coulomb/railiance-forge
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9ce24968cdf10086d6f1405fd6601d61579ee72c
railiance-forge/docs/gitea-container-registry.md

2.8 KiB
Raw Blame History

Gitea Container Registry

This is the canonical Railiance operating note for the current Gitea container registry. Compatibility pointers remain in railiance-apps; deploy-capable Gitea Helm and manifest files now live in this repo.

Registry Target

Use gitea.coulomb.social as the approved registry host. The /v2 ingress is live as of 2026-05-15 and returns the OCI registry authentication challenge over HTTPS.

Registry-specific Gitea settings are carried in helm/gitea-registry-values.yaml, a non-secret overlay applied after the SOPS values file by make gitea-deploy. It explicitly enables packages, permits container and PyPI uploads without an app-level size cap, clears globally disabled repo units, and moves ROOT_URL to the HTTPS host.

Image names should use the Gitea owner and package path:

gitea.coulomb.social/coulomb/state-hub:<tag>

The State Hub handoff from CUST-WP-0011 should publish the locally verified state-hub:local image under that name.

The successful smoke-test tags were:

gitea.coulomb.social/coulomb/state-hub:6186a99
gitea.coulomb.social/coulomb/state-hub:latest

Digest:

sha256:039d29654ccb3754c6ecdbe497c6364bbd8452edcdcb7fa937dd9debf5b734ff

Operator Smoke Test

Use a Gitea personal access token with package read/write permission:

docker login gitea.coulomb.social
docker tag state-hub:local gitea.coulomb.social/coulomb/state-hub:<tag>
docker push gitea.coulomb.social/coulomb/state-hub:<tag>
docker pull gitea.coulomb.social/coulomb/state-hub:<tag>

The coulomb organization packages are public by default, so the verified cluster pull for state-hub:6186a99 did not require an imagePullSecret.

For private packages, create an image pull secret in each consuming namespace:

kubectl create secret docker-registry gitea-registry \
  --docker-server=gitea.coulomb.social \
  --docker-username=<gitea-user> \
  --docker-password=<package-token> \
  --namespace=<namespace>

Reference it from workloads as imagePullSecrets: [{name: gitea-registry}].

Python Packages

The same Gitea package service is used for Python wheels. See docs/gitea-package-registry.md for the publish/install recipe and the issue-core migration notes from RAILIANCE-WP-0004 I03.

Current Storage Notes

The live Gitea pod mounts gitea-shared-storage at /data; package blobs land under /data/packages. On 2026-05-19 that package directory was about 798.5 MiB.

The PVC is default/gitea-shared-storage, 10 GiB, local-path, RWO. The live cluster showed no Kubernetes CronJob backup resources across namespaces on 2026-05-19. This is acceptable for the current smoke-test images, but heavy tag growth should wait for the forge/platform backup and retention follow-up in docs/initial-operating-contracts.md.

Reference in New Issue View Git Blame Copy Permalink