From cae03296f59019801e174a80d5216e188a859c40 Mon Sep 17 00:00:00 2001
From: Andrew Stoltz <andrew@flowercore.io>
Date: Fri, 24 Apr 2026 00:50:00 -0500
Subject: [PATCH] intranet: bake Notes corpus into image, drop init container
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Cluster egress to github.com is fronted by a step-ca TLS proxy that
returns 404 page not found for unmatched routes — git clone of the
public FlowerCore.Notes repo failed inside the pod even with
GIT_SSL_NO_VERIFY=true. Rather than chase the egress NetworkPolicy /
proxy config, bake the docs corpus directly into the image at
/srv/flowercore-notes/docs.

The corpus is just *.md + *.html (369 files, 2.7 MB uncompressed) —
small enough that re-baking on every deploy is fine and avoids any
runtime network dependency.

Manifest changes:
- Image bump: v202604240040search -> v202604240050corpus
- Removed initContainers (clone-notes-corpus is now redundant)
- Removed notes-corpus emptyDir + its volumeMounts
- Vector-store PVC mount stays.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 apps/intranet/intranet.yaml | 31 +------------------------------
 1 file changed, 1 insertion(+), 30 deletions(-)

diff --git a/apps/intranet/intranet.yaml b/apps/intranet/intranet.yaml
index 964ab5e..0521bc8 100644
--- a/apps/intranet/intranet.yaml
+++ b/apps/intranet/intranet.yaml
@@ -35,32 +35,9 @@ spec:
       labels:
         app: intranet-web
     spec:
-      initContainers:
-        - name: clone-notes-corpus
-          image: alpine/git:latest
-          imagePullPolicy: IfNotPresent
-          command:
-            - sh
-            - -c
-            - |
-              set -e
-              # Cluster egress is fronted by a step-ca TLS proxy whose cert
-              # doesn't match github.com. The Notes repo is public so there's
-              # no secret to protect — skip verify.
-              export GIT_SSL_NO_VERIFY=true
-              if [ -d /srv/flowercore-notes/.git ]; then
-                cd /srv/flowercore-notes && git fetch --depth=1 origin && git reset --hard origin/codex/notes-pimanager-live-drift
-              else
-                rm -rf /srv/flowercore-notes/* /srv/flowercore-notes/.[!.]* 2>/dev/null || true
-                git clone --depth=1 --branch codex/notes-pimanager-live-drift https://github.com/astoltz/FlowerCore.Notes.git /srv/flowercore-notes
-              fi
-              ls -la /srv/flowercore-notes/docs | head -10
-          volumeMounts:
-            - name: notes-corpus
-              mountPath: /srv/flowercore-notes
       containers:
         - name: intranet-web
-          image: localhost/fc-intranet-web:v202604240040search
+          image: localhost/fc-intranet-web:v202604240050corpus
           imagePullPolicy: Never
           ports:
             - containerPort: 5300
@@ -90,15 +67,9 @@ spec:
             initialDelaySeconds: 10
             periodSeconds: 10
           volumeMounts:
-            - name: notes-corpus
-              mountPath: /srv/flowercore-notes
-              readOnly: true
             - name: vector-store
               mountPath: /data
       volumes:
-        - name: notes-corpus
-          emptyDir:
-            sizeLimit: 1Gi
         - name: vector-store
           persistentVolumeClaim:
             claimName: intranet-vector-store