feat(infra): prestage broader app exposure hardening

2026-06-04 15:55:07 -05:00
parent 417d3830ae
commit c4b08f41ab
22 changed files with 515 additions and 1 deletions
--- a/apps/fc-chat/fc-chat.yaml
+++ b/apps/fc-chat/fc-chat.yaml
@@ -112,6 +112,8 @@ spec:
        app.kubernetes.io/name: chat-web
        app.kubernetes.io/part-of: flowercore
      annotations:
+        fc.flowercore.io/healthz-anon: "true"
+        fc.flowercore.io/probe-path: "/healthz"
        prometheus.io/scrape: "true"
        prometheus.io/port: "8080"
        prometheus.io/path: "/metrics/prometheus"
@@ -128,6 +130,7 @@ spec:
          ports:
            - name: http
              containerPort: 8080
+          # fc-safe-to-expose: X-Forwarded-Proto handled by AddFlowerCoreWebAuth (ADR-178) before any future public/OIDC flip.
          envFrom:
            - configMapRef:
                name: chat-web-config