Add flow-0.10.17 and update documentation
This commit is contained in:
Gitea Actions
@@ -119,7 +119,7 @@ redisActivity:
|
||||
blobStorageActivity:
|
||||
enabled: false
|
||||
|
||||
queueActivity:
|
||||
storageQueueActivity:
|
||||
enabled: false
|
||||
|
||||
cosmosDbActivity:
|
||||
@@ -176,6 +176,33 @@ awsS3Activity:
|
||||
awsSqsActivity:
|
||||
enabled: false
|
||||
|
||||
m365Activity:
|
||||
enabled: false
|
||||
|
||||
rabbitmqActivity:
|
||||
enabled: false
|
||||
|
||||
kafkaActivity:
|
||||
enabled: false
|
||||
|
||||
serviceBusActivity:
|
||||
enabled: false
|
||||
|
||||
keyVaultActivity:
|
||||
enabled: false
|
||||
|
||||
eventHubActivity:
|
||||
enabled: false
|
||||
|
||||
eventGridActivity:
|
||||
enabled: false
|
||||
|
||||
awsS3Activity:
|
||||
enabled: false
|
||||
|
||||
awsSqsActivity:
|
||||
enabled: false
|
||||
|
||||
# External infrastructure - not deployed by this chart
|
||||
rabbitmq:
|
||||
enabled: false
|
||||
|
||||
@@ -38,6 +38,21 @@ global:
|
||||
clientSecret: "" # Set via --set or external secret
|
||||
scopes: "access_as_user"
|
||||
|
||||
# ==========================================================================
|
||||
# Keycloak Authentication (alternative or dual-auth with Azure AD)
|
||||
# ==========================================================================
|
||||
# Enable Keycloak to use it as the identity provider instead of or alongside
|
||||
# Azure AD. When both azureAd and keycloak are enabled, dual-auth mode is
|
||||
# active and tokens from either provider are accepted.
|
||||
keycloak:
|
||||
enabled: false # Set to true to enable Keycloak authentication
|
||||
realm: "flow"
|
||||
frontendClientId: "flow-frontend"
|
||||
backendClientId: "flow-backend"
|
||||
backendClientSecret: "" # Set via --set or external secret
|
||||
adminUsername: "admin"
|
||||
adminPassword: "" # Set via --set or external secret
|
||||
|
||||
# ==========================================================================
|
||||
# External PostgreSQL (Managed Service)
|
||||
# ==========================================================================
|
||||
@@ -331,7 +346,7 @@ blobStorageActivity:
|
||||
enabled: true
|
||||
replicaCount: 2
|
||||
|
||||
queueActivity:
|
||||
storageQueueActivity:
|
||||
enabled: true
|
||||
replicaCount: 2
|
||||
|
||||
@@ -411,6 +426,64 @@ m365Activity:
|
||||
enabled: true
|
||||
replicaCount: 1
|
||||
|
||||
rabbitmqActivity:
|
||||
enabled: true
|
||||
replicaCount: 2
|
||||
|
||||
kafkaActivity:
|
||||
enabled: true
|
||||
replicaCount: 2
|
||||
|
||||
serviceBusActivity:
|
||||
enabled: true
|
||||
replicaCount: 2
|
||||
|
||||
# =============================================================================
|
||||
# Keycloak - Disabled by default for production (enable via global.keycloak)
|
||||
# =============================================================================
|
||||
# When global.keycloak.enabled is true, the chart deploys a Keycloak instance.
|
||||
# For production, consider using an external managed Keycloak instead:
|
||||
# keycloak:
|
||||
# external: true
|
||||
# host: "keycloak.your-domain.com"
|
||||
keycloak:
|
||||
enabled: true
|
||||
command: "start"
|
||||
ingress:
|
||||
enabled: true
|
||||
className: nginx
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
||||
cert-manager.io/cluster-issuer: letsencrypt-prod
|
||||
hosts:
|
||||
- host: auth.flow.your-domain.com
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
tls:
|
||||
- secretName: flow-keycloak-tls
|
||||
hosts:
|
||||
- auth.flow.your-domain.com
|
||||
resources:
|
||||
limits:
|
||||
cpu: 1000m
|
||||
memory: 1Gi
|
||||
requests:
|
||||
cpu: 250m
|
||||
memory: 512Mi
|
||||
|
||||
awsS3Activity:
|
||||
enabled: true
|
||||
replicaCount: 1
|
||||
|
||||
awsSqsActivity:
|
||||
enabled: true
|
||||
replicaCount: 1
|
||||
|
||||
m365Activity:
|
||||
enabled: true
|
||||
replicaCount: 1
|
||||
|
||||
# =============================================================================
|
||||
# Infrastructure - Disabled (using external managed services)
|
||||
# =============================================================================
|
||||
|
||||
@@ -67,6 +67,15 @@ global:
|
||||
# -- Keycloak authentication configuration
|
||||
# When both keycloak.enabled and azureAd.enabled are true, the system runs in
|
||||
# dual-auth mode — accepting JWTs from either provider during the migration period.
|
||||
#
|
||||
# DATABASE:
|
||||
# Internal PostgreSQL (default): The chart automatically creates a "keycloak"
|
||||
# database and user in the shared PostgreSQL instance. No manual setup needed.
|
||||
#
|
||||
# External PostgreSQL: You must pre-create the database and user:
|
||||
# CREATE ROLE keycloak WITH LOGIN PASSWORD 'your-password';
|
||||
# CREATE DATABASE keycloak OWNER keycloak;
|
||||
# Then set keycloak.database.host/password below (or use existingSecret).
|
||||
keycloak:
|
||||
# -- Enable Keycloak as an identity provider
|
||||
enabled: false
|
||||
@@ -1129,9 +1138,32 @@ m365Activity:
|
||||
|
||||
# -- Keycloak internal deployment configuration
|
||||
# Only used when global.keycloak.enabled=true and global.keycloak.external=false
|
||||
# ==========================================================================
|
||||
# Keycloak Internal Deployment
|
||||
# ==========================================================================
|
||||
# Controls the Keycloak pod deployed by this chart.
|
||||
# Set keycloak.enabled=false when using an external Keycloak (global.keycloak.external=true).
|
||||
#
|
||||
# DATABASE CONNECTION:
|
||||
# Keycloak needs its own PostgreSQL database. How this works depends on your setup:
|
||||
#
|
||||
# 1. Internal PostgreSQL (postgresql.enabled=true, default):
|
||||
# The chart automatically creates the "keycloak" database, user, and password
|
||||
# inside the shared PostgreSQL instance. Nothing to configure — it just works.
|
||||
#
|
||||
# 2. External PostgreSQL (global.database.postgres.external=true):
|
||||
# Keycloak connects to your external PostgreSQL using the host/port from
|
||||
# global.database.postgres (unless overridden with keycloak.database.host/port).
|
||||
# You MUST pre-create the database and user manually:
|
||||
# CREATE ROLE keycloak WITH LOGIN PASSWORD 'your-password';
|
||||
# CREATE DATABASE keycloak OWNER keycloak;
|
||||
# Then set keycloak.database.password (or existingSecret) to match.
|
||||
#
|
||||
# 3. Dedicated database host for Keycloak:
|
||||
# Set keycloak.database.host to point Keycloak at a different PostgreSQL
|
||||
# instance than the one used by the rest of Flow.
|
||||
keycloak:
|
||||
# -- Enable internal Keycloak deployment
|
||||
# Set to false when using an external Keycloak instance (global.keycloak.external=true)
|
||||
enabled: true
|
||||
|
||||
image:
|
||||
@@ -1149,28 +1181,35 @@ keycloak:
|
||||
# Set to "start-dev" for local development without TLS
|
||||
command: "start"
|
||||
|
||||
# -- Keycloak uses the shared Flow PostgreSQL database by default.
|
||||
# When using the chart's internal PostgreSQL, the keycloak database. user, and
|
||||
# password are created automatically by the PostgreSQL init script.
|
||||
# When using external PostgreSQL, you must pre-create the database and user
|
||||
# and provide the connection details below.
|
||||
# -- Keycloak PostgreSQL database connection
|
||||
# When internal PostgreSQL is used, these are auto-provisioned by the init script.
|
||||
# When external PostgreSQL is used, you must set host and password.
|
||||
database:
|
||||
# -- Use a separate database instance for Keycloak (set to true for dedicated DB)
|
||||
# -- Use a completely separate database instance for Keycloak
|
||||
# When true, the init script does NOT create the keycloak DB in shared PostgreSQL.
|
||||
# You must provide keycloak.database.host pointing to the dedicated instance.
|
||||
dedicated: false
|
||||
# -- Database vendor (postgres or dev-mem for ephemeral dev mode)
|
||||
vendor: "postgres"
|
||||
# -- Database name (auto-created in the shared PostgreSQL instance)
|
||||
# -- Database name
|
||||
database: "keycloak"
|
||||
# -- Database username
|
||||
username: "keycloak"
|
||||
# -- Database password (ignored if existingSecret is set)
|
||||
# -- Database password
|
||||
# For internal PostgreSQL: leave empty to auto-generate. The same password is used
|
||||
# to create the DB role and to connect from Keycloak (stored in the keycloak secret).
|
||||
# For external PostgreSQL: set this to the password of the pre-created role.
|
||||
password: ""
|
||||
# -- Use existing secret for password
|
||||
# -- Use an existing Kubernetes secret for the database password
|
||||
existingSecret: ""
|
||||
existingSecretKey: "keycloak-db-password"
|
||||
# -- Override database host (auto-resolved from shared PostgreSQL if empty)
|
||||
# -- Database host override
|
||||
# Leave empty to auto-resolve:
|
||||
# - Internal PG: uses the chart's PostgreSQL service (e.g. <release>-postgresql-primary)
|
||||
# - External PG: uses global.database.postgres.host
|
||||
# Set explicitly to point Keycloak at a different host.
|
||||
host: ""
|
||||
# -- Override database port
|
||||
# -- Database port override (0 = use the same port as global.database.postgres.port)
|
||||
port: 0
|
||||
|
||||
# -- Extra environment variables for Keycloak
|
||||
@@ -1188,6 +1227,11 @@ keycloak:
|
||||
# -- Keycloak HTTP port (internal, before proxy)
|
||||
httpPort: 8080
|
||||
|
||||
# -- Keycloak management port (health/metrics endpoints)
|
||||
# Since Keycloak 24+, health and metrics are served on a separate management
|
||||
# interface. Default: 9000. Probes must target this port, not httpPort.
|
||||
managementPort: 9000
|
||||
|
||||
# -- Enable health and metrics endpoints
|
||||
health:
|
||||
enabled: true
|
||||
|
||||
Reference in New Issue
Block a user