# reuse-surface on railiance01 Federation service deployment for **`https://reuse.coulomb.social`**. Companion workplans: **RAILIANCE-WP-0007** (Helm release), **REUSE-WP-0011** (service + CLI). ## Hosts and DNS | Server | IP | Role | |---|---|---| | **Railiance01** | **`92.205.62.239`** | Production k3s — **deploy here** | | CoulombCore | `92.205.130.254` | Bootstrap / prerelease only | | Record | Production target | Current public DNS (2026-06-15) | |---|---|---| | `reuse.coulomb.social` A | **`92.205.62.239`** | `217.160.0.212` (must be updated at registrar) | | `hub.coulomb.social` A | `92.205.62.239` (future) | `92.205.130.254` (CoulombCore bootstrap OK for now) | Let's Encrypt HTTP-01 on Railiance01 requires the public A record to reach **`92.205.62.239`**. Service is live on the production cluster; TLS waits on DNS. ```bash dig +short reuse.coulomb.social A KUBECONFIG=~/.kube/config-hosteurope kubectl get certificate -n reuse ``` Until DNS propagates and `certificate/reuse-surface-tls` is Ready: ```bash curl -k --resolve reuse.coulomb.social:443:92.205.62.239 https://reuse.coulomb.social/health KUBECONFIG=~/.kube/config-hosteurope kubectl port-forward -n reuse svc/reuse-surface 18001:8000 export REUSE_SURFACE_URL=http://127.0.0.1:18001 ``` ## Release surface | Item | Value | |---|---| | Namespace | `reuse` | | Helm release | `reuse` | | Chart | `charts/reuse-surface` | | Values | `helm/reuse-surface-values.yaml` | | Image | `gitea.coulomb.social/coulomb/reuse-surface:` | | Secret | `reuse-surface-env` (`REUSE_SURFACE_TOKEN`) | ## Deploy ```bash # 1. Pin image tag in helm/reuse-surface-values.yaml # 2. Create secret (example — use SOPS handoff in production) kubectl create namespace reuse --dry-run=client -o yaml | kubectl apply -f - kubectl create secret generic reuse-surface-env \ --namespace reuse \ --from-literal=REUSE_SURFACE_TOKEN='' \ --dry-run=client -o yaml | kubectl apply -f - # Production (Railiance01) KUBECONFIG=~/.kube/config-hosteurope make reuse-deploy KUBECONFIG=~/.kube/config-hosteurope make reuse-status # Restore kubeconfig from the node if missing: # ssh tegwick@92.205.62.239 'sudo cat /etc/rancher/k3s/k3s.yaml' \ # | sed 's|127.0.0.1|92.205.62.239|' > ~/.kube/config-hosteurope ``` ## Smoke checks ```bash curl -k --resolve reuse.coulomb.social:443:92.205.62.239 https://reuse.coulomb.social/health export REUSE_SURFACE_TOKEN=$(KUBECONFIG=~/.kube/config-hosteurope kubectl get secret reuse-surface-env -n reuse \ -o jsonpath='{.data.REUSE_SURFACE_TOKEN}' | base64 -d) export REUSE_SURFACE_URL=https://reuse.coulomb.social # after DNS + TLS Ready reuse-surface hub status reuse-surface hub list curl -fsS "$REUSE_SURFACE_URL/v1/federated" | jq '.capabilities | length' ``` Deployed image tag: see `helm/reuse-surface-values.yaml` (currently `cb7a6e4`). Dogfood: `reuse-surface` repo registered; federated index returns 12 capabilities. ## Operations ```bash make reuse-logs make reuse-status ``` Image promotion: build from `coulomb/reuse-surface`, push to Gitea OCI, update `helm/reuse-surface-values.yaml` `image.tag`, `make reuse-deploy`.