

doc/topics/autodevops/index.md doc/topics/autodevops/index.md +16 -20

No files found.
--- a/doc/topics/autodevops/index.md
+++ b/doc/topics/autodevops/index.md
@@ -506,17 +506,22 @@ enable them.
 You can make use of [environment variables](#environment-variables) to automatically
 scale your pod replicas.
-It's important to note that when a project is deployed to a Kubernetes cluster,
+> [Introduced][ce-19507] in GitLab 11.0.
-it relies on a Docker image that has been pushed to the
-[GitLab Container Registry](../../user/project/container_registry.md). Kubernetes
+For internal and private projects a [GitLab Deploy Token](../../user/project/deploy_tokens/index.md#gitlab-deploy-token)
-fetches this image and uses it to run the application. If the project is public,
+will be automatically created, when Auto DevOps is enabled and the Auto DevOps settings are saved. This Deploy Token
-the image can be accessed by Kubernetes without any authentication, allowing us
+can be used for permanent access to the registry.
-to have deployments more usable. If the project is private/internal, the
-Registry requires credentials to pull the image. Currently, this is addressed
+If the GitLab Deploy Token cannot be found, `CI_REGISTRY_PASSWORD` is
-by providing `CI_JOB_TOKEN` as the password that can be used, but this token will
+used. Note that `CI_REGISTRY_PASSWORD` is only valid during deployment.
-no longer be valid as soon as the deployment job finishes. This means that
+This means that Kubernetes will be able to successfully pull the
-Kubernetes can run the application, but in case it should be restarted or
+container image during deployment but in cases where the image needs to
-executed somewhere else, it cannot be accessed again.
+be pulled again, e.g. after pod eviction, Kubernetes will fail to do so
+as it will be attempting to fetch the image using
+`CI_REGISTRY_PASSWORD`.
+NOTE: **Note:**
+When the GitLab Deploy Token has been manually revoked, it won't be automatically created.
 #### Migrations
@@ -551,15 +556,6 @@ The `/app` path is the directory of your project inside the docker image
 as [configured by
 Herokuish](https://github.com/gliderlabs/herokuish#paths)
-> [Introduced][ce-19507] in GitLab 11.0.
-For internal and private projects a [GitLab Deploy Token](../../user/project/deploy_tokens/index.md#gitlab-deploy-token)
-will be automatically created, when Auto DevOps is enabled and the Auto DevOps settings are saved. This Deploy Token
-can be used for permanent access to the registry.
-Note: **Note**
-When the GitLab Deploy Token has been manually revoked, it won't be automatically created.
 ### Auto Monitoring
 NOTE: **Note:**