docs: K3s HA hardening notes - CoreDNS, CNPG, pooler spread

MEMORY.md

@@ -1,5 +1,8 @@
 # MEMORY.md - Long-Term Memory
 
+## Lessons Learned
+- **CEO sessions need 1 hour timeout** (`runTimeoutSeconds: 3600`). Default 10min is way too short — CEOs hire sub-agents for long-running tasks. Always set explicitly.
+
 ## Product Ideas & Future CEOs
 - `projects/ideas/product-ideas.md` — All product ideas + SnapAPI CEO setup plan
 - Selected next product: **SnapAPI** (Screenshot API) — ready to launch when user says go
@@ -15,6 +18,16 @@
 - Old server (167.235.156.214) kept for git push + SMTP relay only
 - Total infra cost: €17.06/mo (3x CAX11 + LB)
 
+## K3s HA Hardening (2026-02-18)
+- **CoreDNS**: 3 replicas with podAntiAffinity (one per node) — was single SPOF
+- **CNPG operator**: 2 replicas with topologySpreadConstraints (w1 + w2) — was single SPOF preventing DB failover
+- **PgBouncer pooler**: anti-affinity via Pooler CRD template (w1 + w2) — was landing both on same node
+- **DocFast prod**: preferredDuringScheduling anti-affinity to spread across workers
+- **App v0.2.7**: `client.release(true)` destroys dead pool connections on transient errors
+- **HA test PASSED**: Shut down either worker → prod stays up, DB failover works, zero downtime
+- **Note**: Staging is 1 replica = not HA by design. CoreDNS scale may not persist K3s upgrades — check after updates.
+- **Note**: Deployment patches to system components (CoreDNS, CNPG operator) are runtime changes. Document in infra notes so they can be re-applied if needed.
+
 ## Game Save Files
 - `memory/d2r.json` — Diablo II: Resurrected progress (Necro "Baltasar", Summoner build)
 - `memory/bg3.json` — Baldur's Gate 3 progress (Act 1, level 3)