Deploy Forgejo on railiance01 using gitea-charts/gitea 12.5.0

Pin chart to 12.5.0 because 12.6+ calls `gitea config edit-ini`, which
Forgejo 11 lacks. Ingress targets forgejo-gitea-http (Helm release naming).
Smoke test uses GET for /v2/ registry challenge (HEAD returns 405).
This commit is contained in:
2026-07-03 21:28:32 +02:00
parent 6d00232865
commit 75698636c6
8 changed files with 296 additions and 2 deletions

View File

@@ -0,0 +1,80 @@
# Forgejo on railiance01
Production source forge at **`https://forgejo.coulomb.social`**.
Mirrors the coulombcore Gitea pattern (`railiance-forge`) but targets
**railiance01** using the same OAS split as other S5 apps (`inter-hub`,
`reuse-surface`).
## Layer ownership
| Layer | Repo | Concern |
| --- | --- | --- |
| S3 | `railiance-platform` | `forgejo-db` CNPG cluster + network policies |
| S5 | `railiance-apps` | Helm release, ingress, operator Makefile |
| S2 | `railiance-cluster` | Traefik, cert-manager, cnpg operator |
Hostname decision: `the-custodian/docs/forgejo-production-decisions.md`.
## Hosts
| Item | Value |
| --- | --- |
| Server | railiance01 `92.205.62.239` |
| Namespace | `forgejo` |
| Helm release | `forgejo` |
| HTTP service | `forgejo-gitea-http` (chart naming; ingress must target this) |
| Chart | `gitea-charts/gitea` **12.5.0** (Forgejo-compatible; 12.6+ needs Gitea 1.26 `config edit-ini`) |
| Image | `code.forgejo.org/forgejo/forgejo:11.0.3` |
| Database | `forgejo-db-rw.databases.svc.cluster.local:5432` |
| Kubeconfig | `~/.kube/config-hosteurope` |
## Bootstrap (first deploy)
### 1. Database credentials (platform)
```bash
cd ~/railiance-platform
# One-time: create and SOPS-encrypt helm/forgejo-db-secret.sops.yaml from template
KUBECONFIG=~/.kube/config-hosteurope make forgejo-db-deploy
KUBECONFIG=~/.kube/config-hosteurope make forgejo-db-status
```
### 2. Application secrets (apps)
```bash
cd ~/railiance-apps
# Encrypt helm/forgejo-secrets.sops.yaml from template (DB PASSWD must match platform secret)
make check-sops
```
### 3. Deploy Forgejo
```bash
cd ~/railiance-apps
make forgejo-dry-run
make forgejo-deploy
make forgejo-ingress-deploy
make forgejo-ssh-nodeport-deploy # optional; git+ssh via nodePort 30022
make forgejo-status
make forgejo-smoke
```
## Day-2 operator targets
```bash
make forgejo-status
make forgejo-logs
make forgejo-smoke
```
## Coexistence with Gitea
Gitea on coulombcore remains canonical until `RAIL-HO-WP-0005` migration drills
and cutover pass. Do not repoint repo remotes until Wave 1 cutover is approved.
## Related
- Gitea reference: `~/railiance-forge/Makefile` (`gitea-deploy`)
- Drain plan: `the-custodian/docs/coulombcore-drain-placement-plan.md` Wave 1
- Onboarding checklist: `docs/s5-app-onboarding-checklist.md`