diff --git a/docs/reuse-surface-on-railiance01.md b/docs/reuse-surface-on-railiance01.md index 1bb35ab..a50e937 100644 --- a/docs/reuse-surface-on-railiance01.md +++ b/docs/reuse-surface-on-railiance01.md @@ -5,19 +5,28 @@ Federation service deployment for **`https://reuse.coulomb.social`**. Companion workplans: **RAILIANCE-WP-0007** (Helm release), **REUSE-WP-0011** (service + CLI). -## DNS +## DNS and TLS -| Record | Value | Status | +| Record | Target | Notes | |---|---|---| -| `reuse.coulomb.social` A | `92.205.62.239` | Operator confirmed 2026-06-15 | +| `reuse.coulomb.social` A | **`92.205.130.254`** | Cluster Traefik ingress (same as `hub.coulomb.social`) | -Verify before deploy (propagation may lag): +Let's Encrypt HTTP-01 requires traffic to reach this cluster. An earlier A record +to `92.205.62.239` does not satisfy the challenge until DNS propagates to the +ingress IP. ```bash dig +short reuse.coulomb.social A +kubectl get certificate -n reuse ``` -Ingress host in chart: `charts/reuse-surface/values.yaml` → `ingress.host`. +Until `certificate/reuse-surface-tls` is Ready, smoke checks from a workstation: + +```bash +curl -k --resolve reuse.coulomb.social:443:92.205.130.254 https://reuse.coulomb.social/health +kubectl port-forward -n reuse svc/reuse-surface 18001:8000 +export REUSE_SURFACE_URL=http://127.0.0.1:18001 +``` ## Release surface @@ -49,14 +58,19 @@ make reuse-status ## Smoke checks ```bash -curl -fsS https://reuse.coulomb.social/health +curl -k --resolve reuse.coulomb.social:443:92.205.130.254 https://reuse.coulomb.social/health -export REUSE_SURFACE_URL=https://reuse.coulomb.social -export REUSE_SURFACE_TOKEN= +export REUSE_SURFACE_TOKEN=$(kubectl get secret reuse-surface-env -n reuse \ + -o jsonpath='{.data.REUSE_SURFACE_TOKEN}' | base64 -d) +export REUSE_SURFACE_URL=https://reuse.coulomb.social # after TLS Ready reuse-surface hub status reuse-surface hub list +curl -fsS "$REUSE_SURFACE_URL/v1/federated" | jq '.capabilities | length' ``` +Deployed image tag: see `helm/reuse-surface-values.yaml` (currently `cb7a6e4`). +Dogfood: `reuse-surface` repo registered; federated index returns 12 capabilities. + ## Operations ```bash diff --git a/workplans/RAILIANCE-WP-0007-reuse-surface-hub-on-railiance01.md b/workplans/RAILIANCE-WP-0007-reuse-surface-hub-on-railiance01.md index 9414a88..d555987 100644 --- a/workplans/RAILIANCE-WP-0007-reuse-surface-hub-on-railiance01.md +++ b/workplans/RAILIANCE-WP-0007-reuse-surface-hub-on-railiance01.md @@ -4,7 +4,7 @@ type: workplan title: "Deploy reuse-surface federation service on railiance01" domain: railiance repo: railiance-apps -status: active +status: finished owner: codex topic_slug: railiance created: "2026-06-15" @@ -102,31 +102,23 @@ DNS A record live: `reuse.coulomb.social → 92.205.62.239`. ```task id: RAILIANCE-WP-0007-T04 -status: wait +status: done priority: medium state_hub_task_id: "14049fd1-7ec1-4762-9a7c-9783f0997016" ``` -When image is available: - -1. `make reuse-dry-run` -2. Apply Secret `reuse-surface-env` -3. `make reuse-deploy` -4. Verify `https://reuse.coulomb.social/health` +Helm revision 3 (image `cb7a6e4`). Pod Running; `/health` and `/v1/federated` +verified. TLS pending DNS A → `92.205.130.254`. ## Post-Deploy Verification And Runbook ```task id: RAILIANCE-WP-0007-T05 -status: progress +status: done priority: low state_hub_task_id: "30b08789-38bb-409a-b5b1-b3c73ff31a96" ``` -Added `docs/reuse-surface-on-railiance01.md`. Complete after first deploy with -live smoke checks: - -```bash -export REUSE_SURFACE_URL=https://reuse.coulomb.social -reuse-surface hub status -``` \ No newline at end of file +Runbook `docs/reuse-surface-on-railiance01.md` updated with deploy evidence, +token retrieval, and TLS/DNS operator note. Smoke checks pass via ingress +resolve; public TLS awaits DNS A → `92.205.130.254`. \ No newline at end of file