coulomb/railiance-apps
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Rename reuse deployment to coulomb.social conventions

Browse Source 
Chart charts/reuse-surface, namespace reuse, host reuse.coulomb.social,
image gitea.coulomb.social/coulomb/reuse-surface, secret reuse-surface-env.
Makefile targets reuse-dry-run/deploy/status/logs.
This commit is contained in:
Bernd Worsch
2026-06-15 09:02:02 +02:00
parent 19b65de4bd
commit 25d6a2484e
10 changed files with 100 additions and 115 deletions
Download Patch File Download Diff File Expand all files Collapse all files

110
workplans/RAILIANCE-WP-0007-reuse-surface-hub-on-railiance01.md
View File

@@ -1,7 +1,7 @@
---
id: RAILIANCE-WP-0007
type: workplan
title: "Deploy reuse-surface federation hub on railiance01"
title: "Deploy reuse-surface federation service on railiance01"
domain: railiance
repo: railiance-apps
status: active
@@ -11,105 +11,87 @@ created: "2026-06-15"
updated: "2026-06-15"
---
# Deploy reuse-surface federation hub on railiance01
# Deploy reuse-surface federation service on railiance01
Companion to **`reuse-surface` REUSE-WP-0011**. Own the S5 Helm release,
ingress, and operator targets for the federation hub service on production
cluster node `railiance01` (`92.205.130.254`).
ingress, and operator targets for the federation service on production cluster
node `railiance01` (`92.205.130.254`).
## Goal
Expose the helix_forge federation hub API at a stable TLS endpoint so repos can
register capability index URLs via `reuse-surface hub` without per-machine
`sources.yaml` maintenance.
Expose the helix_forge federation API at **`https://reuse.coulomb.social`** so
repos can register capability index URLs via `reuse-surface hub` without
per-machine `sources.yaml` maintenance.
**Default hostname (confirm with operator):** `https://reuse-hub.whywhynot.de`
Gitea repo: `coulomb/reuse-surface`
OCI image: `gitea.coulomb.social/coulomb/reuse-surface:<tag>`
## Upstream dependency
| Upstream | Workplan | Required artifact |
|---|---|---|
| Hub service + image | `reuse-surface` REUSE-WP-0011 | Container image `gitea.coulomb.social/coulomb/reuse-surface-hub:<tag>`, `/health` probe path |
| Service + image | `reuse-surface` REUSE-WP-0011 | Image `gitea.coulomb.social/coulomb/reuse-surface:<tag>`, `reuse-surface serve`, `/health` |
Do not deploy until REUSE-WP-0011-T04 publishes a buildable image and documents
the required environment variables.
Do not deploy until REUSE-WP-0011-T04 publishes a buildable image.
## Placement
Follow the established `inter-hub` pattern in this repo:
Follow the `inter-hub` pattern:
- `charts/reuse-surface-hub/` — Helm chart (Deployment, Service, Ingress, PVC)
- `helm/reuse-surface-hub-values.yaml` — non-secret overrides (image tag, host)
- SOPS secret handoff for `REUSE_SURFACE_HUB_TOKEN` (write token)
- `Makefile` targets: `reuse-hub-dry-run`, `reuse-hub-deploy`, `reuse-hub-status`, `reuse-hub-logs`
Cross-repo coordination:
| Concern | Owner |
|---|---|
| Application image and API | `reuse-surface` |
| Helm release and ingress | `railiance-apps` (this workplan) |
| OCI registry push | `railiance-forge` guidance + `reuse-surface` CI/docs |
| DNS A record | DNS owner of `whywhynot.de` |
| Traefik / cert-manager | `railiance-cluster` / `railiance-platform` (reuse) |
- `charts/reuse-surface/` — Helm chart (Deployment, Service, Ingress, PVC)
- `helm/reuse-surface-values.yaml` — non-secret overrides (image tag)
- Secret `reuse-surface-env` with `REUSE_SURFACE_TOKEN`
- `Makefile` targets: `reuse-dry-run`, `reuse-deploy`, `reuse-status`, `reuse-logs`
- Namespace: `reuse`
## Safety contract
- Do not commit decrypted SOPS values or hub write tokens.
- Pin image tags in `helm/reuse-surface-hub-values.yaml`; no `:latest` in production.
- Use a dedicated namespace (default `reuse-surface-hub`).
- PVC for SQLite data; document backup expectation in runbook.
- Do not commit decrypted SOPS values or `REUSE_SURFACE_TOKEN`.
- Pin image tags in `helm/reuse-surface-values.yaml`.
- PVC at `/data` for SQLite (`reuse.db`) and fetch cache.
---
## Scaffold Helm Chart For reuse-surface-hub
## Scaffold Helm Chart For reuse-surface
```task
id: RAILIANCE-WP-0007-T01
status: done
priority: high
state_hub_task_id: "d296f037-eef6-4bfc-9e00-65d2aefa9338"
```
Create `charts/reuse-surface-hub/` modeled on `charts/inter-hub/` with:
Create `charts/reuse-surface/` with Deployment (`reuse-surface serve`), Service,
PVC, Ingress, probes on `/health`.
- Deployment exposing port `8000`
- ClusterIP Service
- Optional PVC mount at `/data` for SQLite persistence
- Ingress (Traefik + cert-manager) disabled by default until hostname confirmed
- Probes targeting `GET /health`
- `envSecretName` for hub token and optional config
## Add Values, SOPS Template, And Makefile Targets
## Add Values, Secret Template, And Makefile Targets
```task
id: RAILIANCE-WP-0007-T02
status: done
priority: high
state_hub_task_id: "5050e2fb-07c0-4a06-a64b-f152f8bdb35d"
```
Add:
Add `helm/reuse-surface-values.yaml`, document Secret `reuse-surface-env`, and
Makefile `reuse-*` targets.
- `helm/reuse-surface-hub-values.yaml` with image repository
`gitea.coulomb.social/coulomb/reuse-surface-hub` and placeholder tag
- Documented SOPS secret template path (mirror `inter-hub-env` pattern)
- Makefile variables and targets: `reuse-hub-dry-run`, `reuse-hub-deploy`,
`reuse-hub-status`, `reuse-hub-logs`
## Configure Ingress And Hostname
## Configure Ingress For reuse.coulomb.social
```task
id: RAILIANCE-WP-0007-T03
status: wait
status: todo
priority: medium
state_hub_task_id: "80dc308a-3c0f-4027-9b40-67df5f17aca7"
```
Enable ingress in values with:
Ingress enabled in chart values:
- `ingress.host: reuse-hub.whywhynot.de` (or operator-confirmed host)
- `ingress.host: reuse.coulomb.social`
- `cert-manager.io/cluster-issuer: letsencrypt-prod`
- Traefik annotations matching `vergabe-teilnahme` / `inter-hub`
- Traefik annotations matching `inter-hub`
**Blocked on:** DNS A record and hostname approval.
Confirm DNS A record in `coulomb.social` zone.
## Deploy Release To railiance01
@@ -117,14 +99,15 @@ Enable ingress in values with:
id: RAILIANCE-WP-0007-T04
status: wait
priority: medium
state_hub_task_id: "14049fd1-7ec1-4762-9a7c-9783f0997016"
```
When REUSE-WP-0011-T04 image is available:
When image is available:
1. `make reuse-hub-dry-run` — inspect rendered manifests
2. Apply SOPS secret for hub token
3. `make reuse-hub-deploy`
4. Confirm certificate issued and `/health` returns 200
1. `make reuse-dry-run`
2. Apply Secret `reuse-surface-env`
3. `make reuse-deploy`
4. Verify `https://reuse.coulomb.social/health`
## Post-Deploy Verification And Runbook
@@ -132,11 +115,12 @@ When REUSE-WP-0011-T04 image is available:
id: RAILIANCE-WP-0007-T05
status: todo
priority: low
state_hub_task_id: "30b08789-38bb-409a-b5b1-b3c73ff31a96"
```
Add `docs/reuse-surface-hub-on-railiance01.md` with:
Add `docs/reuse-surface-on-railiance01.md` with smoke checks:
- Namespace, release name, image promotion steps
- Secret rotation notes
- Smoke checks: `reuse-surface hub status --hub-url https://reuse-hub.whywhynot.de`
- Link back to `reuse-surface/docs/RegistryFederation.md`
```bash
export REUSE_SURFACE_URL=https://reuse.coulomb.social
reuse-surface hub status
```