coulomb/railiance-apps
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Correct reuse-surface target: Railiance01 92.205.62.239

Browse Source 
Document production vs CoulombCore bootstrap IPs and deploy via
config-hosteurope. Public DNS for reuse.coulomb.social still wrong.
This commit is contained in:
Bernd Worsch
2026-06-15 10:24:32 +02:00
parent 77aa0d76f5
commit 7c05877f1e
1 changed files with 25 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
docs/reuse-surface-on-railiance01.md
View File

@@ -5,26 +5,31 @@ Federation service deployment for **`https://reuse.coulomb.social`**.
Companion workplans: **RAILIANCE-WP-0007** (Helm release), **REUSE-WP-0011**
(service + CLI).
## DNS and TLS
## Hosts and DNS
| Record | Target | Notes |
| Server | IP | Role |
|---|---|---|
| `reuse.coulomb.social` A | **`92.205.130.254`** | Cluster Traefik ingress (same as `hub.coulomb.social`) |
| **Railiance01** | **`92.205.62.239`** | Production k3s — **deploy here** |
| CoulombCore | `92.205.130.254` | Bootstrap / prerelease only |
Let's Encrypt HTTP-01 requires traffic to reach this cluster. An earlier A record
to `92.205.62.239` does not satisfy the challenge until DNS propagates to the
ingress IP.
| Record | Production target | Current public DNS (2026-06-15) |
|---|---|---|
| `reuse.coulomb.social` A | **`92.205.62.239`** | `217.160.0.212` (must be updated at registrar) |
| `hub.coulomb.social` A | `92.205.62.239` (future) | `92.205.130.254` (CoulombCore bootstrap OK for now) |
Let's Encrypt HTTP-01 on Railiance01 requires the public A record to reach
**`92.205.62.239`**. Service is live on the production cluster; TLS waits on DNS.
```bash
dig +short reuse.coulomb.social A
kubectl get certificate -n reuse
KUBECONFIG=~/.kube/config-hosteurope kubectl get certificate -n reuse
```
Until `certificate/reuse-surface-tls` is Ready, smoke checks from a workstation:
Until DNS propagates and `certificate/reuse-surface-tls` is Ready:
```bash
curl -k --resolve reuse.coulomb.social:443:92.205.130.254 https://reuse.coulomb.social/health
kubectl port-forward -n reuse svc/reuse-surface 18001:8000
curl -k --resolve reuse.coulomb.social:443:92.205.62.239 https://reuse.coulomb.social/health
KUBECONFIG=~/.kube/config-hosteurope kubectl port-forward -n reuse svc/reuse-surface 18001:8000
export REUSE_SURFACE_URL=http://127.0.0.1:18001
```
@@ -50,19 +55,23 @@ kubectl create secret generic reuse-surface-env \
--from-literal=REUSE_SURFACE_TOKEN='<token>' \
--dry-run=client -o yaml | kubectl apply -f -
make reuse-dry-run
make reuse-deploy
make reuse-status
# Production (Railiance01)
KUBECONFIG=~/.kube/config-hosteurope make reuse-deploy
KUBECONFIG=~/.kube/config-hosteurope make reuse-status
# Restore kubeconfig from the node if missing:
# ssh tegwick@92.205.62.239 'sudo cat /etc/rancher/k3s/k3s.yaml' \
# | sed 's|127.0.0.1|92.205.62.239|' > ~/.kube/config-hosteurope
```
## Smoke checks
```bash
curl -k --resolve reuse.coulomb.social:443:92.205.130.254 https://reuse.coulomb.social/health
curl -k --resolve reuse.coulomb.social:443:92.205.62.239 https://reuse.coulomb.social/health
export REUSE_SURFACE_TOKEN=$(kubectl get secret reuse-surface-env -n reuse \
export REUSE_SURFACE_TOKEN=$(KUBECONFIG=~/.kube/config-hosteurope kubectl get secret reuse-surface-env -n reuse \
-o jsonpath='{.data.REUSE_SURFACE_TOKEN}' | base64 -d)
export REUSE_SURFACE_URL=https://reuse.coulomb.social # after TLS Ready
export REUSE_SURFACE_URL=https://reuse.coulomb.social # after DNS + TLS Ready
reuse-surface hub status
reuse-surface hub list
curl -fsS "$REUSE_SURFACE_URL/v1/federated" | jq '.capabilities | length'