Forte/launchpad
6
0
Fork 0
Code Issues Pull Requests Actions Packages Wiki Activity
Files
338b4de3baaf3548e98be4abd09ff944fe18d870
launchpad/apps/base/forte-drop/keycloak-client-forte-drop.yaml
Sten 338b4de3ba
All checks were successful
AI Code Review / ai-review (pull_request) Successful in 5s
Details
refactor(apps): registrar-managed oidc creds, drop mcp client, DRY secret 
Per platform review (danijel):
- keycloak-client-forte-drop: add the secret{} block telling the
  registrar where to write the credential Secret + key names
  (forte-drop-oidc-credentials, client-id/client-secret). The
  forte-helm oidc sidecar consumes that registrar-created Secret —
  no manual auth-oidc SealedSecret step (removed that NOTE).
- Delete keycloak-client-forte-drop-mcp: auth.type: mcp auto-registers
  the MCP client; no manual config needed.
- Re-seal forte-drop-secrets with all shared env (BASE_DOMAIN, PG*,
  S3_*, PASSWORD_GATE_SECRET) so both deployments get identical values
  via envSecretName (values extraEnv now carries only APP_MODE).
2026-05-29 14:05:29 +02:00

39 lines
1.4 KiB
YAML
Raw Blame History

# Labeled config Secret read by the Keycloak Client Registrar. Kyverno clones it
# to the keycloak namespace; a CronJob registers the OIDC client in the forte
# realm and writes the credentials back as forte-drop-oidc-credentials in THIS
# namespace (~2 min). The forte-helm auth sidecar (auth.type: oidc) consumes that
# registrar-created Secret automatically — no manual SealedSecret step needed.
apiVersion: v1
kind: Secret
metadata:
name: keycloak-client-forte-drop
namespace: forte-drop
labels:
keycloak.forteapps.net/client-config: "true"
annotations:
keycloak.forteapps.net/source-namespace: "forte-drop"
stringData:
client.json: |
{
"clientId": "forte-drop",
"name": "Forte Drop (web)",
"enabled": true,
"protocol": "openid-connect",
"clientAuthenticatorType": "client-secret",
"standardFlowEnabled": true,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"publicClient": false,
"redirectUris": ["https://drop-k8s.hackathon.forteapps.net/auth/callback"],
"webOrigins": ["https://drop-k8s.hackathon.forteapps.net"],
"defaultClientScopes": ["openid","email","profile"],
"secret": {
"namespace": "forte-drop",
"name": "forte-drop-oidc-credentials",
"keys": {
"clientId": "client-id",
"clientSecret": "client-secret"
}
}
}
Reference in New Issue View Git Blame Copy Permalink