Locks in the production deployment shape: Helm chart matching sister
ezscale-api pattern, multi-stage Dockerfile with three targets
(app/horizon/scheduler), operator-managed MariaDB CRDs that plug into
the existing ezscale-namespace MariaDB instance, per-app Valkey,
Traefik IngressRoute + cert-manager TLS, Storj for file storage.
Critical invariant captured: APP_KEY and Passport keys are bootstrapped
once and never regenerated by the chart.
Two environments: local (k3d/minikube) and us-prod.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Andrew
bd7d99b8d1