# Production overrides for veylant-proxy Helm chart.
# Apply with: helm upgrade veylant-proxy-blue deploy/helm/veylant-proxy \
#   -f deploy/helm/veylant-proxy/values-production.yaml \
#   -f deploy/helm/veylant-proxy/values-blue.yaml \
#   --set image.tag=$IMAGE_TAG

# 3 replicas — 1 per Availability Zone (eu-west-3a/3b/3c).
replicaCount: 3

# Deployment slot (overridden at deploy time by values-blue.yaml / values-green.yaml).
slot: blue

image:
  repository: ghcr.io/veylant/ia-gateway
  pullPolicy: IfNotPresent
  tag: ""  # Set via --set image.tag=$GITHUB_SHA

serviceAccount:
  create: true
  name: ""

service:
  type: ClusterIP
  port: 8090

# Production resource profile — tuned for t3.medium nodes.
resources:
  requests:
    cpu: 250m
    memory: 256Mi
  limits:
    cpu: 1000m
    memory: 512Mi

# HPA enabled for production — scales between 3 and 15 replicas.
autoscaling:
  enabled: true
  minReplicas: 3
  maxReplicas: 15
  targetCPUUtilizationPercentage: 70
  targetMemoryUtilizationPercentage: 80

# Application configuration — production settings.
config:
  server:
    port: 8090
    shutdown_timeout_seconds: 30
    env: production
    allowed_origins:
      - "https://dashboard.veylant.ai"
  log:
    level: warn    # Reduced verbosity in production; errors + warnings only
    format: json
  pii:
    enabled: true
    fail_open: false   # PII failure blocks request in production
    timeout_ms: 100
  metrics:
    enabled: true
    path: /metrics

# Secret references — created via Vault Agent Injector annotations.
secrets:
  openaiApiKeySecretName: veylant-proxy-secrets
  openaiApiKeySecretKey: openai-api-key
  databaseUrlSecretName: veylant-proxy-secrets
  databaseUrlSecretKey: database-url

# Enable Prometheus ServiceMonitor for production scraping.
metrics:
  serviceMonitor:
    enabled: true
    interval: 15s
    path: /metrics

# Pod topology spread — ensure pods spread across AZs.
topologySpreadConstraints:
  - maxSkew: 1
    topologyKey: topology.kubernetes.io/zone
    whenUnsatisfiable: DoNotSchedule
    labelSelector:
      matchLabels:
        app.kubernetes.io/name: veylant-proxy

# Pod anti-affinity — avoid co-location on same node.
affinity:
  podAntiAffinity:
    preferredDuringSchedulingIgnoredDuringExecution:
      - weight: 100
        podAffinityTerm:
          labelSelector:
            matchLabels:
              app.kubernetes.io/name: veylant-proxy
          topologyKey: kubernetes.io/hostname