Add flow-0.10.17 and update documentation
This commit is contained in:
Gitea Actions
@@ -67,6 +67,15 @@ global:
|
||||
# -- Keycloak authentication configuration
|
||||
# When both keycloak.enabled and azureAd.enabled are true, the system runs in
|
||||
# dual-auth mode — accepting JWTs from either provider during the migration period.
|
||||
#
|
||||
# DATABASE:
|
||||
# Internal PostgreSQL (default): The chart automatically creates a "keycloak"
|
||||
# database and user in the shared PostgreSQL instance. No manual setup needed.
|
||||
#
|
||||
# External PostgreSQL: You must pre-create the database and user:
|
||||
# CREATE ROLE keycloak WITH LOGIN PASSWORD 'your-password';
|
||||
# CREATE DATABASE keycloak OWNER keycloak;
|
||||
# Then set keycloak.database.host/password below (or use existingSecret).
|
||||
keycloak:
|
||||
# -- Enable Keycloak as an identity provider
|
||||
enabled: false
|
||||
@@ -1129,9 +1138,32 @@ m365Activity:
|
||||
|
||||
# -- Keycloak internal deployment configuration
|
||||
# Only used when global.keycloak.enabled=true and global.keycloak.external=false
|
||||
# ==========================================================================
|
||||
# Keycloak Internal Deployment
|
||||
# ==========================================================================
|
||||
# Controls the Keycloak pod deployed by this chart.
|
||||
# Set keycloak.enabled=false when using an external Keycloak (global.keycloak.external=true).
|
||||
#
|
||||
# DATABASE CONNECTION:
|
||||
# Keycloak needs its own PostgreSQL database. How this works depends on your setup:
|
||||
#
|
||||
# 1. Internal PostgreSQL (postgresql.enabled=true, default):
|
||||
# The chart automatically creates the "keycloak" database, user, and password
|
||||
# inside the shared PostgreSQL instance. Nothing to configure — it just works.
|
||||
#
|
||||
# 2. External PostgreSQL (global.database.postgres.external=true):
|
||||
# Keycloak connects to your external PostgreSQL using the host/port from
|
||||
# global.database.postgres (unless overridden with keycloak.database.host/port).
|
||||
# You MUST pre-create the database and user manually:
|
||||
# CREATE ROLE keycloak WITH LOGIN PASSWORD 'your-password';
|
||||
# CREATE DATABASE keycloak OWNER keycloak;
|
||||
# Then set keycloak.database.password (or existingSecret) to match.
|
||||
#
|
||||
# 3. Dedicated database host for Keycloak:
|
||||
# Set keycloak.database.host to point Keycloak at a different PostgreSQL
|
||||
# instance than the one used by the rest of Flow.
|
||||
keycloak:
|
||||
# -- Enable internal Keycloak deployment
|
||||
# Set to false when using an external Keycloak instance (global.keycloak.external=true)
|
||||
enabled: true
|
||||
|
||||
image:
|
||||
@@ -1149,28 +1181,35 @@ keycloak:
|
||||
# Set to "start-dev" for local development without TLS
|
||||
command: "start"
|
||||
|
||||
# -- Keycloak uses the shared Flow PostgreSQL database by default.
|
||||
# When using the chart's internal PostgreSQL, the keycloak database. user, and
|
||||
# password are created automatically by the PostgreSQL init script.
|
||||
# When using external PostgreSQL, you must pre-create the database and user
|
||||
# and provide the connection details below.
|
||||
# -- Keycloak PostgreSQL database connection
|
||||
# When internal PostgreSQL is used, these are auto-provisioned by the init script.
|
||||
# When external PostgreSQL is used, you must set host and password.
|
||||
database:
|
||||
# -- Use a separate database instance for Keycloak (set to true for dedicated DB)
|
||||
# -- Use a completely separate database instance for Keycloak
|
||||
# When true, the init script does NOT create the keycloak DB in shared PostgreSQL.
|
||||
# You must provide keycloak.database.host pointing to the dedicated instance.
|
||||
dedicated: false
|
||||
# -- Database vendor (postgres or dev-mem for ephemeral dev mode)
|
||||
vendor: "postgres"
|
||||
# -- Database name (auto-created in the shared PostgreSQL instance)
|
||||
# -- Database name
|
||||
database: "keycloak"
|
||||
# -- Database username
|
||||
username: "keycloak"
|
||||
# -- Database password (ignored if existingSecret is set)
|
||||
# -- Database password
|
||||
# For internal PostgreSQL: leave empty to auto-generate. The same password is used
|
||||
# to create the DB role and to connect from Keycloak (stored in the keycloak secret).
|
||||
# For external PostgreSQL: set this to the password of the pre-created role.
|
||||
password: ""
|
||||
# -- Use existing secret for password
|
||||
# -- Use an existing Kubernetes secret for the database password
|
||||
existingSecret: ""
|
||||
existingSecretKey: "keycloak-db-password"
|
||||
# -- Override database host (auto-resolved from shared PostgreSQL if empty)
|
||||
# -- Database host override
|
||||
# Leave empty to auto-resolve:
|
||||
# - Internal PG: uses the chart's PostgreSQL service (e.g. <release>-postgresql-primary)
|
||||
# - External PG: uses global.database.postgres.host
|
||||
# Set explicitly to point Keycloak at a different host.
|
||||
host: ""
|
||||
# -- Override database port
|
||||
# -- Database port override (0 = use the same port as global.database.postgres.port)
|
||||
port: 0
|
||||
|
||||
# -- Extra environment variables for Keycloak
|
||||
@@ -1188,6 +1227,11 @@ keycloak:
|
||||
# -- Keycloak HTTP port (internal, before proxy)
|
||||
httpPort: 8080
|
||||
|
||||
# -- Keycloak management port (health/metrics endpoints)
|
||||
# Since Keycloak 24+, health and metrics are served on a separate management
|
||||
# interface. Default: 9000. Probes must target this port, not httpPort.
|
||||
managementPort: 9000
|
||||
|
||||
# -- Enable health and metrics endpoints
|
||||
health:
|
||||
enabled: true
|
||||
|
||||
Reference in New Issue
Block a user