coulomb/railiance-platform
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
24 Commits 1 Branch 0 Tags
017934d47959bc333f01c0a5bcea0251097c5a37
Commit Graph

5 Commits

Author SHA1 Message Date
tegwick
017934d479 Add vergabe role + vergabe_db database for RAILIANCE-WP-0002 T04 
First consumer of the shared apps-pg cluster: managed role vergabe in apps-pg-cluster.yaml plus Database CR vergabe-db in new helm/apps-pg-databases.yaml. .gitignore whitelists helm/*-databases.yaml. Workplan implementation notes from codex folded in. Live: Database CR applied=true, psql from vergabe-teilnahme ns returns PostgreSQL 16.13.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-19 15:47:06 +02:00
tegwick
980947894e Added openbao secrets management and phaseout of bitnami for CloudNative PG 2026-05-18 11:53:59 +02:00
tegwick
e29f430b8d feat(s3): add gitea-db NetworkPolicies and Valkey values template 
- gitea-db-networkpolicies.yaml: allow-egress-kube-api and
  allow-ingress-from-cnpg-operator for gitea-db cluster pods;
  required because databases namespace has default-deny-all policy
  and existing allow rules only covered net-kingdom-pg
- valkey-values.sops.yaml.template: standalone Valkey Helm values
  template with Gitea connection string documentation
- .gitignore: allow *-networkpolicies.yaml alongside *-cluster.yaml

Fixes gitea-db initdb failure (T03); gitea-db cluster now healthy.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-27 02:23:00 +01:00
tegwick
2a4312643d feat(s3): add cnpg Gitea database cluster + Makefile targets 
- helm/gitea-db-cluster.yaml: cnpg Cluster for Gitea (1 instance, 10Gi, pg16)
  bootstraps gitea DB from gitea-db-credentials secret in databases namespace
- helm/gitea-db-secret.sops.yaml.template: credential secret template (encrypt before use)
- Makefile: add db-deploy, db-status, db-shell, db-logs targets; mark pg-deploy legacy
- .gitignore: allow *-cluster.yaml (k8s manifests with no secrets)

Cluster applied to live cluster. RAIL-HO-WP-0004-T03.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-27 02:07:31 +01:00
tegwick
01d280120d feat(platform): T01 — standalone PostgreSQL HA chart scaffold 
Lays out the S3 platform layer foundation for RAIL-PL-WP-0001 T01:

- .sops.yaml: age encryption policy (shared key, *.sops.yaml pattern)
- .gitignore: prevents accidental commit of decrypted values files
- Makefile: pg-deploy, pg-status, pg-pgpool-check, valkey-deploy,
  valkey-status, backup targets with KUBECONFIG/HELM wiring
- helm/postgresql-ha-values.yaml.template: annotated values schema
  with CHANGEME_ placeholders; includes pgpool-password fix from
  RAIL-BS-WP-0003; notes on single-node vs ThreePhoenix scaling
- docs/postgresql-ha.md: connection strings, DB creation, password
  rotation, pgpool-password critical note, HA failover test ref,
  ThreePhoenix scaling path

To complete T01: fill in CHANGEME_ values, encrypt with sops -e -i,
then run make pg-deploy.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-11 02:17:55 +01:00