fix: derive PG schema from tenant ID instead of defaulting to public

Schema now defaults to tenant_${cameleer.tenant.id} (e.g. tenant_default,
tenant_acme) instead of public. Flyway create-schemas: true ensures the
schema is auto-created on first startup. CAMELEER_DB_SCHEMA env var still
available as override for feature branch isolation. Removed hardcoded
public schema from K8s base and main overlay.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

cameleer3-server-app/src/main/resources/application.yml

@@ -3,18 +3,19 @@ server:
 
 spring:
   datasource:
-    url: jdbc:postgresql://localhost:5432/cameleer3?currentSchema=${CAMELEER_DB_SCHEMA:public}
+    url: jdbc:postgresql://localhost:5432/cameleer3?currentSchema=${CAMELEER_DB_SCHEMA:tenant_${cameleer.tenant.id}}
     username: cameleer
     password: ${CAMELEER_DB_PASSWORD:cameleer_dev}
     driver-class-name: org.postgresql.Driver
   flyway:
     enabled: true
     locations: classpath:db/migration
-    url: jdbc:postgresql://localhost:5432/cameleer3?currentSchema=${CAMELEER_DB_SCHEMA:public},public
+    url: jdbc:postgresql://localhost:5432/cameleer3?currentSchema=${CAMELEER_DB_SCHEMA:tenant_${cameleer.tenant.id}},public
     user: ${spring.datasource.username}
     password: ${spring.datasource.password}
-    schemas: ${CAMELEER_DB_SCHEMA:public}
+    schemas: ${CAMELEER_DB_SCHEMA:tenant_${cameleer.tenant.id}}
-    default-schema: ${CAMELEER_DB_SCHEMA:public}
+    default-schema: ${CAMELEER_DB_SCHEMA:tenant_${cameleer.tenant.id}}
+    create-schemas: true
   mvc:
     async:
       request-timeout: -1

deploy/base/server.yaml

@@ -20,12 +20,8 @@ spec:
           ports:
             - containerPort: 8081
           env:
-            - name: SPRING_DATASOURCE_URL
+            - name: CAMELEER_TENANT_ID
-              value: "jdbc:postgresql://postgres.cameleer.svc.cluster.local:5432/cameleer3?currentSchema=$(CAMELEER_DB_SCHEMA)"
+              value: "default"
-            - name: SPRING_FLYWAY_URL
-              value: "jdbc:postgresql://postgres.cameleer.svc.cluster.local:5432/cameleer3?currentSchema=$(CAMELEER_DB_SCHEMA),public"
-            - name: CAMELEER_DB_SCHEMA
-              value: "public"
             - name: SPRING_DATASOURCE_USERNAME
               valueFrom:
                 secretKeyRef:

deploy/overlays/main/kustomization.yaml

@@ -38,8 +38,6 @@ patches:
             containers:
               - name: server
                 env:
-                  - name: SPRING_DATASOURCE_URL
-                    value: "jdbc:postgresql://postgres:5432/cameleer3?currentSchema=public"
                   - name: CAMELEER_UI_ORIGIN
                     value: "http://192.168.50.86:30090"
   # UI ConfigMap: production API URL

docs/SERVER-CAPABILITIES.md

@@ -376,7 +376,7 @@ Registry: `gitea.siegeln.net/cameleer/cameleer3-server`
 | `SPRING_DATASOURCE_URL` | No | `jdbc:postgresql://localhost:5432/cameleer3` | PostgreSQL JDBC URL |
 | `SPRING_DATASOURCE_USERNAME` | No | `cameleer` | PostgreSQL user |
 | `SPRING_DATASOURCE_PASSWORD` | No | `cameleer_dev` | PostgreSQL password |
-| `CAMELEER_DB_SCHEMA` | No | `public` | PostgreSQL schema name |
+| `CAMELEER_DB_SCHEMA` | No | `tenant_{CAMELEER_TENANT_ID}` | PostgreSQL schema (override for feature branches) |
 
 ### Health Probes