285 lines
5.0 KiB
YAML
285 lines
5.0 KiB
YAML
# Production environment values
|
|
# Use with: helm install flow ./helm/flow -f ./helm/flow/values-prod.yaml
|
|
|
|
global:
|
|
imageRegistry: "cr.kn.entit.eu"
|
|
imagePullSecrets:
|
|
- flow-registry-credentials
|
|
|
|
azureAd:
|
|
enabled: true
|
|
instance: "https://login.microsoftonline.com/"
|
|
domain: "your-domain.com"
|
|
tenantId: "" # Set via --set or external secret
|
|
clientId: "" # Set via --set or external secret
|
|
clientSecret: "" # Set via --set or external secret
|
|
scopes: "access_as_user"
|
|
|
|
database:
|
|
provider: "Postgres"
|
|
postgres:
|
|
host: "your-postgres-host.postgres.database.azure.com"
|
|
port: 5432
|
|
database: "flow_prod"
|
|
username: "flow@your-postgres-host"
|
|
existingSecret: "flow-db-secret"
|
|
existingSecretKey: "postgres-password"
|
|
|
|
rabbitmq:
|
|
host: "your-rabbitmq-host"
|
|
username: "flow"
|
|
existingSecret: "flow-rabbitmq-secret"
|
|
existingSecretKey: "rabbitmq-password"
|
|
|
|
# Core services - production replicas with autoscaling
|
|
workflowEngine:
|
|
replicaCount: 3
|
|
autoscaling:
|
|
enabled: true
|
|
minReplicas: 3
|
|
maxReplicas: 10
|
|
targetCPUUtilizationPercentage: 70
|
|
resources:
|
|
limits:
|
|
cpu: 1000m
|
|
memory: 1Gi
|
|
requests:
|
|
cpu: 250m
|
|
memory: 512Mi
|
|
ingress:
|
|
enabled: true
|
|
className: nginx
|
|
annotations:
|
|
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
|
cert-manager.io/cluster-issuer: letsencrypt-prod
|
|
hosts:
|
|
- host: api.flow.your-domain.com
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
tls:
|
|
- secretName: flow-api-tls
|
|
hosts:
|
|
- api.flow.your-domain.com
|
|
|
|
activityRegistry:
|
|
replicaCount: 2
|
|
autoscaling:
|
|
enabled: true
|
|
minReplicas: 2
|
|
maxReplicas: 5
|
|
resources:
|
|
limits:
|
|
cpu: 500m
|
|
memory: 512Mi
|
|
requests:
|
|
cpu: 100m
|
|
memory: 256Mi
|
|
|
|
definitionStore:
|
|
replicaCount: 2
|
|
autoscaling:
|
|
enabled: true
|
|
minReplicas: 2
|
|
maxReplicas: 5
|
|
resources:
|
|
limits:
|
|
cpu: 500m
|
|
memory: 512Mi
|
|
requests:
|
|
cpu: 100m
|
|
memory: 256Mi
|
|
|
|
workflowLogging:
|
|
replicaCount: 2
|
|
autoscaling:
|
|
enabled: true
|
|
minReplicas: 2
|
|
maxReplicas: 5
|
|
resources:
|
|
limits:
|
|
cpu: 500m
|
|
memory: 512Mi
|
|
requests:
|
|
cpu: 100m
|
|
memory: 256Mi
|
|
|
|
connectionStore:
|
|
replicaCount: 2
|
|
resources:
|
|
limits:
|
|
cpu: 500m
|
|
memory: 512Mi
|
|
requests:
|
|
cpu: 100m
|
|
memory: 256Mi
|
|
|
|
tenantRegistry:
|
|
replicaCount: 2
|
|
resources:
|
|
limits:
|
|
cpu: 500m
|
|
memory: 512Mi
|
|
requests:
|
|
cpu: 100m
|
|
memory: 256Mi
|
|
|
|
frontendWeb:
|
|
replicaCount: 2
|
|
autoscaling:
|
|
enabled: true
|
|
minReplicas: 2
|
|
maxReplicas: 5
|
|
ingress:
|
|
enabled: true
|
|
className: nginx
|
|
annotations:
|
|
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
|
cert-manager.io/cluster-issuer: letsencrypt-prod
|
|
hosts:
|
|
- host: flow.your-domain.com
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
tls:
|
|
- secretName: flow-frontend-tls
|
|
hosts:
|
|
- flow.your-domain.com
|
|
|
|
# Activity services - production resources
|
|
activities:
|
|
resources:
|
|
limits:
|
|
cpu: 500m
|
|
memory: 512Mi
|
|
requests:
|
|
cpu: 100m
|
|
memory: 256Mi
|
|
|
|
httpRequestActivity:
|
|
enabled: true
|
|
replicaCount: 2
|
|
|
|
sqlActivity:
|
|
enabled: true
|
|
replicaCount: 2
|
|
|
|
redisActivity:
|
|
enabled: true
|
|
replicaCount: 2
|
|
|
|
blobStorageActivity:
|
|
enabled: true
|
|
replicaCount: 2
|
|
|
|
queueActivity:
|
|
enabled: true
|
|
replicaCount: 2
|
|
|
|
cosmosDbActivity:
|
|
enabled: true
|
|
replicaCount: 2
|
|
|
|
mongoDbActivity:
|
|
enabled: true
|
|
replicaCount: 1
|
|
|
|
emailActivity:
|
|
enabled: true
|
|
replicaCount: 2
|
|
|
|
slackActivity:
|
|
enabled: true
|
|
replicaCount: 1
|
|
|
|
teamsActivity:
|
|
enabled: true
|
|
replicaCount: 1
|
|
|
|
twilioActivity:
|
|
enabled: true
|
|
replicaCount: 1
|
|
|
|
ftpActivity:
|
|
enabled: true
|
|
replicaCount: 1
|
|
|
|
graphqlActivity:
|
|
enabled: true
|
|
replicaCount: 1
|
|
|
|
soapActivity:
|
|
enabled: true
|
|
replicaCount: 1
|
|
|
|
pdfActivity:
|
|
enabled: true
|
|
replicaCount: 1
|
|
|
|
csvActivity:
|
|
enabled: true
|
|
replicaCount: 1
|
|
|
|
excelActivity:
|
|
enabled: true
|
|
replicaCount: 1
|
|
|
|
oauthActivity:
|
|
enabled: true
|
|
replicaCount: 1
|
|
|
|
keyVaultActivity:
|
|
enabled: true
|
|
replicaCount: 1
|
|
|
|
eventHubActivity:
|
|
enabled: true
|
|
replicaCount: 2
|
|
|
|
eventGridActivity:
|
|
enabled: true
|
|
replicaCount: 1
|
|
|
|
awsS3Activity:
|
|
enabled: true
|
|
replicaCount: 1
|
|
|
|
awsSqsActivity:
|
|
enabled: true
|
|
replicaCount: 1
|
|
|
|
# External infrastructure in production (managed services)
|
|
rabbitmq:
|
|
enabled: false # Use Azure Service Bus or managed RabbitMQ
|
|
|
|
postgresql:
|
|
enabled: false # Use Azure Database for PostgreSQL
|
|
|
|
redis:
|
|
enabled: false # Use Azure Cache for Redis if needed
|
|
|
|
# Production security
|
|
podSecurityContext:
|
|
fsGroup: 1000
|
|
runAsNonRoot: true
|
|
|
|
securityContext:
|
|
runAsNonRoot: true
|
|
runAsUser: 1000
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
readOnlyRootFilesystem: true
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
|
|
# Network policies for production
|
|
networkPolicy:
|
|
enabled: true
|
|
|
|
# Pod Disruption Budgets
|
|
podDisruptionBudget:
|
|
enabled: true
|
|
minAvailable: 1
|