diff --git a/examples/values-dev.yaml b/examples/values-dev.yaml index 3f48a6f..1a4946b 100644 --- a/examples/values-dev.yaml +++ b/examples/values-dev.yaml @@ -63,6 +63,9 @@ workflowEngine: cpu: 50m memory: 128Mi +aiAssistant: + replicaCount: 1 + activityRegistry: replicaCount: 1 diff --git a/examples/values-prod.yaml b/examples/values-prod.yaml index 1998a59..b37c645 100644 --- a/examples/values-prod.yaml +++ b/examples/values-prod.yaml @@ -201,6 +201,16 @@ workflowEngine: hosts: - api.flow.your-domain.com +aiAssistant: + replicaCount: 1 + resources: + limits: + cpu: 250m + memory: 256Mi + requests: + cpu: 50m + memory: 128Mi + activityRegistry: replicaCount: 2 autoscaling: @@ -481,3 +491,19 @@ tls: # Minimum TLS version minVersion: "1.2" + + # Enable mutual TLS for inter-service communication + mtls: + enabled: true + clientCertificateMode: "RequireCertificate" + allowAnonymousHealthChecks: true + + # External client certificate management + externalClients: + enabled: false + clients: [] + # Uncomment and configure to issue certificates for external services: + # - name: "desktop-client" + # commonName: "flow-desktop-client" + # duration: "8760h" + # organization: "Entit AB" diff --git a/examples/values.schema.json b/examples/values.schema.json index cb7c060..3073d26 100644 --- a/examples/values.schema.json +++ b/examples/values.schema.json @@ -229,6 +229,9 @@ } ] }, + "aiAssistant": { + "$ref": "#/definitions/service" + }, "activityRegistry": { "$ref": "#/definitions/service" }, diff --git a/examples/values.yaml b/examples/values.yaml index ff55465..edc9e93 100644 --- a/examples/values.yaml +++ b/examples/values.yaml @@ -288,6 +288,7 @@ global: workflowLogging: "http://{{ .Release.Name }}-workflow-logging.{{ .Release.Namespace }}.svc.cluster.local:80" connectionStore: "http://{{ .Release.Name }}-connection-store.{{ .Release.Namespace }}.svc.cluster.local:80" tenantRegistry: "http://{{ .Release.Name }}-tenant-registry.{{ .Release.Namespace }}.svc.cluster.local:80" + aiAssistant: "http://{{ .Release.Name }}-ai-assistant.{{ .Release.Namespace }}.svc.cluster.local:80" # ============================================================================= # Core Services @@ -572,6 +573,42 @@ connectionStore: extraVolumeMounts: [] extraVolumes: [] +# -- AI Assistant service configuration +aiAssistant: + enabled: true + replicaCount: 1 + + image: + repository: flow/aiassistant + tag: "" + pullPolicy: IfNotPresent + + service: + type: ClusterIP + port: 80 + + resources: + limits: + cpu: 250m + memory: 256Mi + requests: + cpu: 50m + memory: 128Mi + + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 3 + targetCPUUtilizationPercentage: 80 + + nodeSelector: {} + tolerations: [] + affinity: {} + + extraEnv: [] + extraVolumeMounts: [] + extraVolumes: [] + # -- Tenant Registry service configuration tenantRegistry: enabled: true @@ -1696,17 +1733,56 @@ tls: # -- CA organization organization: "Entit AB" + # -- Mutual TLS (mTLS) settings + # When enabled, services require client certificates for inter-service communication. + # This works alongside existing OAuth 2.0 bearer token auth (defense in depth). + mtls: + # -- Require client certificates for inter-service communication + enabled: false + # -- Client certificate validation mode + # RequireCertificate: connections without valid client certs are rejected + # AllowCertificate: client certs are validated if present, but not required + clientCertificateMode: "RequireCertificate" + # -- Allow health check endpoints (/health, /health/ready) without client certificates + # When true, Kestrel listens on port 8080 (HTTP) for health probes in addition to 8443 (HTTPS/mTLS) + allowAnonymousHealthChecks: true + + # -- External client certificate settings + # Allows services outside the cluster (Windows desktop app, Azure-hosted frontend) + # to authenticate via mTLS when connecting to backend services + externalClients: + # -- Enable external client certificate management + enabled: false + # -- Additional trusted CA certificates for validating external client certificates + # If external clients use certificates signed by a different CA, add those CAs here + additionalCaCerts: [] + # -- Secret name containing additional CA certificates (alternative to inline certs) + additionalCaSecret: "" + # -- External client certificate definitions + # Each entry creates a cert-manager Certificate resource signed by the internal CA + clients: [] + # Example: + # - name: "desktop-client" + # commonName: "flow-desktop-client" + # duration: "8760h" # 1 year + # renewBefore: "720h" # 30 days + # organization: "Entit AB" + # - name: "azure-frontend" + # commonName: "flow-azure-frontend" + # duration: "8760h" + # organization: "Entit AB" + # -- Use existing TLS secret (alternative to cert-manager) # This secret must contain tls.crt, tls.key, and ca.crt existingSecret: "" - + # -- Minimum TLS version (1.2 or 1.3) minVersion: "1.2" - + # -- Cipher suites (leave empty for secure defaults) # Recommended for TLS 1.2: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GLM_SHA256 cipherSuites: [] - + # -- Additional DNS names to include in all certificates additionalDnsNames: [] @@ -1718,6 +1794,8 @@ tls: workflowEngine: # -- Additional DNS names for this service's certificate additionalDnsNames: [] + aiAssistant: + additionalDnsNames: [] activityRegistry: additionalDnsNames: [] definitionStore: diff --git a/flow-0.10.1.tgz b/flow-0.10.1.tgz new file mode 100644 index 0000000..036c866 Binary files /dev/null and b/flow-0.10.1.tgz differ diff --git a/index.yaml b/index.yaml index 3ebcac5..78b7550 100644 --- a/index.yaml +++ b/index.yaml @@ -21,7 +21,55 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-17T18:43:02.867068999Z" + created: "2026-03-23T15:07:35.661899878Z" + description: A Helm chart for deploying the Flow workflow engine platform with + SOC2/NIS2 compliance support + digest: a0810efaef2db788c4f377c25bd44fa5aedb1c385231760655423cfadce47576 + home: https://git.kn.entit.eu/EntitAB/Flow + keywords: + - workflow + - automation + - microservices + - dotnet + - rabbitmq + - postgresql + - redis + - soc2 + - nis2 + - compliance + - security + - backup + maintainers: + - name: Entit AB + url: https://entit.se + name: flow + sources: + - https://git.kn.entit.eu/EntitAB/Flow + type: application + urls: + - https://git.kn.entit.eu/EntitAB/Helm-Charts/raw/branch/main/flow-0.10.1.tgz + version: 0.10.1 + - annotations: + category: Workflow Automation + compliance: | + This chart supports SOC2 and NIS2 compliance requirements: + - Network policies for zero-trust networking + - Encrypted backups with configurable retention + - Audit logging with SIEM integration + - TLS for internal communication + - High availability for all infrastructure components + images: | + - name: workflow-engine + image: flow/workflow-engine + - name: postgresql + image: postgres:16-alpine + - name: rabbitmq + image: rabbitmq:3.13-management-alpine + - name: redis + image: redis:7-alpine + apiVersion: v2 + appVersion: latest + created: "2026-03-23T15:07:35.936473896Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: cb61a6b8a9710a67ba182c81cff5628e7b35f01604eb1c9b1bb22cbc594745c9 @@ -69,7 +117,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-17T18:43:02.775731905Z" + created: "2026-03-23T15:07:35.866756685Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: d8f862669db5e2786a05880de6952de473945dd645af5ee233f5584d9b8db6be @@ -117,7 +165,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-17T18:43:02.768734242Z" + created: "2026-03-23T15:07:35.855853866Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: 4db89c3a0c51d99e40e33eeed7c9b43c5a505579944219ec7fc1cc26a6d33ca1 @@ -165,7 +213,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-17T18:43:02.758707289Z" + created: "2026-03-23T15:07:35.844868629Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: f6fe90537c4ad8827abbdabad6ad628dcdd202bc48b3371929559c6bccfd71f5 @@ -213,7 +261,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-17T18:43:02.742639871Z" + created: "2026-03-23T15:07:35.826091384Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: 6cee54664d41af7cefefceac70a7f141753d46a388d0bd27fe8810e73428391a @@ -261,7 +309,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-17T18:43:02.736169154Z" + created: "2026-03-23T15:07:35.81589844Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: b4f3c6bf205a5664c5bf85769ecda0e9bf235115f6e09d5db022dadc87c60f3c @@ -309,7 +357,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-17T18:43:02.727744102Z" + created: "2026-03-23T15:07:35.806307068Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: 74fa58c368e95bb540c05bc50c5897652524a75fe76db7ee71c371d29715691b @@ -357,7 +405,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-17T18:43:02.720350325Z" + created: "2026-03-23T15:07:35.796991207Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: 60cef3943125ca385024b5a1666bd6e3ca3df2965d4cfa32947af8f66da8d137 @@ -405,7 +453,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-17T18:43:02.712729996Z" + created: "2026-03-23T15:07:35.786324946Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: f9f8bc1a12e5c8bccd5d2ffbf67ab584ac86e6156354ff9cefb17043af4965fa @@ -453,7 +501,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-17T18:43:02.706079788Z" + created: "2026-03-23T15:07:35.776965779Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: 79145955a5c79591c263c827b77c3c4a7e245d7c0d727d9af725a780cf2ddf23 @@ -501,7 +549,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-17T18:43:02.699033758Z" + created: "2026-03-23T15:07:35.76764598Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: fc3576aff90b5e0583f8a41ce410cbbbec1f4741e0e642667ff409a1a3f585a5 @@ -549,7 +597,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-17T18:43:02.691892984Z" + created: "2026-03-23T15:07:35.760605629Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: d87e315aca50e32bfc84a563e29895ff316a06f04fe13828fdca10402bfafc99 @@ -597,7 +645,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-17T18:43:02.6853978Z" + created: "2026-03-23T15:07:35.751167495Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: f8a000364fc8ef1ae891db85d99a7ceeb6e82e1d20b91f00126c3f27a93c8a69 @@ -645,7 +693,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-17T18:43:02.676098754Z" + created: "2026-03-23T15:07:35.743482625Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: 166f938bd541d801f3b94287113635d1ed717ecaa87311100a1d0f5c394c58dc @@ -693,7 +741,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-17T18:43:02.858002097Z" + created: "2026-03-23T15:07:35.928438721Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: 78e737cfe7e6ebdf17c31781b75b201512a6372388df328f7dad2c1a78811a38 @@ -741,7 +789,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-17T18:43:02.846874941Z" + created: "2026-03-23T15:07:35.921413216Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: 5c921b121b2af0bf51e905efc4f7c550ba28e23586d647ed1e81a3193855c4ac @@ -789,7 +837,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-17T18:43:02.836516087Z" + created: "2026-03-23T15:07:35.90971911Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: fa0a2037e79a90e75579d5acf7b8529266a2ae36255756115769db52327075d9 @@ -837,7 +885,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-17T18:43:02.827181684Z" + created: "2026-03-23T15:07:35.899017656Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: 9bcd19ab45c0cefe5ede00b0e914a34b06245f858761d7ce586ca309a00f4161 @@ -885,7 +933,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-17T18:43:02.81652222Z" + created: "2026-03-23T15:07:35.889158285Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: 698f8f60438a54a05aa9c6f593198242226e9ffa8f6175effc8d020fff0b7098 @@ -933,7 +981,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-17T18:43:02.806979725Z" + created: "2026-03-23T15:07:35.882344326Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: 4818e69aa28fed61e3610de48e90a9b7bd16022bea0c484c337f32117402b388 @@ -981,7 +1029,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-17T18:43:02.789572701Z" + created: "2026-03-23T15:07:35.873391431Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: 8d00b2616d32f94551db3991bed7afe0694ea465207178c8b2f46d00a61d6395 @@ -1029,7 +1077,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-17T18:43:02.751517666Z" + created: "2026-03-23T15:07:35.836100271Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: 5add702006bef9f8896f57d54f21a8375ce3f846a40fae7376022b6c248bddc6 @@ -1077,7 +1125,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-17T18:43:02.666106772Z" + created: "2026-03-23T15:07:35.734948231Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: bfb8e52b5b531c12222f6cb4abecb3350137082f6ce987ab84088da0a139cd4b @@ -1125,7 +1173,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-17T18:43:02.655771406Z" + created: "2026-03-23T15:07:35.726128402Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: b3d228189c04786f753598682108aea5d91f911ddbb852fefcca97044eb09199 @@ -1173,7 +1221,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-17T18:43:02.647475352Z" + created: "2026-03-23T15:07:35.713196787Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: dfd4b6ce53f7d22fb2a6641fafd693d341e7c23eb591dc0aa3d101e07ecbefa7 @@ -1221,7 +1269,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: latest - created: "2026-03-17T18:43:02.63945129Z" + created: "2026-03-23T15:07:35.700196211Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: ef032ff33fb40cbe10ce4e4ce0ac4f96bb02835e1e31bc01ee87ff62320482b9 @@ -1269,7 +1317,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: 1.0.0 - created: "2026-03-17T18:43:02.629652765Z" + created: "2026-03-23T15:07:35.69089965Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: c11710fcadc0182ba10713467ec5fb77672caabf1c7daddd95802a7940ce38c1 @@ -1317,7 +1365,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: 1.0.0 - created: "2026-03-17T18:43:02.623732203Z" + created: "2026-03-23T15:07:35.683500631Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: 5565963e9fa91c8b0c58fdcd4955e4b038b799f713d21fa0521bebe693233920 @@ -1365,7 +1413,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: 1.0.0 - created: "2026-03-17T18:43:02.61519206Z" + created: "2026-03-23T15:07:35.676360469Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: c74d5574e24dbe56fb5a1ece6213e2a57e4f4c10a2e65464490479aa335255e8 @@ -1413,7 +1461,7 @@ entries: image: redis:7-alpine apiVersion: v2 appVersion: 1.0.0 - created: "2026-03-17T18:43:02.608974638Z" + created: "2026-03-23T15:07:35.668321842Z" description: A Helm chart for deploying the Flow workflow engine platform with SOC2/NIS2 compliance support digest: 75fdf3bef90777328b4247d5881224518cd628418003151dd4f9dc4990e2d6ae @@ -1441,4 +1489,4 @@ entries: urls: - https://git.kn.entit.eu/EntitAB/Helm-Charts/raw/branch/main/flow-0.3.1.tgz version: 0.3.1 -generated: "2026-03-17T18:43:02.601764004Z" +generated: "2026-03-23T15:07:35.65317351Z"