Implement app deployment improvements

docs/vergabe-teilnahme.md

@@ -36,13 +36,9 @@ K8s Secrets, not in committed values files.
 2. Mirror the new password into `vergabe-teilnahme/vergabe-app-credentials`.
 3. Rebuild `DATABASE_URL` in `vergabe-teilnahme-env`, **URL-encoding
    the password** (the base64 character set breaks the URL parser
-   otherwise — see `RAILIANCE-WP-0004 I01`):
+   otherwise - see `RAILIANCE-WP-0004 I01`):
    ```bash
-   PW=$(kubectl get secret vergabe-app-credentials -n vergabe-teilnahme -o jsonpath='{.data.password}' | base64 -d)
-   ENCODED=$(python3 -c "import urllib.parse,sys; print(urllib.parse.quote(sys.argv[1], safe=''))" "$PW")
-   kubectl patch secret vergabe-teilnahme-env -n vergabe-teilnahme \
-     --type=merge \
-     -p "{\"stringData\":{\"DATABASE_URL\":\"postgresql://vergabe:$ENCODED@apps-pg-rw.databases:5432/vergabe_db\"}}"
+   make vergabe-db-url-secret
    kubectl rollout restart deploy/vergabe-teilnahme -n vergabe-teilnahme
    ```
 
@@ -103,6 +99,7 @@ Most likely the probe's `Host` header doesn't match
 vergabe-teilnahme.whywhynot.de` precisely to avoid this — if you
 change `ALLOWED_HOSTS` in values, also update `probes.hostHeader`.
 Symptom in `kubectl logs`: kube-probe requests returning HTTP 400.
+See `docs/django-on-railiance.md` for the reusable pattern.
 
 ### `dj-database-url` error: "The database name 'XYZ...' is longer than 63 characters"
 
@@ -156,4 +153,8 @@ configuration belongs to `railiance-platform`).
 - Improvements backlog: `workplans/railiance-apps-WP-0004-app-deployment-improvements.md`
 - Shared DB cluster: `railiance-platform/docs/apps-pg.md`
 - Container registry: `docs/gitea-container-registry.md`
+- Python package registry: `docs/gitea-package-registry.md`
+- Django deployment recipe: `docs/django-on-railiance.md`
+- Operator setup: `docs/operator-setup.md`
+- Operator recipes: `docs/operator-recipes.md`
 - App source: https://gitea.coulomb.social/coulomb/vergabe-teilnahme