BE-5194 Improve Kubernete (helm deploy) documents (#777)

docs/enterprise-app-store/portal-settings.md

@@ -167,6 +167,24 @@ Open your DNS provider's website and add a CNAME with the below details
 
 **Destination:** _**store-domain.appcircle.io**_
 
+:::info
+For self-hosted users with a Kubernetes deployment, it is essential to configure DNS records appropriately for your environment.
+
+- Retrieve the ingress objects:
+
+    ```bash
+    kubectl get ingress -n appcircle
+    ```
+
+- Examine the `ADDRESS` column:
+  - If internal IP addresses are listed for the ingress objects:
+    - For internal-only access to Appcircle, use these IP addresses as the destination for `A` records.
+    - For internet access to Appcircle, use the public IP addresses of these nodes as the destination for `A` records.
+  - If `CNAME` records are listed for the ingress objects:
+    - Use the `CNAME` as the destination for `CNAME` records.
+
+:::
+
 The below screenshot shows an example configuration screen from Cloudflare.
 
 <Screenshot url='https://cdn.appcircle.io/docs/assets/entstore-cname.png' />

docs/self-hosted-appcircle/install-server/helm-chart/configuration/_apply-helm-configuration-changes.mdx

@@ -0,0 +1,11 @@
+To apply configuration changes to the Appcircle server installation, update the Helm release with the new configuration using the following command:
+
+:::info
+The namespace, release name, and Helm repository name in the example command below are written for the example installation document. If you have changed these values while installing the Appcircle server, adjust the values if required. 
+:::
+
+```bash
+helm upgrade appcircle-server appcircle/appcircle \
+  -n appcircle \
+  -f values.yaml
+```

docs/self-hosted-appcircle/install-server/helm-chart/configuration/ca-certificates.md

@@ -6,6 +6,7 @@ sidebar_position: 50
 ---
 
 import NeedHelp from '@site/docs/\_need-help.mdx';
+import ApplyHelmConfigurationChanges from '@site/docs/self-hosted-appcircle/install-server/helm-chart/configuration/\_apply-helm-configuration-changes.mdx';
 
 ## Adding Trusted CA Certificates to the Appcircle Services
 
@@ -45,4 +46,6 @@ global:
         -----END CERTIFICATE-----
 ```
 
+<ApplyHelmConfigurationChanges />
+
 <NeedHelp />

docs/self-hosted-appcircle/install-server/helm-chart/configuration/enterprise-store-configuration.md

@@ -7,6 +7,7 @@ sidebar_position: 70
 
 import Screenshot from '@site/src/components/Screenshot';
 import NeedHelp from '@site/docs/\_need-help.mdx';
+import ApplyHelmConfigurationChanges from '@site/docs/self-hosted-appcircle/install-server/helm-chart/configuration/\_apply-helm-configuration-changes.mdx';
 
 ## Overview
 
@@ -34,4 +35,6 @@ store:
         value: "App Store"
 ```
 
+<ApplyHelmConfigurationChanges />
+
 <NeedHelp />

docs/self-hosted-appcircle/install-server/helm-chart/configuration/git-providers-configuration.md

@@ -7,6 +7,7 @@ sidebar_position: 70
 
 import Screenshot from '@site/src/components/Screenshot';
 import NeedHelp from '@site/docs/\_need-help.mdx';
+import ApplyHelmConfigurationChanges from '@site/docs/self-hosted-appcircle/install-server/helm-chart/configuration/\_apply-helm-configuration-changes.mdx';
 
 ## Overview
 
@@ -41,6 +42,8 @@ web:
 
 You can delete the providers you do not need by removing them from `selfHostedGitProviders` list above.
 
+<ApplyHelmConfigurationChanges />
+
 For more details about "Bitbucket" usage, see related docs in the [Connecting to Bitbucket](/build/manage-the-connections/adding-a-build-profile/connecting-to-bitbucket) page.
 
 For more details about "Azure" usage, see related docs in the [Connecting to Azure DevOps](/build/manage-the-connections/adding-a-build-profile/connecting-to-azure) page.

docs/self-hosted-appcircle/install-server/helm-chart/configuration/ingress-configuration.md

@@ -0,0 +1,81 @@
+---
+title: Ingress Configuration
+description: Learn how to configure Ingress
+tags: [self-hosted, helm, configuration, kubernetes]
+sidebar_position: 60
+---
+
+import NeedHelp from '@site/docs/\_need-help.mdx';
+import ApplyHelmConfigurationChanges from '@site/docs/self-hosted-appcircle/install-server/helm-chart/configuration/\_apply-helm-configuration-changes.mdx';
+
+## Overview
+
+The Appcircle Helm chart includes an Ingress controller, specifically ingress-nginx, which is enabled by default. For production environments, it is recommended to use your own Ingress controller for better control and customization.
+
+## Appcircle Default Ingress-NGINX Configuration
+
+The default `ingress-nginx` configuration in the `values.yaml` file includes several parameters that apply globally to the Ingress controller. These configurations can be adjusted as needed to fit your deployment requirements. If you are using your own Ingress controller, you can configure these values globally or on a per-Ingress basis for Appcircle ingresses.
+
+Default Configurations in `values.yaml` of the Appcircle server Helm chart:
+
+```yaml
+ingress-nginx:
+  controller:
+    config: 
+      proxy-body-size: '4096m'
+      client-body-buffer-size: '128k'
+      proxy-connect-timeout: '600'
+      proxy-send-timeout: '600'
+      proxy-read-timeout: '600'
+      proxy-buffer-size: '128k'
+      proxy-buffers-number: '4'
+      proxy-busy-buffers-size: '128k'
+```
+
+You can change the default values of the Ingress controller that is installed with the Appcircle Helm chart as your needs dictate.
+
+<ApplyHelmConfigurationChanges />
+
+## Configuring Ingress Annotations
+
+Adding per-Ingress annotations is recommended for external Ingress controllers. By setting annotations per Ingress, you can fine-tune the behavior of specific Appcircle services without impacting the entire Ingress controller.
+
+Example Ingress configurations for `values.yaml` of the Appcircle server Helm chart:
+
+```yaml
+# For APK, IPA, build artifact uploads from browsers and Appcircle runners
+apigateway:
+  ingress:
+    annotations:
+      # For Ingres-Nginx Controller
+      nginx.ingress.kubernetes.io/proxy-body-size: "4096m"
+      nginx.ingress.kubernetes.io/client-body-buffer-size: "128k"
+      nginx.ingress.kubernetes.io/proxy-connect-timeout: "600"
+      nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
+      nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
+      nginx.ingress.kubernetes.io/proxy-buffer-size: "128k"
+      nginx.ingress.kubernetes.io/proxy-buffers-number: "4"
+      nginx.ingress.kubernetes.io/proxy-busy-buffers-size: "128k"
+
+# For build cache uploads from Appcircle runners
+resource:
+  ingress:
+    annotations:
+      # For Ingres-Nginx Controller
+      nginx.ingress.kubernetes.io/proxy-body-size: "4096m"
+      nginx.ingress.kubernetes.io/client-body-buffer-size: "128k"
+      nginx.ingress.kubernetes.io/proxy-connect-timeout: "600"
+      nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
+      nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
+      nginx.ingress.kubernetes.io/proxy-buffer-size: "128k"
+      nginx.ingress.kubernetes.io/proxy-buffers-number: "4"
+      nginx.ingress.kubernetes.io/proxy-busy-buffers-size: "128k"
+```
+
+:::tip
+If you are using an ingress controller other than `ingress-nginx`, please refer to the documentation for your specific ingress controller to find the relevant configurations. Each ingress controller may have different annotations and settings to achieve similar functionality.
+:::
+
+<ApplyHelmConfigurationChanges />
+
+<NeedHelp />

docs/self-hosted-appcircle/install-server/helm-chart/configuration/ldap-configuration.md

@@ -6,6 +6,7 @@ sidebar_position: 80
 ---
 
 import NeedHelp from '@site/docs/\_need-help.mdx';
+import ApplyHelmConfigurationChanges from '@site/docs/self-hosted-appcircle/install-server/helm-chart/configuration/\_apply-helm-configuration-changes.mdx';
 
 ## Overview
 
@@ -71,6 +72,8 @@ auth:
         maxLockDuration: "600"
 ```
 
+<ApplyHelmConfigurationChanges />
+
 ## User Lookup Decision Settings
 
 The LDAP (Lightweight Directory Access Protocol) user lookup decision strategy is a crucial aspect of user authentication in applications that utilize LDAP for user management.
@@ -93,6 +96,8 @@ auth:
 
 If you don't define it or it has an unknown value, it is assumed to be `decisive` by default.
 
+<ApplyHelmConfigurationChanges />
+
 #### Affirmative
 
 When `userLookupDecisionStrategy` is set to "affirmative", the LDAP authentication process will check all LDAP settings, even if the user is found on a particular LDAP configuration. This means that if a user has multiple accounts on different LDAP configurations with different passwords, they will be able to login successfully. The authentication system will search across all LDAP configurations to find a matching username or email and validate the user's password, allowing the user to access the system.

docs/self-hosted-appcircle/install-server/helm-chart/configuration/license-configuration.md

@@ -28,6 +28,10 @@ kubectl create secret generic appcircle-server-auth-license \
   --save-config --dry-run=client -o yaml | kubectl apply -f -
 ```
 
+:::info
+Creating a Secret for license should be done once. Other license updates do not require repeating this step.
+:::
+
 ### Updating the License
 
 If your organization’s Appcircle server license has been updated and you need to apply the new license, you can upgrade the Appcircle server deployment using Helm:

docs/self-hosted-appcircle/install-server/helm-chart/configuration/sensitive-configuration.md

@@ -6,6 +6,7 @@ sidebar_position: 40
 ---
 
 import NeedHelp from '@site/docs/\_need-help.mdx';
+import ApplyHelmConfigurationChanges from '@site/docs/self-hosted-appcircle/install-server/helm-chart/configuration/\_apply-helm-configuration-changes.mdx';
 
 ## Secrets for Sensitive Values
 
@@ -84,4 +85,8 @@ kubectl create secret generic appcircle-tls-wildcard \
 
 - Remove the `.global.tlsWildcard` key from the `values.yaml` file if it exists.
 
+#### Apply Configuration Changes
+
+<ApplyHelmConfigurationChanges />
+
 <NeedHelp />

docs/self-hosted-appcircle/install-server/helm-chart/configuration/ssl-configuration.md

@@ -18,14 +18,16 @@ By default, the Helm chart is configured for HTTP without an SSL certificate. If
 Appcircle must be installed with HTTPS from the initial installation. If you initially installed Appcircle with HTTP, you will need to [uninstall](/self-hosted-appcircle/install-server/helm-chart/uninstallation) it and then reinstall it with HTTPS.
 :::
 
-## SSL Certificate Configuration
-
 You have two options for configuring SSL certificates:
 
 1. **Trial Purposes**: Define the SSL certificate directly in the `values.yaml` by following [this section](#define-the-ssl-certificate-in-valuesyaml).
-2. **Production**: Create a Kubernetes secret for better security and manageability by following [this section](#create-the-tls-secret).
+2. **Production**: Create a Kubernetes secret for better security and manageability by following [this section](#define-the-ssl-certificate-in-secrets).
+
+## Define the SSL Certificate in `values.yaml`
 
-### Define the SSL Certificate in `values.yaml`
+### Initial SSL Configuration
+
+#### Update the `values.yaml`
 
 To configure the SSL certificate, update your `values.yaml` file with the following settings:
 
@@ -65,9 +67,19 @@ global:
       ...
       emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
       -----END CERTIFICATE-----
+
+# Web event Redis configuration
+webeventredis:
+  # Enable TLS for Redis connections
+  tls:
+    enabled: true
+  # Ingress configuration for Redis
+  ingress:
+    enabled: true
+    tls: true
 ```
 
-#### Update the Certificate in `values.yaml`
+### Updating the Certificate
 
 To update the SSL certificate used on Appcircle server, perform the following steps to update the Helm chart and restart the required services:
 
@@ -92,7 +104,30 @@ kubectl rollout restart statefulset/appcircle-server-webeventredis-master -n app
 kubectl rollout restart statefulset/appcircle-server-webeventredis-replicas -n appcircle
 ```
 
-### Create the TLS Secret
+## Define the SSL Certificate in Secrets
+
+### Initial SSL Configuration
+
+#### Updating the `values.yaml`
+
+To configure the SSL certificate, update your `values.yaml` file with the following settings:
+
+```yaml
+global:
+  urls:
+    scheme: https
+# Web event Redis configuration
+webeventredis:
+  # Enable TLS for Redis connections
+  tls:
+    enabled: true
+  # Ingress configuration for Redis
+  ingress:
+    enabled: true
+    tls: true
+```
+
+#### Create the Secret
 
 Create a secret with the name `appcircle-tls-wildcard` containing the `tls.crt`, `tls.key` and `ca.crt` keys.
 
@@ -115,9 +150,9 @@ kubectl create secret generic appcircle-tls-wildcard \
   -n appcircle
 ```
 
-#### Update the Certificate in Secret
+### Updating the Certificate
 
-To update an existing SSL certificate, use the following commands
+To update an existing SSL certificate, use the following commands.
 
 1. Update the secret with the new certificate.
 

docs/self-hosted-appcircle/install-server/helm-chart/configuration/storage-configuration.md

@@ -49,7 +49,7 @@ auth:
         storageClass: nfs-client
 mongodb:
   persistence:
-    size: 3Gi
+    size: 30Gi
     storageClass: nfs-client
 kafka:
   controller: