Customers running this server with no overrides reach the public registry
alias, not the internal hostname. registry.cameleer.io and gitea.siegeln.net
resolve to the same registry — buildtime CI keeps pushing to gitea.siegeln.net,
runtime defaults pull via the public alias.
- application.yml: baseimage, loaderimage defaults
- DeploymentExecutor.java: matching @Value defaults
- docker-orchestration.md: updates the documented default and notes the
buildtime/public split so future changes don't "fix" the asymmetry
Out of scope (intentionally still on gitea.siegeln.net):
- LoaderHardeningIT and the two DockerRuntimeOrchestrator unit tests.
Tests are buildtime artifacts; LoaderHardeningIT pulls the real image
via CI's pre-authenticated docker login to gitea.siegeln.net.
- deploy/base/*.yaml and deploy/overlays/main/*.yaml (internal k3s,
customers don't use these manifests).
- pom.xml, .npmrc, ui/Dockerfile (build dependency sources).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
843e782340