refactor(apps): move forte-drop apps from base to upc-dev overlay
All checks were successful
AI Code Review / ai-review (pull_request) Successful in 6s
All checks were successful
AI Code Review / ai-review (pull_request) Successful in 6s
forte-drop, forte-drop-mcp and forte-drop-postgresql lived under apps/base/ but were only ever wired into the upc-dev overlay (never listed in apps/base/kustomization.yaml). They carry hackathon-domain hardcoded values and must not sync to upc-prod, so they belong in the overlay alongside dbunk-demo — per danijel.simeunovic's review on PR #18. - git mv the three dirs into apps/overlays/upc-dev/ (history preserved) - rewrite overlay kustomization refs from ../../base/forte-drop* to local - repoint forte-drop-postgresql Application path apps/base/... -> apps/overlays/upc-dev/forte-drop-postgresql/resources Render-verified: kubectl kustomize apps/overlays/upc-dev differs only by the postgres path line; apps/overlays/upc-prod render byte-identical (forte-drop never reaches prod). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Sten
@@ -0,0 +1,38 @@
|
||||
# Labeled config Secret read by the Keycloak Client Registrar. Kyverno clones it
|
||||
# to the keycloak namespace; a CronJob registers the OIDC client in the forte
|
||||
# realm and writes the credentials back as forte-drop-oidc-credentials in THIS
|
||||
# namespace (~2 min). The forte-helm auth sidecar (auth.type: oidc) consumes that
|
||||
# registrar-created Secret automatically — no manual SealedSecret step needed.
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: keycloak-client-forte-drop
|
||||
namespace: forte-drop
|
||||
labels:
|
||||
keycloak.forteapps.net/client-config: "true"
|
||||
annotations:
|
||||
keycloak.forteapps.net/source-namespace: "forte-drop"
|
||||
stringData:
|
||||
client.json: |
|
||||
{
|
||||
"clientId": "forte-drop",
|
||||
"name": "Forte Drop (web)",
|
||||
"enabled": true,
|
||||
"protocol": "openid-connect",
|
||||
"clientAuthenticatorType": "client-secret",
|
||||
"standardFlowEnabled": true,
|
||||
"directAccessGrantsEnabled": false,
|
||||
"serviceAccountsEnabled": false,
|
||||
"publicClient": false,
|
||||
"redirectUris": ["https://drop-k8s.hackathon.forteapps.net/auth/callback"],
|
||||
"webOrigins": ["https://drop-k8s.hackathon.forteapps.net"],
|
||||
"defaultClientScopes": ["openid","email","profile"],
|
||||
"secret": {
|
||||
"namespace": "forte-drop",
|
||||
"name": "forte-drop-oidc-credentials",
|
||||
"keys": {
|
||||
"clientId": "client-id",
|
||||
"clientSecret": "client-secret"
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user