From 61a8a2b4ac0f410ae0c7d17717ef9962a05eae20 Mon Sep 17 00:00:00 2001 From: Sten Date: Fri, 29 May 2026 12:14:09 +0200 Subject: [PATCH] chore(apps): clarify auth-oidc follow-up (drop commented-out resource line) ai-review: a commented-out resource line reads as GitOps debt. Replace the '# - auth-oidc-sealed.yaml' line with an explicit NOTE explaining it's a deliberate post-deploy step (needs the registrar-generated client-secret), not a disabled resource. --- apps/base/forte-drop/kustomization.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/apps/base/forte-drop/kustomization.yaml b/apps/base/forte-drop/kustomization.yaml index af947b2..83e7172 100644 --- a/apps/base/forte-drop/kustomization.yaml +++ b/apps/base/forte-drop/kustomization.yaml @@ -6,4 +6,8 @@ resources: - keycloak-client-forte-drop.yaml - forte-drop-pdb.yaml - forte-drop-secrets-sealed.yaml -# - auth-oidc-sealed.yaml # added in follow-up commit (after Keycloak registrar creates client_secret) + +# NOTE: the web sidecar's auth-oidc SealedSecret is added in a follow-up commit, +# once the Keycloak registrar has created forte-drop-oidc-credentials post-deploy +# (see PR description for the one-time seal step). It is intentionally NOT a +# resource here yet — sealing it requires the registrar-generated client-secret.