coulomb/railiance-cluster
2
0
Fork 0
Code Issues Pull Requests Actions 2 Projects Releases Wiki Activity
2,051 Commits 1 Branch 0 Tags
b42e8bca4ddcf3b9fe510a55a74887380b94e294
Commit Graph

4 Commits

Author SHA1 Message Date
tegwick
595a043634 feat(boundary): move Gitea Helm values to railiance-apps (T06)
Some checks failed
railiance-tests / smoke (push) Has been cancelled
Details 
gitea-values.sops.yaml relocated to railiance-apps/helm/ per
ADR-003 boundary rules — Gitea is S5, values belong in S5 repo.
Tombstone left in helm/MOVED.md. SCOPE.md updated to reflect
resolved violation.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-27 13:23:41 +01:00
tegwick
9fc5a033d5 feat(s2): add Gitea SSH NodePort service + close WP-0004 (backup tool, scope updates)
Some checks failed
railiance-tests / smoke (push) Has been cancelled
Details 
- helm/gitea-ssh-nodeport.yaml: expose Gitea SSH on NodePort 30022 (targetPort 2222)
  for on-node git automation (RAIL-HO-WP-0004-T07)
- tools/cmd/railiance-backup-s2: fix SQLite hot backup (was broken etcd-snapshot)
- tools/cmd/railiance-restore-s2: update restore instructions for SQLite mode
- workplans/RAIL-BS-WP-0004-safety-net.md: mark done
- SCOPE.md: update current state, document boundary violations, fix connectivity docs

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-27 01:07:02 +01:00
Bernd Worsch
7daef079c2 feat(secrets): encrypt gitea Helm values with SOPS (age)
Some checks failed
railiance-tests / smoke (push) Has been cancelled
Details 
Add .sops.yaml policy targeting *.sops.yaml files using the shared age
key from railiance-infra. Migrate helm/gitea-values.yaml to encrypted
helm/gitea-values.sops.yaml.

Pins all postgresql-ha passwords (postgresql, postgres, repmgr, pgpool,
pgpool-admin, sr-check) so helm upgrade never regenerates secrets and
breaks the running cluster. Fixes WP-0003 T01.

Usage: helm upgrade gitea gitea/gitea -n default -f <(sops -d helm/gitea-values.sops.yaml)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-10 13:37:22 +00:00
tegwick
660a63c674 feat(pgpool): implement WP-0003 T01-T04 — permanent fix for pgpool-password bug
Some checks failed
railiance-tests / smoke (push) Has been cancelled
Details 
T01: helm/gitea-values.yaml with postgresql-ha.pgpool.adminPassword
     (fill REPLACE_WITH_PGPOOL_ADMIN_PASSWORD before helm upgrade)
T02: tests/smoke_kube.sh — add pgpool and postgresql-ha pod health checks
T03: tests/test_ha_failover.sh — D3 HA failover test script
T04: docs/incidents/2026-03-10-pgpool-missing-secret.md + README link

Also: make test-ha-failover target, Makefile .PHONY updated.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-10 14:16:22 +01:00