coulomb/railiance-apps
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bcd9958b3c26b9cff8e965bde8f5e3ea9e6b4a52
railiance-apps/workplans/RAILIANCE-WP-0007-reuse-surface-hub-on-railiance01.md

126 lines
3.4 KiB
Markdown
Raw Blame History

---
id: RAILIANCE-WP-0007
type: workplan
title: "Deploy reuse-surface federation service on railiance01"
domain: railiance
repo: railiance-apps
status: finished
owner: codex
topic_slug: railiance
created: "2026-06-15"
updated: "2026-06-15"
state_hub_workstream_id: "7da18dd8-76b9-4a70-b9d7-de541afc65c0"
---
# Deploy reuse-surface federation service on railiance01
Companion to **`reuse-surface` REUSE-WP-0011**. Own the S5 Helm release,
ingress, and operator targets for the federation service on production cluster
node `railiance01` (`92.205.62.239`).
## Goal
Expose the helix_forge federation API at **`https://reuse.coulomb.social`** so
repos can register capability index URLs via `reuse-surface hub` without
per-machine `sources.yaml` maintenance.
Gitea repo: `coulomb/reuse-surface`
OCI image: `gitea.coulomb.social/coulomb/reuse-surface:<tag>`
## DNS evidence
`reuse.coulomb.social` A → **`92.205.62.239`** (operator confirmed 2026-06-15).
Ingress host configured in `charts/reuse-surface/values.yaml`.
## Upstream dependency
| Upstream | Workplan | Required artifact |
|---|---|---|
| Service + image | `reuse-surface` REUSE-WP-0011 | Image `gitea.coulomb.social/coulomb/reuse-surface:<tag>`, `reuse-surface serve`, `/health` |
Do not deploy until REUSE-WP-0011-T04 publishes a buildable image.
## Placement
Follow the `inter-hub` pattern:
- `charts/reuse-surface/` — Helm chart (Deployment, Service, Ingress, PVC)
- `helm/reuse-surface-values.yaml` — non-secret overrides (image tag)
- Secret `reuse-surface-env` with `REUSE_SURFACE_TOKEN`
- `Makefile` targets: `reuse-dry-run`, `reuse-deploy`, `reuse-status`, `reuse-logs`
- Namespace: `reuse`
## Safety contract
- Do not commit decrypted SOPS values or `REUSE_SURFACE_TOKEN`.
- Pin image tags in `helm/reuse-surface-values.yaml`.
- PVC at `/data` for SQLite (`reuse.db`) and fetch cache.
---
## Scaffold Helm Chart For reuse-surface
```task
id: RAILIANCE-WP-0007-T01
status: done
priority: high
state_hub_task_id: "d296f037-67a3-4b49-a773-6ebc2b252f3d"
```
Create `charts/reuse-surface/` with Deployment (`reuse-surface serve`), Service,
PVC, Ingress, probes on `/health`.
## Add Values, Secret Template, And Makefile Targets
```task
id: RAILIANCE-WP-0007-T02
status: done
priority: high
state_hub_task_id: "5050e2fb-b60c-4519-9168-81a6073fb4a2"
```
Add `helm/reuse-surface-values.yaml`, document Secret `reuse-surface-env`, and
Makefile `reuse-*` targets.
## Configure Ingress For reuse.coulomb.social
```task
id: RAILIANCE-WP-0007-T03
status: done
priority: medium
state_hub_task_id: "80dc308a-02e8-453c-a20a-d6f634b7ce12"
```
Ingress enabled in chart values:
- `ingress.host: reuse.coulomb.social`
- `cert-manager.io/cluster-issuer: letsencrypt-prod`
- Traefik annotations matching `inter-hub`
DNS A record live: `reuse.coulomb.social → 92.205.62.239`.
## Deploy Release To railiance01
```task
id: RAILIANCE-WP-0007-T04
status: done
priority: medium
state_hub_task_id: "14049fd1-3319-4a76-8b48-c4228a7939f7"
```
Helm revision 3 (image `cb7a6e4`). Pod Running; `/health` and `/v1/federated`
verified. TLS Ready after DNS A → `92.205.62.239`.
## Post-Deploy Verification And Runbook
```task
id: RAILIANCE-WP-0007-T05
status: done
priority: low
state_hub_task_id: "30b08789-4eb7-4182-87d1-8e464fc968d1"
```
Runbook `docs/reuse-surface-on-railiance01.md` updated with deploy evidence,
token retrieval, and TLS/DNS operator note. Smoke checks pass via ingress
and public TLS on DNS A → `92.205.62.239`.
Reference in New Issue View Git Blame Copy Permalink