# Core Hub on CoulombCore (production) `hub.coulomb.social` serves Core Hub in production on **CoulombCore** (`92.205.130.254`). This repo owns the S5 Helm release path; Core Hub owns the application image, migrations, and API behavior. Railiance01 (`92.205.62.239`) hosts Forgejo and overlapping platform services but not the live Core Hub or `vergabe-teilnahme` releases as of 2026-07-10. ## Hosts and release surface | Server | IP | Role | |---|---|---| | CoulombCore | `92.205.130.254` | Production k3s for Core Hub and S5 apps | | Railiance01 | `92.205.62.239` | Forgejo and platform overlap | | Item | Production | Staging | |---|---|---| | Namespace | `core-hub` | `core-hub-staging` | | Helm release | `core-hub` | `core-hub` | | Chart | `charts/core-hub` | `charts/core-hub` | | Values | `helm/core-hub-values.yaml` | `helm/core-hub-staging-values.yaml` | | Image | `forgejo.coulomb.social/coulomb/core-hub:` | same | | Runtime Secret | `core-hub-prod-env` | `core-hub-staging-env` | | Public host | `hub.coulomb.social` | cluster-local / port-forward | ## Secret custody Do not commit decrypted secrets. Runtime secrets are operator-owned and should reference OpenBao or approved platform custody paths: | Secret key | Purpose | |---|---| | `CORE_HUB_DATABASE_URL` | Async SQLAlchemy URL for the environment database | | `CORE_HUB_API_TOKEN` | Operator token for protected API smokes | `CORE_HUB_AUTO_CREATE_TABLES` must remain `0` in cluster environments. Alembic is the only schema path. ## Deploy Use the CoulombCore kubeconfig. The Makefile defaults to `~/.kube/config` (tunnel `bridge up k3s-api-coulombcore`) and fails fast when the API is unreachable. See `docs/credential-routing-railiance-apps.md` for cluster and credential boundaries. ```bash make core-hub-render-baseline CORE_HUB_IMAGE_TAG= make check-core-hub-image CORE_HUB_IMAGE_TAG= make core-hub-dry-run CORE_HUB_IMAGE_TAG= make core-hub-server-dry-run CORE_HUB_IMAGE_TAG= make core-hub-migrate CORE_HUB_IMAGE_TAG= make core-hub-deploy make core-hub-status make core-hub-smoke ``` Production deploys require an explicit image tag. The checked-in values file carries a render baseline only. Staging follows the same pattern with `core-hub-staging-*` targets and `helm/core-hub-staging-values.yaml`. ## Ingress cutover The chart can render the production ingress for `hub.coulomb.social`. During an initial cutover from the legacy Inter-Hub ingress, delete the conflicting `inter-hub` ingress before applying the Core Hub ingress. See `core-hub/k8s/railiance-production/README.md` for the historical flip sequence. ## Migration boundary `make core-hub-migrate` renders and applies a one-off Job using the same image tag as deploy. Wait for Job completion before rolling out a schema-dependent image change. ## Smoke gate `make core-hub-smoke` checks: - `/healthz` and `/readyz` - `/api/v2/openapi.json` resource coverage - public `/api/v2/widget-types` - protected `/api/v2/hubs`, `/api/v2/widgets`, `/api/v2/hub-registry` For operator-authenticated smokes and activity-core sink proof, use the Core Hub service-repo targets documented in `core-hub/docs/deployment/staging-profile.md`. ## Rollback - Scale the Core Hub Deployment to zero or roll back to the last known good tag. - Re-apply the legacy Inter-Hub ingress if public routing must return to the Haskell service during stabilization. - Do not delete legacy Inter-Hub runtime secrets during rollback. ## Related docs - `the-custodian/docs/core-hub-helixforge-build-alignment.md` - `core-hub/docs/deployment/staging-profile.md` - `docs/inter-hub-on-railiance01.md` (retired Inter-Hub path)