feat(s2): add Gitea SSH NodePort service + close WP-0004 (backup tool, scope updates)
- helm/gitea-ssh-nodeport.yaml: expose Gitea SSH on NodePort 30022 (targetPort 2222) for on-node git automation (RAIL-HO-WP-0004-T07) - tools/cmd/railiance-backup-s2: fix SQLite hot backup (was broken etcd-snapshot) - tools/cmd/railiance-restore-s2: update restore instructions for SQLite mode - workplans/RAIL-BS-WP-0004-safety-net.md: mark done - SCOPE.md: update current state, document boundary violations, fix connectivity docs Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
parent
943d0f3e80
commit
9fc5a033d5
3 changed files with 46 additions and 16 deletions
22
SCOPE.md
22
SCOPE.md
|
|
@ -59,10 +59,11 @@ Railiance is structured as five independent repos per OAS Stack layer. This repo
|
|||
|
||||
## Current State
|
||||
|
||||
- Status: active / mostly complete
|
||||
- Implementation: k3s baseline complete (RAIL-BS-WP-0002); active bug fixes (RAIL-BS-WP-0003 pgpool HA failover); safety net tooling in progress (RAIL-BS-WP-0004)
|
||||
- Stability: high for k3s baseline; active improvements ongoing
|
||||
- Usage: core Kubernetes runtime for all Railiance deployments; runs on HostEurope server
|
||||
- Status: active / stable
|
||||
- Implementation: k3s baseline complete (RAIL-BS-WP-0002 done); pgpool HA failover fix complete (RAIL-BS-WP-0003 done); integrated backup complete (RAIL-BS-WP-0004 done — age-encrypted local backup, daily cron under root)
|
||||
- Stability: high — no active open workplans
|
||||
- Usage: core Kubernetes runtime for all Railiance deployments; runs on COULOMBCORE (92.205.130.254)
|
||||
- Also deployed at cluster level: cert-manager, ArgoCD, CloudNative PG operator (cnpg), nginx ingress, SSO stack (mfa + sso namespaces via net-kingdom)
|
||||
|
||||
---
|
||||
|
||||
|
|
@ -108,12 +109,19 @@ keywords: [kubernetes, k3s, cluster, helm, ingress, cni, k8s, provisioning]
|
|||
```capability
|
||||
type: infrastructure
|
||||
title: Cluster operators and addon management
|
||||
description: Deploy and manage cluster-wide operators and addons (cert-manager, admission controllers) on the running Railiance Kubernetes cluster.
|
||||
keywords: [operator, addon, cert-manager, admission, kubernetes, cluster]
|
||||
description: Deploy and manage cluster-wide operators and addons (cert-manager, CloudNative PG operator, ArgoCD, nginx ingress) on the running Railiance Kubernetes cluster.
|
||||
keywords: [operator, addon, cert-manager, cnpg, argocd, admission, kubernetes, cluster]
|
||||
```
|
||||
|
||||
```capability
|
||||
type: operations
|
||||
title: Kubernetes runtime backup (age-encrypted)
|
||||
description: Daily encrypted backup of k3s cluster state (SQLite hot copy), Helm release values, and kubeconfig to /opt/backup/railiance/cluster/ using age encryption. Run via sudo make backup.
|
||||
keywords: [backup, restore, age, encryption, k3s, state, helm, kubeconfig, disaster-recovery]
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Notes
|
||||
|
||||
Designed for remote execution from HostEurope (92.205.130.254). Requires SSH reverse tunnel: `ssh -R 8000:127.0.0.1:8000 <user>@remote`.
|
||||
Runs on COULOMBCORE (92.205.130.254). State Hub access via ops-bridge reverse tunnel — `bridge up state-hub-coulombcore` from the workstation (see ADR-004). Gitea is currently deployed here as a Helm release (boundary violation: architecturally belongs to S5 — migration pending).
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue