From eebaa4fc81c725e970cab218bdeb7db6ebf06cd2 Mon Sep 17 00:00:00 2001
From: Bernd Worsch <bernd.worsch@gmail.com>
Date: Sun, 22 Mar 2026 00:40:40 +0000
Subject: [PATCH] chore(workplan): add T08a (DNS records) and T08b (Go install)
 tasks

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 ...-keycape-privacyidea-cluster-deployment.md | 46 +++++++++++++++++++
 1 file changed, 46 insertions(+)

diff --git a/workplans/NK-WP-0003-keycape-privacyidea-cluster-deployment.md b/workplans/NK-WP-0003-keycape-privacyidea-cluster-deployment.md
index 7381590..68e18ac 100644
--- a/workplans/NK-WP-0003-keycape-privacyidea-cluster-deployment.md
+++ b/workplans/NK-WP-0003-keycape-privacyidea-cluster-deployment.md
@@ -278,6 +278,52 @@ cd "$(git rev-parse --show-toplevel)/../key-cape"
 go test ./tests/... -run TestProfileBaseline -v
 ```
 
+### T08a — Create Cloudflare DNS A records
+
+```task
+id: NK-WP-0003-T08a
+status: todo
+priority: high
+state_hub_task_id: "c614f839-61c4-41f6-bfeb-b3f9525a7625"
+```
+
+Create 4 A records in Cloudflare DNS, **proxy disabled (DNS-only / orange cloud OFF)**,
+all pointing to `92.205.130.254`:
+
+| Subdomain | Type | Value |
+|-----------|------|-------|
+| `kc.coulomb.social` | A | `92.205.130.254` |
+| `auth.coulomb.social` | A | `92.205.130.254` |
+| `pink.coulomb.social` | A | `92.205.130.254` |
+| `lldap.coulomb.social` | A | `92.205.130.254` |
+
+HTTP-01 ACME challenges require direct origin reachability — Cloudflare proxy blocks this.
+Once DNS propagates, cert-manager's three pending challenges will auto-resolve and TLS
+certs will be issued for all four ingresses.
+
+Verify: `dig +short kc.coulomb.social @8.8.8.8` → `92.205.130.254`
+
+### T08b — Install Go on CoulombCore
+
+```task
+id: NK-WP-0003-T08b
+status: todo
+priority: high
+state_hub_task_id: "fdfe595a-f5a8-466a-82e9-7cc2ad8e5c3e"
+```
+
+Go is not installed on CoulombCore. Required for the KeyCape acceptance test suite (T08).
+
+```bash
+wget https://go.dev/dl/go1.22.5.linux-amd64.tar.gz
+sudo tar -C /usr/local -xzf go1.22.5.linux-amd64.tar.gz
+echo 'export PATH=$PATH:/usr/local/go/bin' >> ~/.bashrc
+source ~/.bashrc
+go version   # should print go1.22.5
+```
+
+Verify: `cd ~/key-cape/src && go test ./tests/... -run TestProfileBaseline -v`
+
 ### T09 — Backup, DR, and monitoring
 
 ```task