Move ClickHouse credentials to K8s Secret and add health probes

- ClickHouse user/password now injected via `clickhouse-credentials` Secret instead of hardcoded plaintext in deploy manifests (#33) - CI deploy step creates the secret idempotently from Gitea CI secrets - Added liveness/readiness probes: server uses /api/v1/health, ClickHouse uses /ping (#35) - Updated HOWTO.md and CLAUDE.md with new secrets and probe details Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-13 10:59:15 +01:00
parent d229365eaf
commit 9c2391e5d4
5 changed files with 59 additions and 6 deletions
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -50,5 +50,6 @@ java -jar cameleer3-server-app/target/cameleer3-server-app-1.0-SNAPSHOT.jar
 - Registry: `gitea.siegeln.net/cameleer/cameleer3-server` (container images)
 - K8s manifests in `deploy/` — ClickHouse StatefulSet + server Deployment + NodePort Service (30081)
 - Deployment target: k3s at 192.168.50.86, namespace `cameleer`
- Secrets managed in CI deploy step (idempotent `--dry-run=client | kubectl apply`)
+- Secrets managed in CI deploy step (idempotent `--dry-run=client | kubectl apply`): `cameleer-auth`, `clickhouse-credentials`
+- K8s probes: server uses `/api/v1/health`, ClickHouse uses `/ping`
 - Docker build uses buildx registry cache + `--provenance=false` for Gitea compatibility