T07 smoke: migrate all apps; /health/ 200, /ausschreibungen/dashboard/ Übersicht, /admin/login/ Anmelden, static assets (Tailwind, Alpine, htmx, Django admin) all 200. Auth-required smoke and createsuperuser deferred to the operator (interactive credentials not safe through this session); seed_dev deliberately skipped (hardcoded dev user). T08 runbook in docs/vergabe-teilnahme.md: identity, secret rotation recipes, day-to-day make targets, image promotion + rollback, troubleshooting, deferred backup posture, cross-refs.
Workplan status: finished. vergabe-teilnahme is the second S5 application on railiance01 (after Gitea).
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
7 items surfaced during RAILIANCE-WP-0002 (vergabe-teilnahme launch): URL-encoding DB passwords at Secret-build time, Django+kube-probe Host-header pattern, publishing issue-core to a Gitea PyPI registry to remove the BuildKit --build-context dependency, kubectl cnpg plugin + SOPS/age in operator onboarding, CI guard against stale yaml vs live CRD drift, and persistent-pod smoke pattern over kubectl run --rm.
Status backlog; pick up individually before the second S5 app onboards.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Platform (railiance-platform 017934d) added managed role 'vergabe' and Database CR vergabe-db owning vergabe_db. Apps side: created vergabe-teilnahme namespace, labeled it railiance.io/postgres-client=apps-pg, mirrored the credential Secret so T05 can wire DSN postgresql://vergabe:.../apps-pg-rw.databases:5432/vergabe_db into Helm values. End-to-end psql confirmed PostgreSQL 16.13.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
apps-pg cluster now has a draft workplan in railiance-platform
(RAILIANCE-WP-0003, workstream 665b3b9b). Adds the consumer recipe
inline so this workplan is self-contained once the platform cluster
goes healthy.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Used the GITEA_API_TOKEN env (token owner: tegwick) to log in to
gitea.coulomb.social and push state-hub:local as
gitea.coulomb.social/coulomb/state-hub:{6186a99,latest}.
Image digest:
sha256:039d29654ccb3754c6ecdbe497c6364bbd8452edcdcb7fa937dd9debf5b734ff
Verified cluster-side pull via kubectl run; pod reached Running in
~5s with no imagePullSecret. The Gitea container registry is now
proven end-to-end for State Hub deployment.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Pushed gitea.coulomb.social/coulomb/vergabe-teilnahme:{483a4df,latest}
using the GITEA_API_TOKEN env (token owner: tegwick).
Image digest:
sha256:e9bbceb35b0239c835d339295a0ae1d2d8b6d08c02a7b4e992c0ecd37de86d7a
Cluster-side pull verified — pod reached Running in ~7s with no
imagePullSecret; the package is public by default, so T05's Helm
release will not need pull credentials wiring.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
