apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- forte-drop-mcp.yaml
- keycloak-client-forte-drop-mcp.yaml
# Note: no auth-oidc Secret needed for type: mcp. The MCP sidecar only validates
# tokens against the OIDC issuer (RFC 9728 resource server) and never authenticates
# itself, so it doesn't read a client-secret. forte-drop-secrets (shared with the
# web deployment) covers PG + S3 creds.