Bump fc-chat image to localhost/fc-chat-web:v20260617-chatfix-54fd549, built
for arm64 on GX10 from Chat master 54fd549 + Common 0a4174d:
- OperatorRouteRedirect bounces ANY unauthorized path to sign-in (was: only
operator/ops-chat prefixes, so /tickets sat on "Redirecting..." forever)
- FcAiChat send button stays clickable as Cancel while generating + closes
the reconnect-recovery gap so it re-enables after a circuit drop
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Pin localhost/fc-intranet-web:v20260617-sec5-intranet-1abdf90 and apply restricted pod/container security contexts plus writable /data, /tmp, and /app/logs mounts.
php.iamworkin.lan returned 404 on every path: the GX10 GitOps capture grabbed
fc-php's deployment/service but NOT its IngressRoute (chicken-egg — php wasn't
routed at capture time), so Traefik matched no route. Pod is 1/1 Running 37h —
the 404 was pure missing-route, confirmed by diffing against the healthy sibling
mysql-web (which has its IngressRoute).
Mirrors the mysql-web / fc-network pattern: a cert-manager Certificate (step-ca-acme
ClusterIssuer) to mint php-web-tls + an IngressRoute Host(php.iamworkin.lan)->php-web:5400.
Additive only.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
