From 25d6a2484e74c8e8a366e0c0be4b063d0c39c1ba Mon Sep 17 00:00:00 2001 From: tegwick Date: Mon, 15 Jun 2026 09:02:02 +0200 Subject: [PATCH] Rename reuse deployment to coulomb.social conventions Chart charts/reuse-surface, namespace reuse, host reuse.coulomb.social, image gitea.coulomb.social/coulomb/reuse-surface, secret reuse-surface-env. Makefile targets reuse-dry-run/deploy/status/logs. --- Makefile | 36 +++--- .../Chart.yaml | 6 +- .../templates/_helpers.tpl | 14 +-- .../templates/deployment.yaml | 21 ++-- .../templates/ingress.yaml | 8 +- .../templates/pvc.yaml | 4 +- .../templates/service.yaml | 6 +- .../values.yaml | 8 +- ...-values.yaml => reuse-surface-values.yaml} | 2 +- ...P-0007-reuse-surface-hub-on-railiance01.md | 110 ++++++++---------- 10 files changed, 100 insertions(+), 115 deletions(-) rename charts/{reuse-surface-hub => reuse-surface}/Chart.yaml (71%) rename charts/{reuse-surface-hub => reuse-surface}/templates/_helpers.tpl (63%) rename charts/{reuse-surface-hub => reuse-surface}/templates/deployment.yaml (80%) rename charts/{reuse-surface-hub => reuse-surface}/templates/ingress.yaml (72%) rename charts/{reuse-surface-hub => reuse-surface}/templates/pvc.yaml (76%) rename charts/{reuse-surface-hub => reuse-surface}/templates/service.yaml (52%) rename charts/{reuse-surface-hub => reuse-surface}/values.yaml (85%) rename helm/{reuse-surface-hub-values.yaml => reuse-surface-values.yaml} (56%) diff --git a/Makefile b/Makefile index a6f524a..c47e5f7 100644 --- a/Makefile +++ b/Makefile @@ -19,10 +19,10 @@ INTER_HUB_NAMESPACE ?= inter-hub INTER_HUB_CHART ?= charts/inter-hub INTER_HUB_VALUES ?= helm/inter-hub-values.yaml -REUSE_HUB_RELEASE ?= reuse-surface-hub -REUSE_HUB_NAMESPACE ?= reuse-surface-hub -REUSE_HUB_CHART ?= charts/reuse-surface-hub -REUSE_HUB_VALUES ?= helm/reuse-surface-hub-values.yaml +REUSE_RELEASE ?= reuse +REUSE_NAMESPACE ?= reuse +REUSE_CHART ?= charts/reuse-surface +REUSE_VALUES ?= helm/reuse-surface-values.yaml SOPS_SENTINEL ?= DRY_RUN_CREATE_NAMESPACES ?= false @@ -105,23 +105,23 @@ inter-hub-status: ## Show inter-hub pod / svc / ingress / cert state inter-hub-logs: ## Tail inter-hub app logs kubectl logs -n $(INTER_HUB_NAMESPACE) -l app.kubernetes.io/instance=$(INTER_HUB_RELEASE) -f --tail=50 -##@ Reuse Surface Hub +##@ reuse-surface (reuse.coulomb.social) -reuse-hub-dry-run: ## helm template render (no apply) for reuse-surface-hub - helm template $(REUSE_HUB_RELEASE) $(REUSE_HUB_CHART) \ - --namespace $(REUSE_HUB_NAMESPACE) \ - -f $(REUSE_HUB_VALUES) +reuse-dry-run: ## helm template render (no apply) for reuse-surface + helm template $(REUSE_RELEASE) $(REUSE_CHART) \ + --namespace $(REUSE_NAMESPACE) \ + -f $(REUSE_VALUES) -reuse-hub-deploy: ## Deploy / upgrade reuse-surface-hub Helm release - helm upgrade --install $(REUSE_HUB_RELEASE) $(REUSE_HUB_CHART) \ - --namespace $(REUSE_HUB_NAMESPACE) --create-namespace \ - -f $(REUSE_HUB_VALUES) --wait --timeout 5m +reuse-deploy: ## Deploy / upgrade reuse-surface Helm release + helm upgrade --install $(REUSE_RELEASE) $(REUSE_CHART) \ + --namespace $(REUSE_NAMESPACE) --create-namespace \ + -f $(REUSE_VALUES) --wait --timeout 5m -reuse-hub-status: ## Show reuse-surface-hub pod / svc / ingress / cert state - kubectl get pods,svc,ingress,pvc,certificate -n $(REUSE_HUB_NAMESPACE) -l app.kubernetes.io/instance=$(REUSE_HUB_RELEASE) --ignore-not-found +reuse-status: ## Show reuse-surface pod / svc / ingress / cert state + kubectl get pods,svc,ingress,pvc,certificate -n $(REUSE_NAMESPACE) -l app.kubernetes.io/instance=$(REUSE_RELEASE) --ignore-not-found -reuse-hub-logs: ## Tail reuse-surface-hub logs - kubectl logs -n $(REUSE_HUB_NAMESPACE) -l app.kubernetes.io/instance=$(REUSE_HUB_RELEASE) -f --tail=50 +reuse-logs: ## Tail reuse-surface service logs + kubectl logs -n $(REUSE_NAMESPACE) -l app.kubernetes.io/instance=$(REUSE_RELEASE) -f --tail=50 ##@ Help @@ -130,4 +130,4 @@ help: ## Show this help /^[a-zA-Z0-9_-]+:.*?##/ { printf " \033[36m%-20s\033[0m %s\n", $$1, $$2 } \ /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) }' $(MAKEFILE_LIST) -.PHONY: check-tools check-sops k8s-server-dry-run apps-pg-status vergabe-dry-run vergabe-deploy vergabe-ingress-deploy vergabe-status vergabe-migrate vergabe-seed vergabe-superuser vergabe-logs vergabe-db-url-secret inter-hub-dry-run inter-hub-deploy inter-hub-status inter-hub-logs reuse-hub-dry-run reuse-hub-deploy reuse-hub-status reuse-hub-logs help +.PHONY: check-tools check-sops k8s-server-dry-run apps-pg-status vergabe-dry-run vergabe-deploy vergabe-ingress-deploy vergabe-status vergabe-migrate vergabe-seed vergabe-superuser vergabe-logs vergabe-db-url-secret inter-hub-dry-run inter-hub-deploy inter-hub-status inter-hub-logs reuse-dry-run reuse-deploy reuse-status reuse-logs help diff --git a/charts/reuse-surface-hub/Chart.yaml b/charts/reuse-surface/Chart.yaml similarity index 71% rename from charts/reuse-surface-hub/Chart.yaml rename to charts/reuse-surface/Chart.yaml index c098e8e..d627ed2 100644 --- a/charts/reuse-surface-hub/Chart.yaml +++ b/charts/reuse-surface/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 -name: reuse-surface-hub +name: reuse-surface description: | - Federation hub for helix_forge capability registry coordination on Railiance01. + Federation service for helix_forge capability registry on Railiance01. type: application version: 0.1.0 appVersion: "0.1.0" @@ -9,7 +9,7 @@ keywords: - reuse-surface - federation - helix-forge - - railiance + - coulomb.social home: https://gitea.coulomb.social/coulomb/reuse-surface sources: - https://gitea.coulomb.social/coulomb/reuse-surface diff --git a/charts/reuse-surface-hub/templates/_helpers.tpl b/charts/reuse-surface/templates/_helpers.tpl similarity index 63% rename from charts/reuse-surface-hub/templates/_helpers.tpl rename to charts/reuse-surface/templates/_helpers.tpl index 3dcb2e2..d468ad0 100644 --- a/charts/reuse-surface-hub/templates/_helpers.tpl +++ b/charts/reuse-surface/templates/_helpers.tpl @@ -1,10 +1,10 @@ -{{- define "reusehub.fullname" -}} +{{- define "reuse.fullname" -}} {{- $name := default .Chart.Name .Values.nameOverride -}} {{- printf "%s" $name | trunc 63 | trimSuffix "-" -}} {{- end -}} -{{- define "reusehub.labels" -}} -app.kubernetes.io/name: {{ include "reusehub.fullname" . }} +{{- define "reuse.labels" -}} +app.kubernetes.io/name: {{ include "reuse.fullname" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} @@ -12,14 +12,14 @@ app.kubernetes.io/part-of: railiance-apps helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" }} {{- end -}} -{{- define "reusehub.selectorLabels" -}} -app.kubernetes.io/name: {{ include "reusehub.fullname" . }} +{{- define "reuse.selectorLabels" -}} +app.kubernetes.io/name: {{ include "reuse.fullname" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} -{{- define "reusehub.image" -}} +{{- define "reuse.image" -}} {{- if not .Values.image.tag -}} -{{- fail "image.tag is required - pin it in helm/reuse-surface-hub-values.yaml" -}} +{{- fail "image.tag is required - pin it in helm/reuse-surface-values.yaml" -}} {{- end -}} {{- printf "%s:%s" .Values.image.repository .Values.image.tag -}} {{- end -}} \ No newline at end of file diff --git a/charts/reuse-surface-hub/templates/deployment.yaml b/charts/reuse-surface/templates/deployment.yaml similarity index 80% rename from charts/reuse-surface-hub/templates/deployment.yaml rename to charts/reuse-surface/templates/deployment.yaml index 31466d3..9cc17ea 100644 --- a/charts/reuse-surface-hub/templates/deployment.yaml +++ b/charts/reuse-surface/templates/deployment.yaml @@ -1,12 +1,12 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "reusehub.fullname" . }} - labels: {{- include "reusehub.labels" . | nindent 4 }} + name: {{ include "reuse.fullname" . }} + labels: {{- include "reuse.labels" . | nindent 4 }} spec: replicas: {{ .Values.replicaCount }} selector: - matchLabels: {{- include "reusehub.selectorLabels" . | nindent 6 }} + matchLabels: {{- include "reuse.selectorLabels" . | nindent 6 }} strategy: type: RollingUpdate rollingUpdate: @@ -14,13 +14,14 @@ spec: maxUnavailable: 0 template: metadata: - labels: {{- include "reusehub.selectorLabels" . | nindent 8 }} + labels: {{- include "reuse.selectorLabels" . | nindent 8 }} spec: securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: - - name: reuse-surface-hub - image: {{ include "reusehub.image" . | quote }} + - name: reuse-surface + image: {{ include "reuse.image" . | quote }} imagePullPolicy: {{ .Values.image.pullPolicy }} + command: ["reuse-surface", "serve"] securityContext: {{- toYaml .Values.securityContext | nindent 12 }} ports: - name: http @@ -30,9 +31,9 @@ spec: - secretRef: name: {{ .Values.envSecretName | quote }} env: - - name: REUSE_SURFACE_HUB_DB - value: {{ printf "%s/hub.db" .Values.persistence.mountPath | quote }} - - name: REUSE_SURFACE_HUB_CACHE_DIR + - name: REUSE_SURFACE_DB + value: {{ printf "%s/reuse.db" .Values.persistence.mountPath | quote }} + - name: REUSE_SURFACE_CACHE_DIR value: {{ printf "%s/cache" .Values.persistence.mountPath | quote }} {{- if .Values.persistence.enabled }} volumeMounts: @@ -62,7 +63,7 @@ spec: volumes: - name: data persistentVolumeClaim: - claimName: {{ include "reusehub.fullname" . }}-data + claimName: {{ include "reuse.fullname" . }}-data {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/reuse-surface-hub/templates/ingress.yaml b/charts/reuse-surface/templates/ingress.yaml similarity index 72% rename from charts/reuse-surface-hub/templates/ingress.yaml rename to charts/reuse-surface/templates/ingress.yaml index a307835..25d684b 100644 --- a/charts/reuse-surface-hub/templates/ingress.yaml +++ b/charts/reuse-surface/templates/ingress.yaml @@ -2,8 +2,8 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: {{ include "reusehub.fullname" . }} - labels: {{- include "reusehub.labels" . | nindent 4 }} + name: {{ include "reuse.fullname" . }} + labels: {{- include "reuse.labels" . | nindent 4 }} annotations: {{- toYaml .Values.ingress.annotations | nindent 4 }} spec: @@ -12,7 +12,7 @@ spec: tls: - hosts: - {{ .Values.ingress.host }} - secretName: {{ include "reusehub.fullname" . }}-tls + secretName: {{ include "reuse.fullname" . }}-tls {{- end }} rules: - host: {{ .Values.ingress.host }} @@ -22,7 +22,7 @@ spec: pathType: Prefix backend: service: - name: {{ include "reusehub.fullname" . }} + name: {{ include "reuse.fullname" . }} port: number: {{ .Values.service.port }} {{- end }} \ No newline at end of file diff --git a/charts/reuse-surface-hub/templates/pvc.yaml b/charts/reuse-surface/templates/pvc.yaml similarity index 76% rename from charts/reuse-surface-hub/templates/pvc.yaml rename to charts/reuse-surface/templates/pvc.yaml index 8a4f3af..bf4e1be 100644 --- a/charts/reuse-surface-hub/templates/pvc.yaml +++ b/charts/reuse-surface/templates/pvc.yaml @@ -2,8 +2,8 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: {{ include "reusehub.fullname" . }}-data - labels: {{- include "reusehub.labels" . | nindent 4 }} + name: {{ include "reuse.fullname" . }}-data + labels: {{- include "reuse.labels" . | nindent 4 }} spec: accessModes: - ReadWriteOnce diff --git a/charts/reuse-surface-hub/templates/service.yaml b/charts/reuse-surface/templates/service.yaml similarity index 52% rename from charts/reuse-surface-hub/templates/service.yaml rename to charts/reuse-surface/templates/service.yaml index 5f2388c..6ad53b9 100644 --- a/charts/reuse-surface-hub/templates/service.yaml +++ b/charts/reuse-surface/templates/service.yaml @@ -1,11 +1,11 @@ apiVersion: v1 kind: Service metadata: - name: {{ include "reusehub.fullname" . }} - labels: {{- include "reusehub.labels" . | nindent 4 }} + name: {{ include "reuse.fullname" . }} + labels: {{- include "reuse.labels" . | nindent 4 }} spec: type: {{ .Values.service.type }} - selector: {{- include "reusehub.selectorLabels" . | nindent 4 }} + selector: {{- include "reuse.selectorLabels" . | nindent 4 }} ports: - name: http port: {{ .Values.service.port }} diff --git a/charts/reuse-surface-hub/values.yaml b/charts/reuse-surface/values.yaml similarity index 85% rename from charts/reuse-surface-hub/values.yaml rename to charts/reuse-surface/values.yaml index 7072c7b..de526c7 100644 --- a/charts/reuse-surface-hub/values.yaml +++ b/charts/reuse-surface/values.yaml @@ -1,5 +1,5 @@ image: - repository: gitea.coulomb.social/coulomb/reuse-surface-hub + repository: gitea.coulomb.social/coulomb/reuse-surface tag: "" pullPolicy: IfNotPresent @@ -24,12 +24,12 @@ resources: cpu: 500m memory: 512Mi -envSecretName: reuse-surface-hub-env +envSecretName: reuse-surface-env ingress: - enabled: false + enabled: true className: traefik - host: reuse-hub.whywhynot.de + host: reuse.coulomb.social tls: true annotations: traefik.ingress.kubernetes.io/router.entrypoints: websecure diff --git a/helm/reuse-surface-hub-values.yaml b/helm/reuse-surface-values.yaml similarity index 56% rename from helm/reuse-surface-hub-values.yaml rename to helm/reuse-surface-values.yaml index 715c62f..18c7bf6 100644 --- a/helm/reuse-surface-hub-values.yaml +++ b/helm/reuse-surface-values.yaml @@ -1,5 +1,5 @@ # Production overrides for reuse-surface federation hub. -# REUSE_SURFACE_HUB_TOKEN is supplied via Secret reuse-surface-hub-env. +# REUSE_SURFACE_TOKEN is supplied via Secret reuse-surface-env. image: tag: "pending-first-build" \ No newline at end of file diff --git a/workplans/RAILIANCE-WP-0007-reuse-surface-hub-on-railiance01.md b/workplans/RAILIANCE-WP-0007-reuse-surface-hub-on-railiance01.md index 54028e7..26c31e8 100644 --- a/workplans/RAILIANCE-WP-0007-reuse-surface-hub-on-railiance01.md +++ b/workplans/RAILIANCE-WP-0007-reuse-surface-hub-on-railiance01.md @@ -1,7 +1,7 @@ --- id: RAILIANCE-WP-0007 type: workplan -title: "Deploy reuse-surface federation hub on railiance01" +title: "Deploy reuse-surface federation service on railiance01" domain: railiance repo: railiance-apps status: active @@ -11,105 +11,87 @@ created: "2026-06-15" updated: "2026-06-15" --- -# Deploy reuse-surface federation hub on railiance01 +# Deploy reuse-surface federation service on railiance01 Companion to **`reuse-surface` REUSE-WP-0011**. Own the S5 Helm release, -ingress, and operator targets for the federation hub service on production -cluster node `railiance01` (`92.205.130.254`). +ingress, and operator targets for the federation service on production cluster +node `railiance01` (`92.205.130.254`). ## Goal -Expose the helix_forge federation hub API at a stable TLS endpoint so repos can -register capability index URLs via `reuse-surface hub` without per-machine -`sources.yaml` maintenance. +Expose the helix_forge federation API at **`https://reuse.coulomb.social`** so +repos can register capability index URLs via `reuse-surface hub` without +per-machine `sources.yaml` maintenance. -**Default hostname (confirm with operator):** `https://reuse-hub.whywhynot.de` +Gitea repo: `coulomb/reuse-surface` +OCI image: `gitea.coulomb.social/coulomb/reuse-surface:` ## Upstream dependency | Upstream | Workplan | Required artifact | |---|---|---| -| Hub service + image | `reuse-surface` REUSE-WP-0011 | Container image `gitea.coulomb.social/coulomb/reuse-surface-hub:`, `/health` probe path | +| Service + image | `reuse-surface` REUSE-WP-0011 | Image `gitea.coulomb.social/coulomb/reuse-surface:`, `reuse-surface serve`, `/health` | -Do not deploy until REUSE-WP-0011-T04 publishes a buildable image and documents -the required environment variables. +Do not deploy until REUSE-WP-0011-T04 publishes a buildable image. ## Placement -Follow the established `inter-hub` pattern in this repo: +Follow the `inter-hub` pattern: -- `charts/reuse-surface-hub/` — Helm chart (Deployment, Service, Ingress, PVC) -- `helm/reuse-surface-hub-values.yaml` — non-secret overrides (image tag, host) -- SOPS secret handoff for `REUSE_SURFACE_HUB_TOKEN` (write token) -- `Makefile` targets: `reuse-hub-dry-run`, `reuse-hub-deploy`, `reuse-hub-status`, `reuse-hub-logs` - -Cross-repo coordination: - -| Concern | Owner | -|---|---| -| Application image and API | `reuse-surface` | -| Helm release and ingress | `railiance-apps` (this workplan) | -| OCI registry push | `railiance-forge` guidance + `reuse-surface` CI/docs | -| DNS A record | DNS owner of `whywhynot.de` | -| Traefik / cert-manager | `railiance-cluster` / `railiance-platform` (reuse) | +- `charts/reuse-surface/` — Helm chart (Deployment, Service, Ingress, PVC) +- `helm/reuse-surface-values.yaml` — non-secret overrides (image tag) +- Secret `reuse-surface-env` with `REUSE_SURFACE_TOKEN` +- `Makefile` targets: `reuse-dry-run`, `reuse-deploy`, `reuse-status`, `reuse-logs` +- Namespace: `reuse` ## Safety contract -- Do not commit decrypted SOPS values or hub write tokens. -- Pin image tags in `helm/reuse-surface-hub-values.yaml`; no `:latest` in production. -- Use a dedicated namespace (default `reuse-surface-hub`). -- PVC for SQLite data; document backup expectation in runbook. +- Do not commit decrypted SOPS values or `REUSE_SURFACE_TOKEN`. +- Pin image tags in `helm/reuse-surface-values.yaml`. +- PVC at `/data` for SQLite (`reuse.db`) and fetch cache. --- -## Scaffold Helm Chart For reuse-surface-hub +## Scaffold Helm Chart For reuse-surface ```task id: RAILIANCE-WP-0007-T01 status: done priority: high +state_hub_task_id: "d296f037-eef6-4bfc-9e00-65d2aefa9338" ``` -Create `charts/reuse-surface-hub/` modeled on `charts/inter-hub/` with: +Create `charts/reuse-surface/` with Deployment (`reuse-surface serve`), Service, +PVC, Ingress, probes on `/health`. -- Deployment exposing port `8000` -- ClusterIP Service -- Optional PVC mount at `/data` for SQLite persistence -- Ingress (Traefik + cert-manager) disabled by default until hostname confirmed -- Probes targeting `GET /health` -- `envSecretName` for hub token and optional config - -## Add Values, SOPS Template, And Makefile Targets +## Add Values, Secret Template, And Makefile Targets ```task id: RAILIANCE-WP-0007-T02 status: done priority: high +state_hub_task_id: "5050e2fb-07c0-4a06-a64b-f152f8bdb35d" ``` -Add: +Add `helm/reuse-surface-values.yaml`, document Secret `reuse-surface-env`, and +Makefile `reuse-*` targets. -- `helm/reuse-surface-hub-values.yaml` with image repository - `gitea.coulomb.social/coulomb/reuse-surface-hub` and placeholder tag -- Documented SOPS secret template path (mirror `inter-hub-env` pattern) -- Makefile variables and targets: `reuse-hub-dry-run`, `reuse-hub-deploy`, - `reuse-hub-status`, `reuse-hub-logs` - -## Configure Ingress And Hostname +## Configure Ingress For reuse.coulomb.social ```task id: RAILIANCE-WP-0007-T03 -status: wait +status: todo priority: medium +state_hub_task_id: "80dc308a-3c0f-4027-9b40-67df5f17aca7" ``` -Enable ingress in values with: +Ingress enabled in chart values: -- `ingress.host: reuse-hub.whywhynot.de` (or operator-confirmed host) +- `ingress.host: reuse.coulomb.social` - `cert-manager.io/cluster-issuer: letsencrypt-prod` -- Traefik annotations matching `vergabe-teilnahme` / `inter-hub` +- Traefik annotations matching `inter-hub` -**Blocked on:** DNS A record and hostname approval. +Confirm DNS A record in `coulomb.social` zone. ## Deploy Release To railiance01 @@ -117,14 +99,15 @@ Enable ingress in values with: id: RAILIANCE-WP-0007-T04 status: wait priority: medium +state_hub_task_id: "14049fd1-7ec1-4762-9a7c-9783f0997016" ``` -When REUSE-WP-0011-T04 image is available: +When image is available: -1. `make reuse-hub-dry-run` — inspect rendered manifests -2. Apply SOPS secret for hub token -3. `make reuse-hub-deploy` -4. Confirm certificate issued and `/health` returns 200 +1. `make reuse-dry-run` +2. Apply Secret `reuse-surface-env` +3. `make reuse-deploy` +4. Verify `https://reuse.coulomb.social/health` ## Post-Deploy Verification And Runbook @@ -132,11 +115,12 @@ When REUSE-WP-0011-T04 image is available: id: RAILIANCE-WP-0007-T05 status: todo priority: low +state_hub_task_id: "30b08789-38bb-409a-b5b1-b3c73ff31a96" ``` -Add `docs/reuse-surface-hub-on-railiance01.md` with: +Add `docs/reuse-surface-on-railiance01.md` with smoke checks: -- Namespace, release name, image promotion steps -- Secret rotation notes -- Smoke checks: `reuse-surface hub status --hub-url https://reuse-hub.whywhynot.de` -- Link back to `reuse-surface/docs/RegistryFederation.md` \ No newline at end of file +```bash +export REUSE_SURFACE_URL=https://reuse.coulomb.social +reuse-surface hub status +``` \ No newline at end of file