Compare commits
1 Commits
2a66109f13
...
codex/s57-
| Author | SHA1 | Date | |
|---|---|---|---|
|
308235e4fe |
@@ -74,6 +74,14 @@ metadata:
|
||||
spec:
|
||||
itemPath: "vaults/IAmWorkin/items/FlowerCore Edition Signing Key - edition:aistation-field"
|
||||
---
|
||||
apiVersion: onepassword.com/v1
|
||||
kind: OnePasswordItem
|
||||
metadata:
|
||||
name: distribution-oidc-client
|
||||
namespace: fc-distribution
|
||||
spec:
|
||||
itemPath: "vaults/IAmWorkin/items/distribution-oidc-client"
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
@@ -130,6 +138,30 @@ spec:
|
||||
value: "Production"
|
||||
- name: DOTNET_SYSTEM_GLOBALIZATION_INVARIANT
|
||||
value: "false"
|
||||
- name: FlowerCore__Auth__Enabled
|
||||
value: "true"
|
||||
- name: FlowerCore__Auth__Oidc__Enabled
|
||||
value: "true"
|
||||
- name: FlowerCore__Auth__Oidc__Authority
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: distribution-oidc-client
|
||||
key: issuer_url
|
||||
optional: true
|
||||
- name: FlowerCore__Auth__Oidc__Audience
|
||||
value: "distribution"
|
||||
- name: FlowerCore__Auth__Oidc__ClientId
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: distribution-oidc-client
|
||||
key: client_id
|
||||
optional: true
|
||||
- name: FlowerCore__Auth__Oidc__ClientSecret
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: distribution-oidc-client
|
||||
key: client_secret
|
||||
optional: true
|
||||
# SQLite connection (catalog + data-protection keys via FlowerCoreDbContext).
|
||||
# Read by Data/DatabaseProviderExtensions.cs in precedence order; Sqlite key wins.
|
||||
- name: FlowerCore__Database__Provider
|
||||
|
||||
@@ -51,6 +51,14 @@ metadata:
|
||||
spec:
|
||||
itemPath: "vaults/IAmWorkin/items/FlowerCore Knowledge MCP Tokens"
|
||||
---
|
||||
apiVersion: onepassword.com/v1
|
||||
kind: OnePasswordItem
|
||||
metadata:
|
||||
name: knowledge-oidc-client
|
||||
namespace: knowledge
|
||||
spec:
|
||||
itemPath: "vaults/IAmWorkin/items/knowledge-oidc-client"
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
@@ -124,24 +132,37 @@ spec:
|
||||
- name: DOTNET_SYSTEM_GLOBALIZATION_INVARIANT
|
||||
value: "false"
|
||||
# AuthentiK/OIDC is wired but not enforced until the
|
||||
# knowledge-oidc-client Secret is provisioned and
|
||||
# FlowerCore__Auth__Enabled is flipped to true.
|
||||
# knowledge-oidc-client Secret is provisioned. Service-to-service
|
||||
# RAG keeps the existing MCP token as FlowerCore:Auth:ApiKey.
|
||||
- name: FlowerCore__Auth__Enabled
|
||||
value: "false"
|
||||
value: "true"
|
||||
- name: FlowerCore__Auth__Oidc__Enabled
|
||||
value: "true"
|
||||
- name: FlowerCore__Auth__Oidc__Authority
|
||||
value: "https://id.iamworkin.lan/application/o/knowledge/"
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: knowledge-oidc-client
|
||||
key: issuer_url
|
||||
optional: true
|
||||
- name: FlowerCore__Auth__Oidc__Audience
|
||||
value: "knowledge"
|
||||
- name: FlowerCore__Auth__Oidc__ClientId
|
||||
value: "knowledge"
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: knowledge-oidc-client
|
||||
key: client_id
|
||||
optional: true
|
||||
- name: FlowerCore__Auth__Oidc__ClientSecret
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: knowledge-oidc-client
|
||||
key: client_secret
|
||||
optional: true
|
||||
- name: FlowerCore__Auth__ApiKey
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: knowledge-mcp-tokens
|
||||
key: password
|
||||
# Vector-store directory + embedding model + edition profile dir.
|
||||
# Profile JSON is baked into the image at /home/app/editions via the
|
||||
# csproj Content-link from FlowerCore.Common/editions/.
|
||||
|
||||
Reference in New Issue
Block a user