railiance-apps/docs/operator-recipes.md

Operator Recipes

Service-IP Smoke Checks

Avoid one-shot kubectl run --rm -i probes for service connectivity. The container can exit before the connection result is reliable, which creates false negatives during rollout debugging.

Use a persistent pod, wait for readiness, then exec the probe:

NAMESPACE=vergabe-teilnahme \
tools/smoke-service.sh http://vergabe-teilnahme.vergabe-teilnahme.svc/health/

Reuse the same pod for a debugging session:

NAMESPACE=vergabe-teilnahme POD_NAME=service-smoke \
tools/smoke-service.sh http://vergabe-teilnahme.vergabe-teilnahme.svc/health/

Clean it up when finished:

kubectl delete pod service-smoke -n vergabe-teilnahme

Or set CLEANUP=true for a single checked run.

Manifest Server Dry-Run

Schema drift in live CRDs is caught by server-side dry-run, not by Helm rendering alone:

make k8s-server-dry-run

The command expects a representative Kubernetes API server with the same CRDs as the Railiance cluster. CI should run it against a disposable kind cluster seeded with CNPG, cert-manager, Traefik, and any other CRDs used by changed manifests.