# Deploy values pour btpxpress-client sur cluster k1 (prod)
# Override du chart lions-app 1.0.1

lions-app:

  image:
    registry: registry.lions.dev
    repository: lionsdev
    name: btpxpress-client
    tag: "1.0.0-20251108-152910"   # AUTO-UPDATED by lionsctl pipeline
    pullPolicy: IfNotPresent
    pullSecrets:
      - lionsregistry-secret

  replicaCount: 2

  resources:
    requests:
      cpu: 200m
      memory: 512Mi
    limits:
      cpu: "1"
      memory: 1Gi

  # Env non-sensibles
  configMap:
    enabled: true
    envFrom: true
    data:
      QUARKUS_PROFILE: prod
      APP_ENV: production
      JAVA_OPTS: "-Xms256m -Xmx512m"
      QUARKUS_HTTP_PORT: "8080"
      APP_BASE_URL: https://lions.dev
      QUARKUS_DATASOURCE_DB_KIND: postgresql
      QUARKUS_DATASOURCE_JDBC_URL: jdbc:postgresql://postgresql-service.postgresql.svc.cluster.local:5432/btpxpress
      QUARKUS_HIBERNATE_ORM_DATABASE_GENERATION: validate
      STORAGE_PATH: /app/storage
      # Brevo SMTP (via secret brevo-smtp optionnel dans le namespace)
      QUARKUS_MAILER_MOCK: "false"

  # Secrets depuis K8s Secrets existants (migration Vault à venir)
  extraEnvFrom:
    - secretRef:
        name: lions-shared-db-eso
    - secretRef:
        name: brevo-smtp-eso
        optional: true

  externalSecret:
    enabled: false  # migrated to Vault via separate ESO

  ingress:
    enabled: true
    className: nginx
    clusterIssuer: letsencrypt-prod
    host: btpxpress.lions.dev
    pathPrefix:
      enabled: false
    tls:
      enabled: true
    rateLimit:
      enabled: true
      rpm: 3000
      connections: 200
    annotations:
      nginx.ingress.kubernetes.io/proxy-body-size: "50m"
      nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
      nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
      nginx.ingress.kubernetes.io/proxy-buffer-size: "16k"

  networkPolicy:
    enabled: true
    allowIngressFrom:
      - namespaceSelector:
          kubernetes.io/metadata.name: ingress-nginx
      - namespaceSelector:
          kubernetes.io/metadata.name: monitoring
    allowEgressDNS: true
    allowEgressKubeAPI: true
    allowEgressTo:
      - namespaceSelector:
          kubernetes.io/metadata.name: postgresql
        ports:
          - port: 5432
            protocol: TCP
      - namespaceSelector:
          kubernetes.io/metadata.name: keycloak
        ports:
          - port: 8080
            protocol: TCP

  probes:
    liveness:
      enabled: true
      httpGet: null
      tcpSocket:
        port: 8080
      initialDelaySeconds: 30
      periodSeconds: 10
      timeoutSeconds: 5
      failureThreshold: 3
    readiness:
      enabled: true
      httpGet: null
      tcpSocket:
        port: 8080
      initialDelaySeconds: 10
      periodSeconds: 5
      timeoutSeconds: 3
      failureThreshold: 3

  volumes:
    tmp:
      enabled: true
      sizeLimit: 200Mi
    logs:
      enabled: true
      sizeLimit: 500Mi
      mountPath: /app/logs
    extra:
      - name: app-storage
        emptyDir:
          sizeLimit: 2Gi

  volumeMounts:
    - name: app-storage
      mountPath: /app/storage

  tolerations:
    - key: node-role.kubernetes.io/control-plane
      operator: Exists
      effect: NoSchedule

  podAnnotations:
    lionsctl.lions.dev/cluster: k1
    lionsctl.lions.dev/environment: production