EntitAB/Helm-Charts
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update documentation and example values

Browse Source
This commit is contained in:
Gitea Actions
2025-12-22 11:41:59 +00:00
parent 2c0e27c488
commit 742158d7c9
3 changed files with 327 additions and 324 deletions
Download Patch File Download Diff File Expand all files Collapse all files

381
README.md
View File

@@ -1,6 +1,6 @@
# Flow Helm Chart
A Helm chart for deploying the Flow workflow engine platform to Kubernetes.
A Helm chart for deploying the Flow workflow automation platform to Kubernetes.
## Overview
@@ -9,7 +9,7 @@ Flow is a distributed workflow automation platform consisting of:
- **Core Services**: Workflow Engine, Activity Registry, Definition Store, Workflow Logging, Connection Store, Tenant Registry
- **Frontend**: Blazor WebAssembly web application
- **Activity Services**: 23+ activity implementations for various integrations (HTTP, SQL, Azure, AWS, etc.)
- **Infrastructure**: RabbitMQ for messaging, PostgreSQL/SQL Server for persistence
- **Infrastructure**: RabbitMQ for messaging, PostgreSQL for persistence, Redis for caching (optional)
## Prerequisites
@@ -19,70 +19,47 @@ Flow is a distributed workflow automation platform consisting of:
## Quick Start
### Install from Gitea Helm Repository
The Flow Helm chart is published to the Gitea Package Registry at `https://git.kn.entit.eu`.
### Add the Helm Repository
```bash
# Add the Helm repository (requires authentication for private repos)
helm repo add entit-flow https://git.kn.entit.eu/api/packages/EntitAB/helm \
--username YOUR_GITEA_USERNAME \
--password YOUR_GITEA_TOKEN
# Add the Entit Helm repository
helm repo add entit https://git.kn.entit.eu/EntitAB/Helm-Charts/raw/branch/main
# Update repository cache
helm repo update
# Search for available versions
helm search repo entit-flow/flow --versions
helm search repo entit/flow --versions
```
# Install the chart
helm install flow entit-flow/flow \
### Install the Chart
```bash
# Install with default values
helm install flow entit/flow \
--namespace flow \
--create-namespace
# Install with custom values file
helm install flow entit/flow \
--namespace flow \
--create-namespace \
-f values.yaml
```
### Install from Local Source
### Using Example Values Files
Example values files are available in the `examples/` directory:
```bash
# Add Helm Dependencies
cd helm/flow
helm dependency update
# Download example values for production
curl -O https://git.kn.entit.eu/EntitAB/Helm-Charts/raw/branch/main/examples/values-prod.yaml
# Install for Development
helm install flow ./helm/flow -f ./helm/flow/values-dev.yaml
# Download example values for development
curl -O https://git.kn.entit.eu/EntitAB/Helm-Charts/raw/branch/main/examples/values-dev.yaml
# Install for Production
helm install flow ./helm/flow \
-f ./helm/flow/values-prod.yaml \
--set global.azureAd.tenantId=YOUR_TENANT_ID \
--set global.azureAd.clientId=YOUR_CLIENT_ID \
--set global.azureAd.clientSecret=YOUR_CLIENT_SECRET
```
## Helm Repository Setup
### Using in Kubernetes (from Gitea Registry)
After the chart is published to Gitea, you can install it in any Kubernetes cluster:
```bash
# 1. Add the Gitea Helm repository
helm repo add entit-flow https://git.kn.entit.eu/api/packages/EntitAB/helm \
--username $GITEA_USER \
--password $GITEA_TOKEN
# 2. Update repositories
helm repo update
# 3. Install the chart (development)
helm install flow entit-flow/flow \
--namespace flow \
--create-namespace \
-f values-dev.yaml
# 4. Install the chart (production)
helm install flow entit-flow/flow \
# Install with production values
helm install flow entit/flow \
--namespace flow \
--create-namespace \
-f values-prod.yaml \
@@ -90,136 +67,27 @@ helm install flow entit-flow/flow \
--set global.azureAd.clientId=YOUR_CLIENT_ID
```
### Using with ArgoCD
Create an ArgoCD Application that references the Gitea Helm repository:
```yaml
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: flow
namespace: argocd
spec:
project: default
source:
repoURL: https://git.kn.entit.eu/api/packages/EntitAB/helm
chart: flow
targetRevision: 0.1.0
helm:
valueFiles:
- values-prod.yaml
parameters:
- name: global.azureAd.tenantId
value: YOUR_TENANT_ID
- name: global.azureAd.clientId
value: YOUR_CLIENT_ID
destination:
server: https://kubernetes.default.svc
namespace: flow
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
---
# Repository credentials secret for ArgoCD
apiVersion: v1
kind: Secret
metadata:
name: gitea-helm-repo
namespace: argocd
labels:
argocd.argoproj.io/secret-type: repository
stringData:
type: helm
url: https://git.kn.entit.eu/api/packages/EntitAB/helm
username: YOUR_GITEA_USER
password: YOUR_GITEA_TOKEN
```
### Using with Flux CD
```yaml
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: entit-flow
namespace: flux-system
spec:
interval: 1h
url: https://git.kn.entit.eu/api/packages/EntitAB/helm
secretRef:
name: gitea-helm-auth
---
apiVersion: v1
kind: Secret
metadata:
name: gitea-helm-auth
namespace: flux-system
stringData:
username: YOUR_GITEA_USER
password: YOUR_GITEA_TOKEN
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: flow
namespace: flow
spec:
interval: 5m
chart:
spec:
chart: flow
version: "0.1.0"
sourceRef:
kind: HelmRepository
name: entit-flow
namespace: flux-system
valuesFrom:
- kind: ConfigMap
name: flow-values
valuesKey: values.yaml
```
### Publishing Charts (CI/CD)
The chart is automatically published to Gitea when changes are pushed to the `main` branch. The CI pipeline:
1. Lints and validates the chart
2. Runs unit tests
3. Packages the chart
4. Pushes to Gitea Package Registry at `https://git.kn.entit.eu/api/packages/EntitAB/helm`
To publish manually:
```bash
# Set credentials
export GITEA_USER=your-username
export GITEA_TOKEN=your-token
# Package and push
make push-gitea
```
**Required GitHub Secrets for CI:**
- `GITEA_USER` - Gitea username
- `GITEA_TOKEN` - Gitea personal access token with `write:package` scope
## Configuration
### Global Configuration
| Parameter | Description | Default |
|-----------|-------------|---------|
| `global.imageRegistry` | Container registry for all images | `""` |
| `global.imageRegistry` | Container registry for all images | `cr.kn.entit.eu` |
| `global.imagePullSecrets` | Image pull secrets | `[]` |
| `global.azureAd.enabled` | Enable Azure AD authentication | `true` |
| `global.azureAd.tenantId` | Azure AD tenant ID | `""` |
| `global.azureAd.clientId` | Azure AD application client ID | `""` |
| `global.database.provider` | Database provider (Postgres/SqlServer) | `Postgres` |
| `global.rabbitmq.host` | RabbitMQ host | `{{ .Release.Name }}-rabbitmq` |
### Service URLs
All internal services communicate using full Kubernetes FQDN format:
```
http://<service-name>.<namespace>.svc.cluster.local:<port>
```
This ensures reliable cross-namespace communication when services run in separate pods.
### Core Services
@@ -252,156 +120,73 @@ awsS3Activity:
enabled: false
```
### Database Configuration
## External Managed Services
#### Using Built-in PostgreSQL
For production deployments, use external managed services instead of the built-in infrastructure.
### External PostgreSQL
Supports Azure Database for PostgreSQL, AWS RDS, Google Cloud SQL, and other managed PostgreSQL services.
```yaml
postgresql:
enabled: true
auth:
username: flow
password: your-password
database: flow
```
#### Using External PostgreSQL
```yaml
postgresql:
enabled: false
global:
database:
provider: Postgres
provider: "Postgres"
postgres:
host: your-postgres-host.postgres.database.azure.com
external: true
host: "myserver.postgres.database.azure.com"
port: 5432
database: flow
username: flow
existingSecret: your-db-secret
existingSecretKey: password
```
database: "flow_prod"
username: "flow@myserver" # Azure format: user@server
existingSecret: "flow-db-secret"
existingSecretKey: "postgres-password"
sslMode: "require"
pooling:
minSize: 10
maxSize: 200
#### Using SQL Server
```yaml
postgresql:
enabled: false
global:
database:
provider: SqlServer
sqlServer:
connectionString: "Server=your-server;Database=flow;User Id=flow;Password=xxx;"
enabled: false # Disable built-in PostgreSQL
```
### RabbitMQ Configuration
### External RabbitMQ
#### Using Built-in RabbitMQ
Supports CloudAMQP, Amazon MQ, and self-hosted clusters.
```yaml
rabbitmq:
enabled: true
auth:
username: flow
password: your-password
```
#### Using External RabbitMQ
```yaml
rabbitmq:
enabled: false
global:
rabbitmq:
host: your-rabbitmq-host
username: flow
existingSecret: rabbitmq-secret
existingSecretKey: password
```
## Ingress Configuration
### NGINX Ingress with TLS
```yaml
frontendWeb:
ingress:
enabled: true
className: nginx
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "true"
cert-manager.io/cluster-issuer: letsencrypt-prod
hosts:
- host: flow.example.com
paths:
- path: /
pathType: Prefix
external: true
host: "xyz.rmq.cloudamqp.com"
port: 5672
username: "flow"
existingSecret: "flow-rabbitmq-secret"
existingSecretKey: "rabbitmq-password"
vhost: "/"
tls:
- secretName: flow-tls
hosts:
- flow.example.com
enabled: true
rabbitmq:
enabled: false # Disable built-in RabbitMQ
```
## Security
### External Redis
### Pod Security
Supports Azure Cache for Redis, Amazon ElastiCache, Redis Cloud, and self-hosted Redis.
#### Standalone Mode
```yaml
podSecurityContext:
fsGroup: 1000
runAsNonRoot: true
global:
redis:
enabled: true
external: true
mode: "standalone"
host: "myredis.redis.cache.windows.net"
port: 6380
existingSecret: "flow-redis-secret"
existingSecretKey: "redis-password"
tls:
enabled: true
securityContext:
runAsNonRoot: true
runAsUser: 1000
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
```
### Network Policies
Enable network policies for production:
```yaml
networkPolicy:
enabled: true
```
## Upgrading
```bash
helm upgrade flow ./helm/flow -f values-prod.yaml
```
## Uninstalling
```bash
helm uninstall flow
```
**Note**: This will not delete PVCs. To completely remove data:
```bash
kubectl delete pvc -l app.kubernetes.io/instance=flow
```
## Building Docker Images
Each service has a Dockerfile. Build all images:
```bash
# Build all services
for service in WorkflowEngine ActivityRegistry DefinitionStore WorkflowLogging ConnectionStore TenantRegistry; do
docker build -t niblo/flow-${service}:latest -f $service/Dockerfile .
done
# Push to Docker Hub
for service in WorkflowEngine ActivityRegistry DefinitionStore WorkflowLogging ConnectionStore TenantRegistry; do
docker push niblo/flow-${service}:latest
done
redis:
enabled: false # Disable built-in Redis