# Deploy values pour lionsdev-client-impl-quarkus sur cluster k1 (prod)
# Override du chart lions-app 1.0.1

lions-app:

  image:
    registry: registry.lions.dev
    repository: lionsdev
    name: lionsdev-client-impl-quarkus
    tag: "1.0.0-SNAPSHOT-20250923-151544"   # AUTO-UPDATED by lionsctl pipeline
    pullPolicy: IfNotPresent
    pullSecrets:
      - lionsregistry-secret

  replicaCount: 1

  resources:
    requests:
      cpu: 200m
      memory: 512Mi
    limits:
      cpu: "2"
      memory: 2Gi

  # Env non-sensibles
  configMap:
    enabled: true
    envFrom: true
    data:
      QUARKUS_PROFILE: prod
      APP_ENV: production
      JAVA_OPTS: "-Xms256m -Xmx512m"
      QUARKUS_HTTP_PORT: "8080"
      APP_BASE_URL: https://lions.dev
      QUARKUS_DATASOURCE_DB_KIND: postgresql
      QUARKUS_DATASOURCE_JDBC_URL: jdbc:postgresql://postgresql-service.postgresql.svc.cluster.local:5432/lionsdb
      STORAGE_PATH: /app/storage

  # Secrets depuis K8s Secrets existants (migration Vault à venir)
  extraEnvFrom:
    - secretRef:
        name: lions-shared-db-secret

  externalSecret:
    enabled: false   # TODO: migrate to Vault ExternalSecret

  ingress:
    enabled: true
    className: nginx
    clusterIssuer: letsencrypt-prod
    host: lions.dev
    pathPrefix:
      enabled: false
    tls:
      enabled: true
    rateLimit:
      enabled: true
      rpm: 3000
      connections: 200
    annotations:
      nginx.ingress.kubernetes.io/proxy-body-size: "50m"
      nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
      nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
      nginx.ingress.kubernetes.io/proxy-buffer-size: "16k"

  networkPolicy:
    enabled: true
    allowIngressFrom:
      - namespaceSelector:
          kubernetes.io/metadata.name: ingress-nginx
      - namespaceSelector:
          kubernetes.io/metadata.name: monitoring
    allowEgressDNS: true
    allowEgressKubeAPI: true
    allowEgressTo:
      - namespaceSelector:
          kubernetes.io/metadata.name: postgresql
        ports:
          - port: 5432
            protocol: TCP
      - namespaceSelector:
          kubernetes.io/metadata.name: keycloak
        ports:
          - port: 8080
            protocol: TCP

  probes:
    liveness:
      enabled: true
      httpGet:
        path: /q/health/live
        port: 8080
      initialDelaySeconds: 60
      periodSeconds: 30
      timeoutSeconds: 5
      failureThreshold: 3
    readiness:
      enabled: true
      httpGet:
        path: /q/health/ready
        port: 8080
      initialDelaySeconds: 30
      periodSeconds: 10
      timeoutSeconds: 5
      failureThreshold: 3

  volumes:
    tmp:
      enabled: true
      sizeLimit: 200Mi
    logs:
      enabled: true
      sizeLimit: 500Mi
      mountPath: /app/logs
    extra:
      - name: app-storage
        emptyDir:
          sizeLimit: 2Gi

  volumeMounts:
    - name: app-storage
      mountPath: /app/storage

  tolerations:
    - key: node-role.kubernetes.io/control-plane
      operator: Exists
      effect: NoSchedule

  podAnnotations:
    lionsctl.lions.dev/cluster: k1
    lionsctl.lions.dev/environment: production