coulomb/railiance-apps
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b859530fcf1e5d2418f2f291afc8a462602fd15b
railiance-apps/docs/reuse-surface-on-railiance01.md

4.5 KiB
Raw Blame History

reuse-surface on railiance01

Federation service deployment for https://reuse.coulomb.social.

Companion workplans: RAILIANCE-WP-0007 (Helm release), REUSE-WP-0011 (service + CLI).

Hosts and DNS

Server IP Role
Railiance01 92.205.62.239 Production k3s — deploy here
CoulombCore 92.205.130.254 Bootstrap / prerelease only
Record Production target Current public DNS (2026-06-15)
reuse.coulomb.social A 92.205.62.239 Propagated on 8.8.8.8 / 1.1.1.1; drop any AAAA/forwarding still pointing elsewhere
hub.coulomb.social A 92.205.62.239 (future) 92.205.130.254 (CoulombCore bootstrap OK for now)

Let's Encrypt HTTP-01 on Railiance01 requires the public A record to reach 92.205.62.239. Service is live on the production cluster; TLS waits on DNS.

dig +short reuse.coulomb.social A
KUBECONFIG=~/.kube/config-hosteurope kubectl get certificate -n reuse

Until DNS propagates and certificate/reuse-surface-tls is Ready:

curl -k --resolve reuse.coulomb.social:443:92.205.62.239 https://reuse.coulomb.social/health
KUBECONFIG=~/.kube/config-hosteurope kubectl port-forward -n reuse svc/reuse-surface 18001:8000
export REUSE_SURFACE_URL=http://127.0.0.1:18001

Release surface

Item Value
Namespace reuse
Helm release reuse
Chart charts/reuse-surface
Values helm/reuse-surface-values.yaml
Image gitea.coulomb.social/coulomb/reuse-surface:<tag>
Landing image nginxinc/nginx-unprivileged:1.27-alpine
Secret reuse-surface-env (REUSE_SURFACE_TOKEN)

Browser landing page

https://reuse.coulomb.social/ serves a static no-login landing page from the Helm-managed reuse-surface-landing Deployment and Service. It exists for humans who open the hostname in a browser; it does not change the API service.

Ingress routing is intentionally split:

  • HTTP / redirects permanently to https://reuse.coulomb.social/;
  • HTTPS /health and /v1/* route to svc/reuse-surface;
  • HTTPS / and other non-API browser paths route to svc/reuse-surface-landing.

The rendered page includes noindex,nofollow, a short service description, and links to /health, /v1/federated, and this operator runbook. It must not include REUSE_SURFACE_TOKEN or any other runtime secret.

Rollback: set landing.enabled: false in helm/reuse-surface-values.yaml and run KUBECONFIG=~/.kube/config-hosteurope make reuse-deploy; the ingress will return to routing all / traffic to the API service.

Deploy

# 1. Pin image tag in helm/reuse-surface-values.yaml
# 2. Create secret (example — use SOPS handoff in production)
kubectl create namespace reuse --dry-run=client -o yaml | kubectl apply -f -
kubectl create secret generic reuse-surface-env \
  --namespace reuse \
  --from-literal=REUSE_SURFACE_TOKEN='<token>' \
  --dry-run=client -o yaml | kubectl apply -f -

# Production (Railiance01)
KUBECONFIG=~/.kube/config-hosteurope make reuse-deploy
KUBECONFIG=~/.kube/config-hosteurope make reuse-status

# Restore kubeconfig from the node if missing:
# ssh tegwick@92.205.62.239 'sudo cat /etc/rancher/k3s/k3s.yaml' \
#   | sed 's|127.0.0.1|92.205.62.239|' > ~/.kube/config-hosteurope

Smoke checks

curl -I http://reuse.coulomb.social/
curl -k --resolve reuse.coulomb.social:443:92.205.62.239 https://reuse.coulomb.social/
curl -k --resolve reuse.coulomb.social:443:92.205.62.239 https://reuse.coulomb.social/health
curl -k --resolve reuse.coulomb.social:443:92.205.62.239 https://reuse.coulomb.social/v1/federated

export REUSE_SURFACE_TOKEN=$(KUBECONFIG=~/.kube/config-hosteurope kubectl get secret reuse-surface-env -n reuse \
  -o jsonpath='{.data.REUSE_SURFACE_TOKEN}' | base64 -d)
export REUSE_SURFACE_URL=https://reuse.coulomb.social   # after DNS + TLS Ready
reuse-surface hub status
reuse-surface hub list
curl -fsS "$REUSE_SURFACE_URL/v1/federated" | jq '.capabilities | length'

Deployed image tag: see helm/reuse-surface-values.yaml (currently cb7a6e4). Dogfood: reuse-surface repo registered; federated index returns 12 capabilities.

Operations

make reuse-logs
make reuse-status

Image promotion: build from coulomb/reuse-surface, push to Gitea OCI, update helm/reuse-surface-values.yaml image.tag, then:

KUBECONFIG=~/.kube/config-hosteurope make reuse-deploy

Bootstrap copy on CoulombCore (92.205.130.254) was removed 2026-06-15 — use config-hosteurope only.

Reference in New Issue View Git Blame Copy Permalink