EntitAB/Helm-Charts
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add flow-0.10.1 and update documentation

Browse Source
This commit is contained in:
Gitea Actions
2026-03-23 15:07:36 +00:00
parent 64e6b5d7eb
commit d1aae8814d
6 changed files with 192 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

84
examples/values.yaml
View File

@@ -288,6 +288,7 @@ global:
workflowLogging: "http://{{ .Release.Name }}-workflow-logging.{{ .Release.Namespace }}.svc.cluster.local:80"
connectionStore: "http://{{ .Release.Name }}-connection-store.{{ .Release.Namespace }}.svc.cluster.local:80"
tenantRegistry: "http://{{ .Release.Name }}-tenant-registry.{{ .Release.Namespace }}.svc.cluster.local:80"
aiAssistant: "http://{{ .Release.Name }}-ai-assistant.{{ .Release.Namespace }}.svc.cluster.local:80"
# =============================================================================
# Core Services
@@ -572,6 +573,42 @@ connectionStore:
extraVolumeMounts: []
extraVolumes: []
# -- AI Assistant service configuration
aiAssistant:
enabled: true
replicaCount: 1
image:
repository: flow/aiassistant
tag: ""
pullPolicy: IfNotPresent
service:
type: ClusterIP
port: 80
resources:
limits:
cpu: 250m
memory: 256Mi
requests:
cpu: 50m
memory: 128Mi
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 3
targetCPUUtilizationPercentage: 80
nodeSelector: {}
tolerations: []
affinity: {}
extraEnv: []
extraVolumeMounts: []
extraVolumes: []
# -- Tenant Registry service configuration
tenantRegistry:
enabled: true
@@ -1696,17 +1733,56 @@ tls:
# -- CA organization
organization: "Entit AB"
# -- Mutual TLS (mTLS) settings
# When enabled, services require client certificates for inter-service communication.
# This works alongside existing OAuth 2.0 bearer token auth (defense in depth).
mtls:
# -- Require client certificates for inter-service communication
enabled: false
# -- Client certificate validation mode
# RequireCertificate: connections without valid client certs are rejected
# AllowCertificate: client certs are validated if present, but not required
clientCertificateMode: "RequireCertificate"
# -- Allow health check endpoints (/health, /health/ready) without client certificates
# When true, Kestrel listens on port 8080 (HTTP) for health probes in addition to 8443 (HTTPS/mTLS)
allowAnonymousHealthChecks: true
# -- External client certificate settings
# Allows services outside the cluster (Windows desktop app, Azure-hosted frontend)
# to authenticate via mTLS when connecting to backend services
externalClients:
# -- Enable external client certificate management
enabled: false
# -- Additional trusted CA certificates for validating external client certificates
# If external clients use certificates signed by a different CA, add those CAs here
additionalCaCerts: []
# -- Secret name containing additional CA certificates (alternative to inline certs)
additionalCaSecret: ""
# -- External client certificate definitions
# Each entry creates a cert-manager Certificate resource signed by the internal CA
clients: []
# Example:
# - name: "desktop-client"
# commonName: "flow-desktop-client"
# duration: "8760h" # 1 year
# renewBefore: "720h" # 30 days
# organization: "Entit AB"
# - name: "azure-frontend"
# commonName: "flow-azure-frontend"
# duration: "8760h"
# organization: "Entit AB"
# -- Use existing TLS secret (alternative to cert-manager)
# This secret must contain tls.crt, tls.key, and ca.crt
existingSecret: ""
# -- Minimum TLS version (1.2 or 1.3)
minVersion: "1.2"
# -- Cipher suites (leave empty for secure defaults)
# Recommended for TLS 1.2: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GLM_SHA256
cipherSuites: []
# -- Additional DNS names to include in all certificates
additionalDnsNames: []
@@ -1718,6 +1794,8 @@ tls:
workflowEngine:
# -- Additional DNS names for this service's certificate
additionalDnsNames: []
aiAssistant:
additionalDnsNames: []
activityRegistry:
additionalDnsNames: []
definitionStore: