Add flow-0.10.14 and update documentation
This commit is contained in:
Gitea Actions
@@ -47,7 +47,7 @@ global:
|
||||
# -- Storage class for persistent volumes
|
||||
storageClass: ""
|
||||
|
||||
# -- Azure AD authentication configuration
|
||||
# -- Azure AD authentication configuration (legacy — kept for dual-auth migration period)
|
||||
azureAd:
|
||||
enabled: true
|
||||
instance: "https://login.microsoftonline.com/"
|
||||
@@ -64,6 +64,39 @@ global:
|
||||
# Must match the audience with /.default suffix
|
||||
scope: ""
|
||||
|
||||
# -- Keycloak authentication configuration
|
||||
# When both keycloak.enabled and azureAd.enabled are true, the system runs in
|
||||
# dual-auth mode — accepting JWTs from either provider during the migration period.
|
||||
keycloak:
|
||||
# -- Enable Keycloak as an identity provider
|
||||
enabled: false
|
||||
# -- Use an external (pre-existing) Keycloak instance instead of deploying one
|
||||
external: false
|
||||
# -- Keycloak base URL (auto-generated for internal deployment, required for external)
|
||||
# For internal: "http://<release>-keycloak:8080" is used automatically
|
||||
# For external: set to the full URL, e.g. "https://auth.example.com"
|
||||
url: ""
|
||||
# -- Keycloak realm name — all Flow users and clients are in this realm
|
||||
realm: "flow"
|
||||
# -- OIDC client ID for the Flow frontend (public client, PKCE)
|
||||
frontendClientId: "flow-frontend"
|
||||
# -- OIDC client ID for backend API services (confidential client)
|
||||
backendClientId: "flow-backend"
|
||||
# -- Backend client secret (ignored if existingSecret is set)
|
||||
backendClientSecret: ""
|
||||
# -- Use existing secret for backend client secret
|
||||
existingSecret: ""
|
||||
# -- Key in existing secret containing the backend client secret
|
||||
existingSecretKey: "keycloak-backend-client-secret"
|
||||
# -- Keycloak admin username (for initial realm setup, only used with internal deployment)
|
||||
adminUsername: "admin"
|
||||
# -- Keycloak admin password (ignored if existingSecret is set, only used with internal deployment)
|
||||
adminPassword: ""
|
||||
# -- Existing secret containing admin password
|
||||
adminExistingSecret: ""
|
||||
# -- Key in the existing secret
|
||||
adminExistingSecretKey: "keycloak-admin-password"
|
||||
|
||||
# -- Ingress/Proxy configuration for services behind reverse proxy or ingress controller
|
||||
# This is required when using SSL-terminating ingress controllers (e.g., NGINX, Traefik)
|
||||
# to ensure OAuth redirect URLs use the correct protocol (https)
|
||||
@@ -1094,6 +1127,81 @@ m365Activity:
|
||||
# Infrastructure Dependencies
|
||||
# =============================================================================
|
||||
|
||||
# -- Keycloak internal deployment configuration
|
||||
# Only used when global.keycloak.enabled=true and global.keycloak.external=false
|
||||
keycloak:
|
||||
# -- Enable internal Keycloak deployment
|
||||
# Set to false when using an external Keycloak instance (global.keycloak.external=true)
|
||||
enabled: true
|
||||
|
||||
image:
|
||||
repository: quay.io/keycloak/keycloak
|
||||
tag: "26.1"
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
# -- Deployment mode: "standalone" for dev, "ha" for production (Infinispan clustering)
|
||||
mode: "standalone"
|
||||
|
||||
# -- Number of replicas (only used when mode=ha)
|
||||
replicaCount: 1
|
||||
|
||||
# -- Keycloak runs in production mode by default (optimised, requires TLS or proxy headers)
|
||||
# Set to "start-dev" for local development without TLS
|
||||
command: "start"
|
||||
|
||||
# -- Keycloak uses the shared Flow PostgreSQL database by default.
|
||||
# A dedicated "keycloak" database is created via an init script.
|
||||
database:
|
||||
# -- Use a separate database instance for Keycloak (set to true for dedicated DB)
|
||||
dedicated: false
|
||||
# -- Database vendor (postgres or dev-mem for ephemeral dev mode)
|
||||
vendor: "postgres"
|
||||
# -- Database name (auto-created in the shared PostgreSQL instance)
|
||||
database: "keycloak"
|
||||
# -- Database username
|
||||
username: "keycloak"
|
||||
# -- Database password (ignored if existingSecret is set)
|
||||
password: ""
|
||||
# -- Use existing secret for password
|
||||
existingSecret: ""
|
||||
existingSecretKey: "keycloak-db-password"
|
||||
# -- Override database host (auto-resolved from shared PostgreSQL if empty)
|
||||
host: ""
|
||||
# -- Override database port
|
||||
port: 0
|
||||
|
||||
# -- Extra environment variables for Keycloak
|
||||
extraEnv: []
|
||||
|
||||
# -- Resource requests and limits
|
||||
resources:
|
||||
limits:
|
||||
cpu: "1000m"
|
||||
memory: "1Gi"
|
||||
requests:
|
||||
cpu: "250m"
|
||||
memory: "512Mi"
|
||||
|
||||
# -- Keycloak HTTP port (internal, before proxy)
|
||||
httpPort: 8080
|
||||
|
||||
# -- Enable health and metrics endpoints
|
||||
health:
|
||||
enabled: true
|
||||
metrics:
|
||||
enabled: true
|
||||
|
||||
# -- Proxy mode — "edge" when behind an SSL-terminating ingress/proxy
|
||||
proxy: "edge"
|
||||
|
||||
# -- Ingress for Keycloak
|
||||
ingress:
|
||||
enabled: false
|
||||
className: ""
|
||||
annotations: {}
|
||||
host: ""
|
||||
tls: []
|
||||
|
||||
# -- PostgreSQL internal deployment configuration
|
||||
# Only used when global.database.postgres.external=false
|
||||
postgresql:
|
||||
|
||||
Reference in New Issue
Block a user