Add flow-0.10.17 and update documentation

2026-04-09 09:55:00 +00:00
parent 2fc8e7c2ca
commit 5be6fe300f
5 changed files with 253 additions and 61 deletions
--- a/examples/values-prod.yaml
+++ b/examples/values-prod.yaml
@@ -38,6 +38,21 @@ global:
    clientSecret: ""  # Set via --set or external secret
    scopes: "access_as_user"
  
+  # ==========================================================================
+  # Keycloak Authentication (alternative or dual-auth with Azure AD)
+  # ==========================================================================
+  # Enable Keycloak to use it as the identity provider instead of or alongside
+  # Azure AD. When both azureAd and keycloak are enabled, dual-auth mode is
+  # active and tokens from either provider are accepted.
+  keycloak:
+    enabled: false  # Set to true to enable Keycloak authentication
+    realm: "flow"
+    frontendClientId: "flow-frontend"
+    backendClientId: "flow-backend"
+    backendClientSecret: ""  # Set via --set or external secret
+    adminUsername: "admin"
+    adminPassword: ""  # Set via --set or external secret
+  
  # ==========================================================================
  # External PostgreSQL (Managed Service)
  # ==========================================================================
@@ -331,7 +346,7 @@ blobStorageActivity:
  enabled: true
  replicaCount: 2

-queueActivity:
+storageQueueActivity:
  enabled: true
  replicaCount: 2

@@ -411,6 +426,64 @@ m365Activity:
  enabled: true
  replicaCount: 1

+rabbitmqActivity:
+  enabled: true
+  replicaCount: 2
+
+kafkaActivity:
+  enabled: true
+  replicaCount: 2
+
+serviceBusActivity:
+  enabled: true
+  replicaCount: 2
+
+# =============================================================================
+# Keycloak - Disabled by default for production (enable via global.keycloak)
+# =============================================================================
+# When global.keycloak.enabled is true, the chart deploys a Keycloak instance.
+# For production, consider using an external managed Keycloak instead:
+#   keycloak:
+#     external: true
+#     host: "keycloak.your-domain.com"
+keycloak:
+  enabled: true
+  command: "start"
+  ingress:
+    enabled: true
+    className: nginx
+    annotations:
+      nginx.ingress.kubernetes.io/ssl-redirect: "true"
+      cert-manager.io/cluster-issuer: letsencrypt-prod
+    hosts:
+      - host: auth.flow.your-domain.com
+        paths:
+          - path: /
+            pathType: Prefix
+    tls:
+      - secretName: flow-keycloak-tls
+        hosts:
+          - auth.flow.your-domain.com
+  resources:
+    limits:
+      cpu: 1000m
+      memory: 1Gi
+    requests:
+      cpu: 250m
+      memory: 512Mi
+
+awsS3Activity:
+  enabled: true
+  replicaCount: 1
+
+awsSqsActivity:
+  enabled: true
+  replicaCount: 1
+
+m365Activity:
+  enabled: true
+  replicaCount: 1
+
 # =============================================================================
 # Infrastructure - Disabled (using external managed services)
 # =============================================================================