Update documentation and example values

examples/values-prod.yaml

@@ -0,0 +1,284 @@
+# Production environment values
+# Use with: helm install flow ./helm/flow -f ./helm/flow/values-prod.yaml
+
+global:
+  imageRegistry: "cr.kn.entit.eu"
+  imagePullSecrets:
+    - flow-registry-credentials
+  
+  azureAd:
+    enabled: true
+    instance: "https://login.microsoftonline.com/"
+    domain: "your-domain.com"
+    tenantId: ""  # Set via --set or external secret
+    clientId: ""  # Set via --set or external secret
+    clientSecret: ""  # Set via --set or external secret
+    scopes: "access_as_user"
+  
+  database:
+    provider: "Postgres"
+    postgres:
+      host: "your-postgres-host.postgres.database.azure.com"
+      port: 5432
+      database: "flow_prod"
+      username: "flow@your-postgres-host"
+      existingSecret: "flow-db-secret"
+      existingSecretKey: "postgres-password"
+
+  rabbitmq:
+    host: "your-rabbitmq-host"
+    username: "flow"
+    existingSecret: "flow-rabbitmq-secret"
+    existingSecretKey: "rabbitmq-password"
+
+# Core services - production replicas with autoscaling
+workflowEngine:
+  replicaCount: 3
+  autoscaling:
+    enabled: true
+    minReplicas: 3
+    maxReplicas: 10
+    targetCPUUtilizationPercentage: 70
+  resources:
+    limits:
+      cpu: 1000m
+      memory: 1Gi
+    requests:
+      cpu: 250m
+      memory: 512Mi
+  ingress:
+    enabled: true
+    className: nginx
+    annotations:
+      nginx.ingress.kubernetes.io/ssl-redirect: "true"
+      cert-manager.io/cluster-issuer: letsencrypt-prod
+    hosts:
+      - host: api.flow.your-domain.com
+        paths:
+          - path: /
+            pathType: Prefix
+    tls:
+      - secretName: flow-api-tls
+        hosts:
+          - api.flow.your-domain.com
+
+activityRegistry:
+  replicaCount: 2
+  autoscaling:
+    enabled: true
+    minReplicas: 2
+    maxReplicas: 5
+  resources:
+    limits:
+      cpu: 500m
+      memory: 512Mi
+    requests:
+      cpu: 100m
+      memory: 256Mi
+
+definitionStore:
+  replicaCount: 2
+  autoscaling:
+    enabled: true
+    minReplicas: 2
+    maxReplicas: 5
+  resources:
+    limits:
+      cpu: 500m
+      memory: 512Mi
+    requests:
+      cpu: 100m
+      memory: 256Mi
+
+workflowLogging:
+  replicaCount: 2
+  autoscaling:
+    enabled: true
+    minReplicas: 2
+    maxReplicas: 5
+  resources:
+    limits:
+      cpu: 500m
+      memory: 512Mi
+    requests:
+      cpu: 100m
+      memory: 256Mi
+
+connectionStore:
+  replicaCount: 2
+  resources:
+    limits:
+      cpu: 500m
+      memory: 512Mi
+    requests:
+      cpu: 100m
+      memory: 256Mi
+
+tenantRegistry:
+  replicaCount: 2
+  resources:
+    limits:
+      cpu: 500m
+      memory: 512Mi
+    requests:
+      cpu: 100m
+      memory: 256Mi
+
+frontendWeb:
+  replicaCount: 2
+  autoscaling:
+    enabled: true
+    minReplicas: 2
+    maxReplicas: 5
+  ingress:
+    enabled: true
+    className: nginx
+    annotations:
+      nginx.ingress.kubernetes.io/ssl-redirect: "true"
+      cert-manager.io/cluster-issuer: letsencrypt-prod
+    hosts:
+      - host: flow.your-domain.com
+        paths:
+          - path: /
+            pathType: Prefix
+    tls:
+      - secretName: flow-frontend-tls
+        hosts:
+          - flow.your-domain.com
+
+# Activity services - production resources
+activities:
+  resources:
+    limits:
+      cpu: 500m
+      memory: 512Mi
+    requests:
+      cpu: 100m
+      memory: 256Mi
+
+httpRequestActivity:
+  enabled: true
+  replicaCount: 2
+
+sqlActivity:
+  enabled: true
+  replicaCount: 2
+
+redisActivity:
+  enabled: true
+  replicaCount: 2
+
+blobStorageActivity:
+  enabled: true
+  replicaCount: 2
+
+queueActivity:
+  enabled: true
+  replicaCount: 2
+
+cosmosDbActivity:
+  enabled: true
+  replicaCount: 2
+
+mongoDbActivity:
+  enabled: true
+  replicaCount: 1
+
+emailActivity:
+  enabled: true
+  replicaCount: 2
+
+slackActivity:
+  enabled: true
+  replicaCount: 1
+
+teamsActivity:
+  enabled: true
+  replicaCount: 1
+
+twilioActivity:
+  enabled: true
+  replicaCount: 1
+
+ftpActivity:
+  enabled: true
+  replicaCount: 1
+
+graphqlActivity:
+  enabled: true
+  replicaCount: 1
+
+soapActivity:
+  enabled: true
+  replicaCount: 1
+
+pdfActivity:
+  enabled: true
+  replicaCount: 1
+
+csvActivity:
+  enabled: true
+  replicaCount: 1
+
+excelActivity:
+  enabled: true
+  replicaCount: 1
+
+oauthActivity:
+  enabled: true
+  replicaCount: 1
+
+keyVaultActivity:
+  enabled: true
+  replicaCount: 1
+
+eventHubActivity:
+  enabled: true
+  replicaCount: 2
+
+eventGridActivity:
+  enabled: true
+  replicaCount: 1
+
+awsS3Activity:
+  enabled: true
+  replicaCount: 1
+
+awsSqsActivity:
+  enabled: true
+  replicaCount: 1
+
+# External infrastructure in production (managed services)
+rabbitmq:
+  enabled: false  # Use Azure Service Bus or managed RabbitMQ
+
+postgresql:
+  enabled: false  # Use Azure Database for PostgreSQL
+
+redis:
+  enabled: false  # Use Azure Cache for Redis if needed
+
+# Production security
+podSecurityContext:
+  fsGroup: 1000
+  runAsNonRoot: true
+
+securityContext:
+  runAsNonRoot: true
+  runAsUser: 1000
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+      - ALL
+  readOnlyRootFilesystem: true
+  seccompProfile:
+    type: RuntimeDefault
+
+# Network policies for production
+networkPolicy:
+  enabled: true
+
+# Pod Disruption Budgets
+podDisruptionBudget:
+  enabled: true
+  minAvailable: 1