feat(infra): prestage broader app exposure hardening

2026-06-04 15:55:07 -05:00
parent e1e0159b06
commit 34dda0c99c
22 changed files with 515 additions and 1 deletions
--- a/apps/fc-devicemgmt/deployment-web.yaml
+++ b/apps/fc-devicemgmt/deployment-web.yaml
@@ -52,6 +52,8 @@ spec:
        flowercore.io/tenant-id: system
        flowercore.io/created-by: bluejay-infra
      annotations:
+        fc.flowercore.io/healthz-anon: "true"
+        fc.flowercore.io/probe-path: "/healthz"
        prometheus.io/scrape: "true"
        prometheus.io/port: "8080"
        prometheus.io/path: "/metrics"
@@ -67,6 +69,7 @@ spec:
          ports:
            - name: http
              containerPort: 8080
+          # fc-safe-to-expose: X-Forwarded-Proto handled by AddFlowerCoreWebAuth (ADR-178) before any future public/OIDC flip.
          env:
            - name: ASPNETCORE_URLS
              value: "http://+:8080"