coulomb/railiance-forge
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a1b55776fa963f6eec7eaf38a05a98f44ac01f60
railiance-forge/docs/gitea-container-registry.md
tegwick a1b55776fa
Some checks failed
Forge Runner Smoke / compatibility-smoke (push) Has been cancelled
Details
Standardize public Gitea HTTPS endpoint
2026-06-13 18:52:58 +02:00

2.9 KiB
Raw Blame History

Gitea Container Registry

This is the canonical Railiance operating note for the current Gitea container registry. Compatibility pointers remain in railiance-apps; deploy-capable Gitea Helm and manifest files now live in this repo.

Registry Target

Use gitea.coulomb.social as the approved forge and registry host. The public ingress serves the Gitea web route at https://gitea.coulomb.social/, the OCI registry route at /v2, and the Python package route at /api/packages. The /v2 route returns the OCI registry authentication challenge over HTTPS.

Registry-specific Gitea settings are carried in helm/gitea-registry-values.yaml, a non-secret overlay applied after the SOPS values file by make gitea-deploy. It explicitly enables packages, permits container and PyPI uploads without an app-level size cap, clears globally disabled repo units, and keeps ROOT_URL on the HTTPS host.

Image names should use the Gitea owner and package path:

gitea.coulomb.social/coulomb/state-hub:<tag>

The State Hub handoff from CUST-WP-0011 should publish the locally verified state-hub:local image under that name.

The successful smoke-test tags were:

gitea.coulomb.social/coulomb/state-hub:6186a99
gitea.coulomb.social/coulomb/state-hub:latest

Digest:

sha256:039d29654ccb3754c6ecdbe497c6364bbd8452edcdcb7fa937dd9debf5b734ff

Operator Smoke Test

Use a Gitea personal access token with package read/write permission:

docker login gitea.coulomb.social
docker tag state-hub:local gitea.coulomb.social/coulomb/state-hub:<tag>
docker push gitea.coulomb.social/coulomb/state-hub:<tag>
docker pull gitea.coulomb.social/coulomb/state-hub:<tag>

The coulomb organization packages are public by default, so the verified cluster pull for state-hub:6186a99 did not require an imagePullSecret.

For private packages, create an image pull secret in each consuming namespace:

kubectl create secret docker-registry gitea-registry \
  --docker-server=gitea.coulomb.social \
  --docker-username=<gitea-user> \
  --docker-password=<package-token> \
  --namespace=<namespace>

Reference it from workloads as imagePullSecrets: [{name: gitea-registry}].

Python Packages

The same Gitea package service is used for Python wheels. See docs/gitea-package-registry.md for the publish/install recipe and the issue-core migration notes from RAILIANCE-WP-0004 I03.

Current Storage Notes

The live Gitea pod mounts gitea-shared-storage at /data; package blobs land under /data/packages. On 2026-05-19 that package directory was about 798.5 MiB.

The PVC is default/gitea-shared-storage, 10 GiB, local-path, RWO. The live cluster showed no Kubernetes CronJob backup resources across namespaces on 2026-05-19. This is acceptable for the current smoke-test images, but heavy tag growth should wait for the forge/platform backup and retention follow-up in docs/backup-restore-secret-handoff.md.

Reference in New Issue View Git Blame Copy Permalink