cleanup: fully remove orphaned council-complaints app

The council-complaints app (Islington civic-reporting pilot) has been abandoned. It was already dead in the cluster (deployments scaled 0/0, image only on the decommissioned registry.viktorbarzin.me which 404s), and it was never in Terraform — only docs + a kyverno comment referenced it. Its live cluster resources (namespace, both NFS-backed PVs, ingresses) were torn down out-of-band via kubectl (nothing in TF to drift from); the DB-dump PVC was backed up to NFS first. This removes the remaining repo references to the live app: - service-catalog.md: drop the council-complaints row - ci-cd.md + .claude/CLAUDE.md: drop it from the GHA->ghcr app list - kyverno require-trusted-registries: the registry.viktorbarzin.me/* allowlist comment claimed council-complaints as the last referencer; rewrite it (no live workload pulls from that registry now; only stale completed Job records still carry the ref). The allowlist line itself is kept (registry-scoped, not app-specific). Historical point-in-time plan docs (docs/plans/2026-05-16-auto-upgrade- apps-{design,plan}.md) still mention it inside a frozen "10 GHA-migrated repos (memory id=388)" snapshot; left as-is so the dated record stays accurate. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-21 13:32:10 +00:00 · 2026-06-21 13:32:10 +00:00 · 68d9058f85
commit 68d9058f85
parent 6dc3ce139f
4 changed files with 5 additions and 5 deletions
--- a/stacks/kyverno/modules/kyverno/security-policies.tf
+++ b/stacks/kyverno/modules/kyverno/security-policies.tf
@ -330,8 +330,9 @@ resource "kubectl_manifest" "policy_require_trusted_registries" {
                  "docker.n8n.io/*", "registry.gitlab.com/*",
                  # Private
                  "forgejo.viktorbarzin.me/*", "10.0.20.10*",
-                  # Legacy private registry (decommissioned 2026-05-07 per CLAUDE.md
-                  # but council-complaints still references — migrate to Forgejo).
+                  # Legacy private registry (decommissioned 2026-05-07 per CLAUDE.md).
+                  # No live workload pulls from it; only stale completed Job records
+                  # (e.g. old wealthfolio-sync jobs) still carry the image ref.
                  "registry.viktorbarzin.me/*",
                  # DockerHub library (bare image names without slash)
                  "alpine*", "busybox*", "kong*", "mysql*", "nginx*", "postgres*", "python*",