From 0b1f2ebfbc0064a014023577c4e595b8f8736917 Mon Sep 17 00:00:00 2001 From: Oleks Date: Tue, 2 Jun 2026 05:05:30 +0300 Subject: [PATCH] =?UTF-8?q?docs(#3):=20go-live=20note=20=E2=80=94=20floati?= =?UTF-8?q?ng=20tags=20must=20exist=20before=20flux=20resume?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit While HRs are suspended (Phase 0) the staging/production tags are referenced by no live workload, so gitea-oci-cleanup can reap them. Document the registry-pins mitigation and a pre-resume existence check in the first-deploy checklist. --- DEPLOYMENT.md | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/DEPLOYMENT.md b/DEPLOYMENT.md index 4800131..6e4c123 100644 --- a/DEPLOYMENT.md +++ b/DEPLOYMENT.md @@ -225,10 +225,24 @@ Both should resolve to the `kotkan` ingress IP (the same one ### D. First deploy -1. Push to `staging` to trigger the first build. Watch Woodpecker. -2. Once the image lands, Flux reconciles. Watch the rollout: +> **Go-live prerequisite — floating tag must exist (issue #3).** While the +> HelmReleases are `suspend: true` (Phase 0) and no pod is running, the +> floating `staging`/`production` tags are referenced by **no live workload**. +> `gitea-oci-cleanup` is fleet-aware and only auto-pins in-use tags, so an +> unreferenced floating tag is reapable. If it gets reaped before go-live, the +> `ImagePolicy` has nothing to resolve and the first deploy can't pin a digest. +> Mitigation: the floating tags are explicitly pinned in +> `servers/armer/scripts/registry-pins.txt` +> (`container/cms-plugins==staging`, `container/cms-plugins==production`) so +> the cleaner always keeps them. Before the first `flux resume`, confirm both +> tags still exist (`oleks/-/packages/container/cms-plugins`); if not, push the +> branch to rebuild them first. + +1. Re-run/confirm the `staging` build so `git.oleks.space/oleks/cms-plugins:staging` exists. Watch Woodpecker. +2. Resume the release and watch Flux reconcile + the rollout: ```bash + flux resume helmrelease cms-plugins-staging -n kotkan kubectl -n kotkan get pods -w | grep cms-plugins flux get all -n flux-system | grep cms-plugins ```