# Production environment values
# Use with: helm install flow ./helm/flow -f ./helm/flow/values-prod.yaml

global:
  imageRegistry: "cr.kn.entit.eu"
  imagePullSecrets:
    - flow-registry-credentials
  
  azureAd:
    enabled: true
    instance: "https://login.microsoftonline.com/"
    domain: "your-domain.com"
    tenantId: ""  # Set via --set or external secret
    clientId: ""  # Set via --set or external secret
    clientSecret: ""  # Set via --set or external secret
    scopes: "access_as_user"
  
  database:
    provider: "Postgres"
    postgres:
      host: "your-postgres-host.postgres.database.azure.com"
      port: 5432
      database: "flow_prod"
      username: "flow@your-postgres-host"
      existingSecret: "flow-db-secret"
      existingSecretKey: "postgres-password"

  rabbitmq:
    host: "your-rabbitmq-host"
    username: "flow"
    existingSecret: "flow-rabbitmq-secret"
    existingSecretKey: "rabbitmq-password"

# Core services - production replicas with autoscaling
workflowEngine:
  replicaCount: 3
  autoscaling:
    enabled: true
    minReplicas: 3
    maxReplicas: 10
    targetCPUUtilizationPercentage: 70
  resources:
    limits:
      cpu: 1000m
      memory: 1Gi
    requests:
      cpu: 250m
      memory: 512Mi
  ingress:
    enabled: true
    className: nginx
    annotations:
      nginx.ingress.kubernetes.io/ssl-redirect: "true"
      cert-manager.io/cluster-issuer: letsencrypt-prod
    hosts:
      - host: api.flow.your-domain.com
        paths:
          - path: /
            pathType: Prefix
    tls:
      - secretName: flow-api-tls
        hosts:
          - api.flow.your-domain.com

activityRegistry:
  replicaCount: 2
  autoscaling:
    enabled: true
    minReplicas: 2
    maxReplicas: 5
  resources:
    limits:
      cpu: 500m
      memory: 512Mi
    requests:
      cpu: 100m
      memory: 256Mi

definitionStore:
  replicaCount: 2
  autoscaling:
    enabled: true
    minReplicas: 2
    maxReplicas: 5
  resources:
    limits:
      cpu: 500m
      memory: 512Mi
    requests:
      cpu: 100m
      memory: 256Mi

workflowLogging:
  replicaCount: 2
  autoscaling:
    enabled: true
    minReplicas: 2
    maxReplicas: 5
  resources:
    limits:
      cpu: 500m
      memory: 512Mi
    requests:
      cpu: 100m
      memory: 256Mi

connectionStore:
  replicaCount: 2
  resources:
    limits:
      cpu: 500m
      memory: 512Mi
    requests:
      cpu: 100m
      memory: 256Mi

tenantRegistry:
  replicaCount: 2
  resources:
    limits:
      cpu: 500m
      memory: 512Mi
    requests:
      cpu: 100m
      memory: 256Mi

frontendWeb:
  replicaCount: 2
  autoscaling:
    enabled: true
    minReplicas: 2
    maxReplicas: 5
  ingress:
    enabled: true
    className: nginx
    annotations:
      nginx.ingress.kubernetes.io/ssl-redirect: "true"
      cert-manager.io/cluster-issuer: letsencrypt-prod
    hosts:
      - host: flow.your-domain.com
        paths:
          - path: /
            pathType: Prefix
    tls:
      - secretName: flow-frontend-tls
        hosts:
          - flow.your-domain.com

# Activity services - production resources
activities:
  resources:
    limits:
      cpu: 500m
      memory: 512Mi
    requests:
      cpu: 100m
      memory: 256Mi

httpRequestActivity:
  enabled: true
  replicaCount: 2

sqlActivity:
  enabled: true
  replicaCount: 2

redisActivity:
  enabled: true
  replicaCount: 2

blobStorageActivity:
  enabled: true
  replicaCount: 2

queueActivity:
  enabled: true
  replicaCount: 2

cosmosDbActivity:
  enabled: true
  replicaCount: 2

mongoDbActivity:
  enabled: true
  replicaCount: 1

emailActivity:
  enabled: true
  replicaCount: 2

slackActivity:
  enabled: true
  replicaCount: 1

teamsActivity:
  enabled: true
  replicaCount: 1

twilioActivity:
  enabled: true
  replicaCount: 1

ftpActivity:
  enabled: true
  replicaCount: 1

graphqlActivity:
  enabled: true
  replicaCount: 1

soapActivity:
  enabled: true
  replicaCount: 1

pdfActivity:
  enabled: true
  replicaCount: 1

csvActivity:
  enabled: true
  replicaCount: 1

excelActivity:
  enabled: true
  replicaCount: 1

oauthActivity:
  enabled: true
  replicaCount: 1

keyVaultActivity:
  enabled: true
  replicaCount: 1

eventHubActivity:
  enabled: true
  replicaCount: 2

eventGridActivity:
  enabled: true
  replicaCount: 1

awsS3Activity:
  enabled: true
  replicaCount: 1

awsSqsActivity:
  enabled: true
  replicaCount: 1

# External infrastructure in production (managed services)
rabbitmq:
  enabled: false  # Use Azure Service Bus or managed RabbitMQ

postgresql:
  enabled: false  # Use Azure Database for PostgreSQL

redis:
  enabled: false  # Use Azure Cache for Redis if needed

# Production security
podSecurityContext:
  fsGroup: 1000
  runAsNonRoot: true

securityContext:
  runAsNonRoot: true
  runAsUser: 1000
  allowPrivilegeEscalation: false
  capabilities:
    drop:
      - ALL
  readOnlyRootFilesystem: true
  seccompProfile:
    type: RuntimeDefault

# Network policies for production
networkPolicy:
  enabled: true

# Pod Disruption Budgets
podDisruptionBudget:
  enabled: true
  minAvailable: 1