diff --git a/apps/fc-devicemgmt/deployment-operator.yaml b/apps/fc-devicemgmt/deployment-operator.yaml index a4ec080..56e594d 100644 --- a/apps/fc-devicemgmt/deployment-operator.yaml +++ b/apps/fc-devicemgmt/deployment-operator.yaml @@ -47,7 +47,7 @@ spec: fsGroupChangePolicy: OnRootMismatch containers: - name: operator - image: localhost/fc-devicemgmt-operator:v20260512-cx5 + image: localhost/fc-devicemgmt-operator:v20260519-sp34cl3-fix imagePullPolicy: Never ports: - name: metrics diff --git a/apps/fc-devicemgmt/deployment-web.yaml b/apps/fc-devicemgmt/deployment-web.yaml index 41651cb..a8caffd 100644 --- a/apps/fc-devicemgmt/deployment-web.yaml +++ b/apps/fc-devicemgmt/deployment-web.yaml @@ -4,6 +4,22 @@ # Sprint 9+ lane. This manifest is static-valid without requiring the image to # exist yet; import localhost/fc-devicemgmt-web: to all schedulable RKE2 # nodes before letting ArgoCD sync a live rollout. +# +# SCALED TO 0 — 2026-05-19 morning-routine cleanup. +# The Web pod cannot start until TWO upstream gaps close: +# 1. MySQL DB instance `flowercore_devicemgmt` (user `fc_devicemgmt`) is +# provisioned via fc-mysql Manager. The cluster currently has ZERO +# MySqlInstanceCrds and no `mysql.fc-mysql.svc:3306` Service, so the +# deployment-web container env `FlowerCore__Database__Host=mysql.fc-mysql.svc` +# points at nothing. Provision via the fc-mysql Manager UI/REST/MCP. +# 2. 1Password vault item `IAmWorkin/FlowerCore DeviceManagement Runtime` +# with 5 fields (DB-Password, mtls-ca.pem, mtls-client.crt, mtls-client.key, +# mtls-chain.pem) — see apps/fc-devicemgmt/1password-item.yaml. Mint mTLS +# from step-ca-agent ClusterIssuer per ADR-126; DB-Password must match the +# password configured for the MySQL user. +# Re-enable: change replicas back to 2 after both gaps close. The image tag +# in this file (v20260512-cx5) MAY also need a refresh — it predates the +# Sprint 34 Cl-3 operator fix; Web may have an analogous bug. apiVersion: apps/v1 kind: Deployment metadata: @@ -20,7 +36,7 @@ metadata: annotations: flowercore.io/traceability-standard: k8s-pod-ownership-and-traceability-standard spec: - replicas: 2 + replicas: 0 revisionHistoryLimit: 3 selector: matchLabels: