coulomb/railiance-apps
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
77aa0d76f55cadb78e9f31c57f94918d1ef94807
railiance-apps/docs/reuse-surface-on-railiance01.md
tegwick 77aa0d76f5 Finish RAILIANCE-WP-0007: reuse-surface hub deployed on railiance01 
Helm revision 3 with image cb7a6e4. Runbook updated with TLS/DNS operator
guidance and smoke-check commands.
2026-06-15 10:15:36 +02:00

82 lines
2.4 KiB
Markdown
Raw Blame History

# reuse-surface on railiance01
Federation service deployment for **`https://reuse.coulomb.social`**.
Companion workplans: **RAILIANCE-WP-0007** (Helm release), **REUSE-WP-0011**
(service + CLI).
## DNS and TLS
| Record | Target | Notes |
|---|---|---|
| `reuse.coulomb.social` A | **`92.205.130.254`** | Cluster Traefik ingress (same as `hub.coulomb.social`) |
Let's Encrypt HTTP-01 requires traffic to reach this cluster. An earlier A record
to `92.205.62.239` does not satisfy the challenge until DNS propagates to the
ingress IP.
```bash
dig +short reuse.coulomb.social A
kubectl get certificate -n reuse
```
Until `certificate/reuse-surface-tls` is Ready, smoke checks from a workstation:
```bash
curl -k --resolve reuse.coulomb.social:443:92.205.130.254 https://reuse.coulomb.social/health
kubectl port-forward -n reuse svc/reuse-surface 18001:8000
export REUSE_SURFACE_URL=http://127.0.0.1:18001
```
## Release surface
| Item | Value |
|---|---|
| Namespace | `reuse` |
| Helm release | `reuse` |
| Chart | `charts/reuse-surface` |
| Values | `helm/reuse-surface-values.yaml` |
| Image | `gitea.coulomb.social/coulomb/reuse-surface:<tag>` |
| Secret | `reuse-surface-env` (`REUSE_SURFACE_TOKEN`) |
## Deploy
```bash
# 1. Pin image tag in helm/reuse-surface-values.yaml
# 2. Create secret (example — use SOPS handoff in production)
kubectl create namespace reuse --dry-run=client -o yaml | kubectl apply -f -
kubectl create secret generic reuse-surface-env \
--namespace reuse \
--from-literal=REUSE_SURFACE_TOKEN='<token>' \
--dry-run=client -o yaml | kubectl apply -f -
make reuse-dry-run
make reuse-deploy
make reuse-status
```
## Smoke checks
```bash
curl -k --resolve reuse.coulomb.social:443:92.205.130.254 https://reuse.coulomb.social/health
export REUSE_SURFACE_TOKEN=$(kubectl get secret reuse-surface-env -n reuse \
-o jsonpath='{.data.REUSE_SURFACE_TOKEN}' | base64 -d)
export REUSE_SURFACE_URL=https://reuse.coulomb.social # after TLS Ready
reuse-surface hub status
reuse-surface hub list
curl -fsS "$REUSE_SURFACE_URL/v1/federated" | jq '.capabilities | length'
```
Deployed image tag: see `helm/reuse-surface-values.yaml` (currently `cb7a6e4`).
Dogfood: `reuse-surface` repo registered; federated index returns 12 capabilities.
## Operations
```bash
make reuse-logs
make reuse-status
```
Image promotion: build from `coulomb/reuse-surface`, push to Gitea OCI, update
`helm/reuse-surface-values.yaml` `image.tag`, `make reuse-deploy`.
Reference in New Issue View Git Blame Copy Permalink