Point app registry docs at railiance-forge
This commit is contained in:
@@ -1,77 +1,16 @@
|
||||
# Gitea Container Registry
|
||||
|
||||
## Registry Target
|
||||
|
||||
Use `gitea.coulomb.social` as the approved registry host. The `/v2` ingress is
|
||||
live as of 2026-05-15 and returns the OCI registry authentication challenge over
|
||||
HTTPS.
|
||||
|
||||
Registry-specific Gitea settings are carried in
|
||||
`helm/gitea-registry-values.yaml`, a non-secret overlay applied after the SOPS
|
||||
values file by `make gitea-deploy`. It explicitly enables packages, permits
|
||||
container and PyPI uploads without an app-level size cap, clears globally
|
||||
disabled repo units, and moves `ROOT_URL` to the HTTPS host.
|
||||
|
||||
Image names should use the Gitea owner and package path:
|
||||
|
||||
```bash
|
||||
gitea.coulomb.social/coulomb/state-hub:<tag>
|
||||
```
|
||||
|
||||
The State Hub handoff from `CUST-WP-0011` should publish the locally verified
|
||||
`state-hub:local` image under that name.
|
||||
|
||||
The successful smoke-test tags were:
|
||||
|
||||
```bash
|
||||
gitea.coulomb.social/coulomb/state-hub:6186a99
|
||||
gitea.coulomb.social/coulomb/state-hub:latest
|
||||
```
|
||||
|
||||
Digest:
|
||||
Canonical registry operating guidance now lives in:
|
||||
|
||||
```text
|
||||
sha256:039d29654ccb3754c6ecdbe497c6364bbd8452edcdcb7fa937dd9debf5b734ff
|
||||
/home/worsch/railiance-forge/docs/gitea-container-registry.md
|
||||
```
|
||||
|
||||
## Operator Smoke Test
|
||||
This compatibility pointer remains in `railiance-apps` while deploy-capable
|
||||
Gitea Helm, SOPS, and manifest files are still migrating under
|
||||
`RAILIANCE-WP-0006-T03`.
|
||||
|
||||
Use a Gitea personal access token with package read/write permission:
|
||||
|
||||
```bash
|
||||
docker login gitea.coulomb.social
|
||||
docker tag state-hub:local gitea.coulomb.social/coulomb/state-hub:<tag>
|
||||
docker push gitea.coulomb.social/coulomb/state-hub:<tag>
|
||||
docker pull gitea.coulomb.social/coulomb/state-hub:<tag>
|
||||
```
|
||||
|
||||
The `coulomb` organization packages are public by default, so the verified
|
||||
cluster pull for `state-hub:6186a99` did not require an `imagePullSecret`.
|
||||
|
||||
For private packages, create an image pull secret in each consuming namespace:
|
||||
|
||||
```bash
|
||||
kubectl create secret docker-registry gitea-registry \
|
||||
--docker-server=gitea.coulomb.social \
|
||||
--docker-username=<gitea-user> \
|
||||
--docker-password=<package-token> \
|
||||
--namespace=<namespace>
|
||||
```
|
||||
|
||||
Reference it from workloads as `imagePullSecrets: [{name: gitea-registry}]`.
|
||||
|
||||
## Python Packages
|
||||
|
||||
The same Gitea package service is used for Python wheels. See
|
||||
`docs/gitea-package-registry.md` for the publish/install recipe and the
|
||||
`issue-core` migration notes from `RAILIANCE-WP-0004 I03`.
|
||||
|
||||
## Current Storage Notes
|
||||
|
||||
The live Gitea pod mounts `gitea-shared-storage` at `/data`; package blobs land
|
||||
under `/data/packages`. On 2026-05-19 that package directory was about 798.5 MiB.
|
||||
|
||||
The PVC is `default/gitea-shared-storage`, 10 GiB, `local-path`, `RWO`. The live
|
||||
cluster showed no Kubernetes `CronJob` backup resources across namespaces on
|
||||
2026-05-19. This is acceptable for the current smoke-test images, but heavy tag
|
||||
growth should wait for a platform backup/retention follow-up.
|
||||
Use `railiance-forge` for registry endpoints, package-token handling, smoke
|
||||
evidence, storage notes, retention posture, and future Forgejo registry
|
||||
ownership. Use `railiance-apps` only for S5 app release values and app runbooks
|
||||
that consume already-published images.
|
||||
|
||||
Reference in New Issue
Block a user