Commit 9e04e4c1 authored by Thong Kuah's avatar Thong Kuah

Clarify how Auto DevOps deploys using deploy token

We were emphasising a point that's no longer true since we implemented
deploy tokens in 11.0 so rationalize the docs here.
parent ab391b77
...@@ -506,17 +506,22 @@ enable them. ...@@ -506,17 +506,22 @@ enable them.
You can make use of [environment variables](#environment-variables) to automatically You can make use of [environment variables](#environment-variables) to automatically
scale your pod replicas. scale your pod replicas.
It's important to note that when a project is deployed to a Kubernetes cluster, > [Introduced][ce-19507] in GitLab 11.0.
it relies on a Docker image that has been pushed to the
[GitLab Container Registry](../../user/project/container_registry.md). Kubernetes For internal and private projects a [GitLab Deploy Token](../../user/project/deploy_tokens/index.md#gitlab-deploy-token)
fetches this image and uses it to run the application. If the project is public, will be automatically created, when Auto DevOps is enabled and the Auto DevOps settings are saved. This Deploy Token
the image can be accessed by Kubernetes without any authentication, allowing us can be used for permanent access to the registry.
to have deployments more usable. If the project is private/internal, the
Registry requires credentials to pull the image. Currently, this is addressed If the GitLab Deploy Token cannot be found, `CI_REGISTRY_PASSWORD` is
by providing `CI_JOB_TOKEN` as the password that can be used, but this token will used. Note that `CI_REGISTRY_PASSWORD` is only valid during deployment.
no longer be valid as soon as the deployment job finishes. This means that This means that Kubernetes will be able to successfully pull the
Kubernetes can run the application, but in case it should be restarted or container image during deployment but in cases where the image needs to
executed somewhere else, it cannot be accessed again. be pulled again, e.g. after pod eviction, Kubernetes will fail to do so
as it will be attempting to fetch the image using
`CI_REGISTRY_PASSWORD`.
NOTE: **Note:**
When the GitLab Deploy Token has been manually revoked, it won't be automatically created.
#### Migrations #### Migrations
...@@ -551,15 +556,6 @@ The `/app` path is the directory of your project inside the docker image ...@@ -551,15 +556,6 @@ The `/app` path is the directory of your project inside the docker image
as [configured by as [configured by
Herokuish](https://github.com/gliderlabs/herokuish#paths) Herokuish](https://github.com/gliderlabs/herokuish#paths)
> [Introduced][ce-19507] in GitLab 11.0.
For internal and private projects a [GitLab Deploy Token](../../user/project/deploy_tokens/index.md#gitlab-deploy-token)
will be automatically created, when Auto DevOps is enabled and the Auto DevOps settings are saved. This Deploy Token
can be used for permanent access to the registry.
Note: **Note**
When the GitLab Deploy Token has been manually revoked, it won't be automatically created.
### Auto Monitoring ### Auto Monitoring
NOTE: **Note:** NOTE: **Note:**
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment