diff --git a/examples/values.yaml b/examples/values.yaml index 5e337a3..8cd149a 100644 --- a/examples/values.yaml +++ b/examples/values.yaml @@ -47,7 +47,7 @@ global: # -- Storage class for persistent volumes storageClass: "" - # -- Azure AD authentication configuration + # -- Azure AD authentication configuration (legacy — kept for dual-auth migration period) azureAd: enabled: true instance: "https://login.microsoftonline.com/" @@ -64,6 +64,39 @@ global: # Must match the audience with /.default suffix scope: "" + # -- Keycloak authentication configuration + # When both keycloak.enabled and azureAd.enabled are true, the system runs in + # dual-auth mode — accepting JWTs from either provider during the migration period. + keycloak: + # -- Enable Keycloak as an identity provider + enabled: false + # -- Use an external (pre-existing) Keycloak instance instead of deploying one + external: false + # -- Keycloak base URL (auto-generated for internal deployment, required for external) + # For internal: "http://-keycloak:8080" is used automatically + # For external: set to the full URL, e.g. "https://auth.example.com" + url: "" + # -- Keycloak realm name — all Flow users and clients are in this realm + realm: "flow" + # -- OIDC client ID for the Flow frontend (public client, PKCE) + frontendClientId: "flow-frontend" + # -- OIDC client ID for backend API services (confidential client) + backendClientId: "flow-backend" + # -- Backend client secret (ignored if existingSecret is set) + backendClientSecret: "" + # -- Use existing secret for backend client secret + existingSecret: "" + # -- Key in existing secret containing the backend client secret + existingSecretKey: "keycloak-backend-client-secret" + # -- Keycloak admin username (for initial realm setup, only used with internal deployment) + adminUsername: "admin" + # -- Keycloak admin password (ignored if existingSecret is set, only used with internal deployment) + adminPassword: "" + # -- Existing secret containing admin password + adminExistingSecret: "" + # -- Key in the existing secret + adminExistingSecretKey: "keycloak-admin-password" + # -- Ingress/Proxy configuration for services behind reverse proxy or ingress controller # This is required when using SSL-terminating ingress controllers (e.g., NGINX, Traefik) # to ensure OAuth redirect URLs use the correct protocol (https) @@ -1094,6 +1127,81 @@ m365Activity: # Infrastructure Dependencies # ============================================================================= +# -- Keycloak internal deployment configuration +# Only used when global.keycloak.enabled=true and global.keycloak.external=false +keycloak: + # -- Enable internal Keycloak deployment + # Set to false when using an external Keycloak instance (global.keycloak.external=true) + enabled: true + + image: + repository: quay.io/keycloak/keycloak + tag: "26.1" + pullPolicy: IfNotPresent + + # -- Deployment mode: "standalone" for dev, "ha" for production (Infinispan clustering) + mode: "standalone" + + # -- Number of replicas (only used when mode=ha) + replicaCount: 1 + + # -- Keycloak runs in production mode by default (optimised, requires TLS or proxy headers) + # Set to "start-dev" for local development without TLS + command: "start" + + # -- Keycloak uses the shared Flow PostgreSQL database by default. + # A dedicated "keycloak" database is created via an init script. + database: + # -- Use a separate database instance for Keycloak (set to true for dedicated DB) + dedicated: false + # -- Database vendor (postgres or dev-mem for ephemeral dev mode) + vendor: "postgres" + # -- Database name (auto-created in the shared PostgreSQL instance) + database: "keycloak" + # -- Database username + username: "keycloak" + # -- Database password (ignored if existingSecret is set) + password: "" + # -- Use existing secret for password + existingSecret: "" + existingSecretKey: "keycloak-db-password" + # -- Override database host (auto-resolved from shared PostgreSQL if empty) + host: "" + # -- Override database port + port: 0 + + # -- Extra environment variables for Keycloak + extraEnv: [] + + # -- Resource requests and limits + resources: + limits: + cpu: "1000m" + memory: "1Gi" + requests: + cpu: "250m" + memory: "512Mi" + + # -- Keycloak HTTP port (internal, before proxy) + httpPort: 8080 + + # -- Enable health and metrics endpoints + health: + enabled: true + metrics: + enabled: true + + # -- Proxy mode — "edge" when behind an SSL-terminating ingress/proxy + proxy: "edge" + + # -- Ingress for Keycloak + ingress: + enabled: false + className: "" + annotations: {} + host: "" + tls: [] + # -- PostgreSQL internal deployment configuration # Only used when global.database.postgres.external=false postgresql: diff --git a/flow-0.10.14.tgz b/flow-0.10.14.tgz new file mode 100644 index 0000000..a8bdf75 Binary files /dev/null and b/flow-0.10.14.tgz differ diff --git a/index.yaml b/index.yaml index 66d8eea..1acc6c3 100644 --- a/index.yaml +++ b/index.yaml @@ -21,7 +21,55 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-26T16:10:43.345117583Z" + created: "2026-04-08T14:53:52.904073972Z" + description: A Helm chart for deploying the Flow workflow engine platform with + SOC2/NIS2 compliance support + digest: 71841bb3ce7556d0e8ea533d4f56b57890d9cc388654f9d28b74494a415c5848 + home: https://git.kn.entit.eu/EntitAB/Flow + keywords: + - workflow + - automation + - microservices + - dotnet + - rabbitmq + - postgresql + - redis + - soc2 + - nis2 + - compliance + - security + - backup + maintainers: + - name: Entit AB + url: https://entit.se + name: flow + sources: + - https://git.kn.entit.eu/EntitAB/Flow + type: application + urls: + - https://git.kn.entit.eu/EntitAB/Helm-Charts/raw/branch/main/flow-0.10.14.tgz + version: 0.10.14 + - annotations: + category: Workflow Automation + compliance: | + This chart supports SOC2 and NIS2 compliance requirements: + - Network policies for zero-trust networking + - Encrypted backups with configurable retention + - Audit logging with SIEM integration + - TLS for internal communication + - High availability for all infrastructure components + images: | + - name: workflow-engine + image: flow/workflow-engine + - name: postgresql + image: postgres:16-alpine + - name: rabbitmq + image: rabbitmq:3.13-management-alpine + - name: redis + image: redis:7-alpine + apiVersion: v2 + appVersion: latest + created: "2026-04-08T14:53:52.888186486Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: df41a3ef0562c731099ee1be8620bd703a3a785bd6ca129468df2239026a0970 @@ -69,7 +117,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-26T16:10:43.334651706Z" + created: "2026-04-08T14:53:52.871104194Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: 8fb34c031d6ba4b5200375c0daf728f3a28d7ba9d4935e3732a6d4264ebc9aed @@ -117,7 +165,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-26T16:10:43.32616202Z" + created: "2026-04-08T14:53:52.854940849Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: 1952bb7626ea52aa941404c3dfc7cb7f12f57c1cf2d81a91383a06cd4bde9dcb @@ -165,7 +213,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-26T16:10:43.31754579Z" + created: "2026-04-08T14:53:52.842871567Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: 3314e0ba1ec2b5d156a786f8cafd3a41798e4ac083d989698be7ffc0101d7399 @@ -213,7 +261,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-26T16:10:43.423040591Z" + created: "2026-04-08T14:53:53.005967969Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: 0c8685db8bd4bb17f676d2fb32114359984d09059f0a44aaebedb6d0b62ffc7c @@ -261,7 +309,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-26T16:10:43.415087065Z" + created: "2026-04-08T14:53:52.993353708Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: 55d3004291c914f4c746c5ec3ee9e61aa1a4b54575e74c73960247f26b125616 @@ -309,7 +357,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-26T16:10:43.404059041Z" + created: "2026-04-08T14:53:52.980569141Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: 48bf48d2a2a7685fc5769ba4ccabd146ca776a3cdecc323a0f99d5db26522a0a @@ -357,7 +405,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-26T16:10:43.388219847Z" + created: "2026-04-08T14:53:52.968682932Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: 7ddd94720f2c20f97abab17481d68ebedff49f06d15a7a918a9dba707c388339 @@ -405,7 +453,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-26T16:10:43.37866381Z" + created: "2026-04-08T14:53:52.960042625Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: 105f563f05d39ae7f9334ea9685c0979c382ca79a08ec1e5d044d5de0fd12d09 @@ -453,7 +501,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-26T16:10:43.370002414Z" + created: "2026-04-08T14:53:52.944830878Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: 1d96ec58a6734f8b2252dc2c3dd2b8d98ff5f719172e260b76381ad47aab121b @@ -501,7 +549,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-26T16:10:43.360861797Z" + created: "2026-04-08T14:53:52.932257207Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: fab126027bc75451d96e2bb012647f50ef311a2793ee7e794b401523a98419ee @@ -549,7 +597,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-26T16:10:43.352290874Z" + created: "2026-04-08T14:53:52.920180296Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: 95c026ff401fe147f746dd6350782b6e56d0cc5b9ba59bfd9ab56e0c4142b6c3 @@ -597,7 +645,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-26T16:10:43.308886187Z" + created: "2026-04-08T14:53:52.831827973Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: a0810efaef2db788c4f377c25bd44fa5aedb1c385231760655423cfadce47576 @@ -645,7 +693,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-26T16:10:43.675546726Z" + created: "2026-04-08T14:53:53.349845983Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: cb61a6b8a9710a67ba182c81cff5628e7b35f01604eb1c9b1bb22cbc594745c9 @@ -693,7 +741,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-26T16:10:43.608149422Z" + created: "2026-04-08T14:53:53.244505508Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: d8f862669db5e2786a05880de6952de473945dd645af5ee233f5584d9b8db6be @@ -741,7 +789,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-26T16:10:43.593882299Z" + created: "2026-04-08T14:53:53.23193278Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: 4db89c3a0c51d99e40e33eeed7c9b43c5a505579944219ec7fc1cc26a6d33ca1 @@ -789,7 +837,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-26T16:10:43.582253758Z" + created: "2026-04-08T14:53:53.223909875Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: f6fe90537c4ad8827abbdabad6ad628dcdd202bc48b3371929559c6bccfd71f5 @@ -837,7 +885,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-26T16:10:43.562867077Z" + created: "2026-04-08T14:53:53.201558741Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: 6cee54664d41af7cefefceac70a7f141753d46a388d0bd27fe8810e73428391a @@ -885,7 +933,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-26T16:10:43.553181281Z" + created: "2026-04-08T14:53:53.194502787Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: b4f3c6bf205a5664c5bf85769ecda0e9bf235115f6e09d5db022dadc87c60f3c @@ -933,7 +981,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-26T16:10:43.543231225Z" + created: "2026-04-08T14:53:53.182573333Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: 74fa58c368e95bb540c05bc50c5897652524a75fe76db7ee71c371d29715691b @@ -981,7 +1029,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-26T16:10:43.536768891Z" + created: "2026-04-08T14:53:53.168947593Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: 60cef3943125ca385024b5a1666bd6e3ca3df2965d4cfa32947af8f66da8d137 @@ -1029,7 +1077,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-26T16:10:43.527242928Z" + created: "2026-04-08T14:53:53.151590306Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: f9f8bc1a12e5c8bccd5d2ffbf67ab584ac86e6156354ff9cefb17043af4965fa @@ -1077,7 +1125,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-26T16:10:43.518047755Z" + created: "2026-04-08T14:53:53.141719258Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: 79145955a5c79591c263c827b77c3c4a7e245d7c0d727d9af725a780cf2ddf23 @@ -1125,7 +1173,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-26T16:10:43.505909122Z" + created: "2026-04-08T14:53:53.133528509Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: fc3576aff90b5e0583f8a41ce410cbbbec1f4741e0e642667ff409a1a3f585a5 @@ -1173,7 +1221,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-26T16:10:43.497123568Z" + created: "2026-04-08T14:53:53.123649114Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: d87e315aca50e32bfc84a563e29895ff316a06f04fe13828fdca10402bfafc99 @@ -1221,7 +1269,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-26T16:10:43.49123891Z" + created: "2026-04-08T14:53:53.117112455Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: f8a000364fc8ef1ae891db85d99a7ceeb6e82e1d20b91f00126c3f27a93c8a69 @@ -1269,7 +1317,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-26T16:10:43.481648155Z" + created: "2026-04-08T14:53:53.104110926Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: 166f938bd541d801f3b94287113635d1ed717ecaa87311100a1d0f5c394c58dc @@ -1317,7 +1365,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-26T16:10:43.667656525Z" + created: "2026-04-08T14:53:53.339572877Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: 78e737cfe7e6ebdf17c31781b75b201512a6372388df328f7dad2c1a78811a38 @@ -1365,7 +1413,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-26T16:10:43.658989657Z" + created: "2026-04-08T14:53:53.332690514Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: 5c921b121b2af0bf51e905efc4f7c550ba28e23586d647ed1e81a3193855c4ac @@ -1413,7 +1461,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-26T16:10:43.653577197Z" + created: "2026-04-08T14:53:53.319239415Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: fa0a2037e79a90e75579d5acf7b8529266a2ae36255756115769db52327075d9 @@ -1461,7 +1509,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-26T16:10:43.645813068Z" + created: "2026-04-08T14:53:53.298797173Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: 9bcd19ab45c0cefe5ede00b0e914a34b06245f858761d7ce586ca309a00f4161 @@ -1509,7 +1557,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-26T16:10:43.638544858Z" + created: "2026-04-08T14:53:53.288178413Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: 698f8f60438a54a05aa9c6f593198242226e9ffa8f6175effc8d020fff0b7098 @@ -1557,7 +1605,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-26T16:10:43.629612978Z" + created: "2026-04-08T14:53:53.268475874Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: 4818e69aa28fed61e3610de48e90a9b7bd16022bea0c484c337f32117402b388 @@ -1605,7 +1653,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-26T16:10:43.621069728Z" + created: "2026-04-08T14:53:53.251772934Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: 8d00b2616d32f94551db3991bed7afe0694ea465207178c8b2f46d00a61d6395 @@ -1653,7 +1701,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-26T16:10:43.570120307Z" + created: "2026-04-08T14:53:53.214840507Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: 5add702006bef9f8896f57d54f21a8375ce3f846a40fae7376022b6c248bddc6 @@ -1701,7 +1749,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-26T16:10:43.475655531Z" + created: "2026-04-08T14:53:53.097978511Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: bfb8e52b5b531c12222f6cb4abecb3350137082f6ce987ab84088da0a139cd4b @@ -1749,7 +1797,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-26T16:10:43.468954961Z" + created: "2026-04-08T14:53:53.085207509Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: b3d228189c04786f753598682108aea5d91f911ddbb852fefcca97044eb09199 @@ -1797,7 +1845,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-26T16:10:43.461725502Z" + created: "2026-04-08T14:53:53.075748755Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: dfd4b6ce53f7d22fb2a6641fafd693d341e7c23eb591dc0aa3d101e07ecbefa7 @@ -1845,7 +1893,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-26T16:10:43.456484903Z" + created: "2026-04-08T14:53:53.068457787Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: ef032ff33fb40cbe10ce4e4ce0ac4f96bb02835e1e31bc01ee87ff62320482b9 @@ -1893,7 +1941,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: 1.0.0 - created: "2026-03-26T16:10:43.448342374Z" + created: "2026-04-08T14:53:53.061999328Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: c11710fcadc0182ba10713467ec5fb77672caabf1c7daddd95802a7940ce38c1 @@ -1941,7 +1989,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: 1.0.0 - created: "2026-03-26T16:10:43.443076729Z" + created: "2026-04-08T14:53:53.050494985Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: 5565963e9fa91c8b0c58fdcd4955e4b038b799f713d21fa0521bebe693233920 @@ -1989,7 +2037,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: 1.0.0 - created: "2026-03-26T16:10:43.437226335Z" + created: "2026-04-08T14:53:53.043369532Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: c74d5574e24dbe56fb5a1ece6213e2a57e4f4c10a2e65464490479aa335255e8 @@ -2037,7 +2085,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: 1.0.0 - created: "2026-03-26T16:10:43.428580977Z" + created: "2026-04-08T14:53:53.032552155Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: 75fdf3bef90777328b4247d5881224518cd628418003151dd4f9dc4990e2d6ae @@ -2065,4 +2113,4 @@ entries: urls: - https://git.kn.entit.eu/EntitAB/Helm-Charts/raw/branch/main/flow-0.3.1.tgz version: 0.3.1 -generated: "2026-03-26T16:10:43.302625559Z" +generated: "2026-04-08T14:53:52.812919328Z"