feat(infra): prestage broader app exposure hardening

2026-06-04 15:55:07 -05:00
parent e1e0159b06
commit 34dda0c99c
22 changed files with 515 additions and 1 deletions
--- a/apps/fc-updater/fc-updater.yaml
+++ b/apps/fc-updater/fc-updater.yaml
@@ -52,6 +52,9 @@ spec:
      app: updatecenter-web
  template:
    metadata:
+      annotations:
+        fc.flowercore.io/healthz-anon: "true"
+        fc.flowercore.io/probe-path: "/healthz"
      labels:
        app: updatecenter-web
    spec:
@@ -63,6 +66,7 @@ spec:
          ports:
            - containerPort: 8080
              name: http
+          # fc-safe-to-expose: X-Forwarded-Proto handled by AddFlowerCoreWebAuth (ADR-178) before any future public/OIDC flip.
          env:
            - name: ASPNETCORE_URLS
              value: http://+:8080