coulomb/railiance-apps
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
398b0fe211655869a9d4ad859ff45bfb019c9796
railiance-apps/docs/gitea-container-registry.md

2.3 KiB
Raw Blame History

Gitea Container Registry

Registry Target

Use gitea.coulomb.social as the approved registry host. The /v2 ingress is live as of 2026-05-15 and returns the OCI registry authentication challenge over HTTPS.

Registry-specific Gitea settings are carried in helm/gitea-registry-values.yaml, a non-secret overlay applied after the SOPS values file by make gitea-deploy. It explicitly enables packages, permits container uploads without an app-level size cap, clears globally disabled repo units, and moves ROOT_URL to the HTTPS host.

Image names should use the Gitea owner and package path:

gitea.coulomb.social/coulomb/state-hub:<tag>

The State Hub handoff from CUST-WP-0011 should publish the locally verified state-hub:local image under that name.

The successful smoke-test tags were:

gitea.coulomb.social/coulomb/state-hub:6186a99
gitea.coulomb.social/coulomb/state-hub:latest

Digest:

sha256:039d29654ccb3754c6ecdbe497c6364bbd8452edcdcb7fa937dd9debf5b734ff

Operator Smoke Test

Use a Gitea personal access token with package read/write permission:

docker login gitea.coulomb.social
docker tag state-hub:local gitea.coulomb.social/coulomb/state-hub:<tag>
docker push gitea.coulomb.social/coulomb/state-hub:<tag>
docker pull gitea.coulomb.social/coulomb/state-hub:<tag>

The coulomb organization packages are public by default, so the verified cluster pull for state-hub:6186a99 did not require an imagePullSecret.

For private packages, create an image pull secret in each consuming namespace:

kubectl create secret docker-registry gitea-registry \
  --docker-server=gitea.coulomb.social \
  --docker-username=<gitea-user> \
  --docker-password=<package-token> \
  --namespace=<namespace>

Reference it from workloads as imagePullSecrets: [{name: gitea-registry}].

Current Storage Notes

The live Gitea pod mounts gitea-shared-storage at /data; package blobs land under /data/packages. On 2026-05-19 that package directory was about 798.5 MiB.

The PVC is default/gitea-shared-storage, 10 GiB, local-path, RWO. The live cluster showed no Kubernetes CronJob backup resources across namespaces on 2026-05-19. This is acceptable for the current smoke-test images, but heavy tag growth should wait for a platform backup/retention follow-up.

Reference in New Issue View Git Blame Copy Permalink