coulomb/railiance-apps
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

RAILIANCE-WP-0002 T04 done: vergabe role + vergabe_db on apps-pg

Browse Source 
Platform (railiance-platform 017934d) added managed role 'vergabe' and Database CR vergabe-db owning vergabe_db. Apps side: created vergabe-teilnahme namespace, labeled it railiance.io/postgres-client=apps-pg, mirrored the credential Secret so T05 can wire DSN postgresql://vergabe:.../apps-pg-rw.databases:5432/vergabe_db into Helm values. End-to-end psql confirmed PostgreSQL 16.13.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Bernd Worsch
2026-05-19 15:48:08 +02:00
parent ceb383e702
commit 6658d0c7e1
1 changed files with 32 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
workplans/railiance-apps-WP-0002-vergabe-teilnahme-on-railiance01.md
View File

@@ -317,7 +317,7 @@ on the cluster.
```task
id: RAILIANCE-WP-0002-T04
status: blocked
status: done
priority: high
state_hub_task_id: "925ace1c-f9bf-4644-bd0b-637705d72ea6"
```
@@ -357,6 +357,37 @@ Approach:
cluster (`kubectl run --rm -it psql ...`) and is recorded in the SOPS
values used by T05.
**Done (2026-05-19):**
Platform side (in `railiance-platform`, commit `017934d`):
- `helm/apps-pg-cluster.yaml` adds `spec.managed.roles[vergabe]`
(CNPG 1.28 role lifecycle is cluster-scoped — no standalone Role CR).
- `helm/apps-pg-databases.yaml` (new) declares `Database/vergabe-db`
with `name: vergabe_db`, `owner: vergabe`.
- Bootstrap credential `databases/vergabe-app-credentials`
(`kubernetes.io/basic-auth`, `username: vergabe`, generated password).
Apps side (this workplan):
- Namespace `vergabe-teilnahme` created and labeled
`railiance.io/postgres-client=apps-pg` (per docs/apps-pg.md
opt-in contract).
- Credential Secret mirrored to
`vergabe-teilnahme/vergabe-app-credentials` so the application pod
can mount it. T05 will reference this Secret via `envFrom` or
individual `valueFrom.secretKeyRef`.
DSN for T05's SOPS Helm values:
```
postgresql://vergabe:${PASSWORD}@apps-pg-rw.databases:5432/vergabe_db
```
End-to-end verification: `kubectl exec` into a pod in the
`vergabe-teilnahme` namespace and run psql with the mirrored
credentials — returns `vergabe | vergabe_db | PostgreSQL 16.13`.
---
### T05 — Author Helm release for vergabe-teilnahme