First consumer of the shared apps-pg cluster: managed role vergabe in apps-pg-cluster.yaml plus Database CR vergabe-db in new helm/apps-pg-databases.yaml. .gitignore whitelists helm/*-databases.yaml. Workplan implementation notes from codex folded in. Live: Database CR applied=true, psql from vergabe-teilnahme ns returns PostgreSQL 16.13.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Marks T01-T06 done and the workplan as finished. apps-pg is in 'Cluster in healthy state', smoke-tested via labeled-ns psql, documented in docs/apps-pg.md, and the platform team has replied on the coordination thread (msg dd119862) so RAILIANCE-WP-0002 T04 can proceed.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
6-task plan to provision a shared CloudNative PG cluster apps-pg in
the databases namespace, with NetworkPolicies that use a label-based
consumer opt-in (railiance.io/postgres-client=apps-pg) instead of
the per-namespace allowlist gitea-db uses.
Responds to coordination message 768c18f4 from railiance-apps and
unblocks RAILIANCE-WP-0002 T04 (vergabe-teilnahme role+db creation).
Keeps platform agnostic of individual apps per ADR-003: per-app
Database CRs and credential Secrets are owned by the consuming repos.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
WP-0001 targeted Bitnami postgresql-ha; CloudNative PG (cnpg) is the
deployed operator. Migration path now tracked in RAIL-HO-WP-0004-T03–T05.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
