apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: bakery-ingress
  namespace: bakery-ia
  annotations:
    # Dev-Prod Parity: Enable HTTPS by default
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"

    # Dev-Prod Parity: Use specific origins instead of wildcard to catch CORS issues early
    # HTTPS origins first (preferred), with HTTP fallback for development flexibility
    nginx.ingress.kubernetes.io/cors-allow-origin: "https://localhost,https://localhost:3000,https://localhost:3001,https://127.0.0.1,https://127.0.0.1:3000,https://127.0.0.1:3001,https://bakery-ia.local,http://localhost,http://localhost:3000,http://localhost:3001,http://127.0.0.1,http://127.0.0.1:3000"
    nginx.ingress.kubernetes.io/cors-allow-methods: "GET, POST, PUT, DELETE, OPTIONS, PATCH"
    nginx.ingress.kubernetes.io/cors-allow-headers: "Content-Type, Authorization, X-Requested-With, Accept, Origin, Cache-Control"
    nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
    nginx.ingress.kubernetes.io/enable-cors: "true"

    # Prevent nginx from redirecting to add trailing slashes
    nginx.ingress.kubernetes.io/use-regex: "true"

    # Development, SSE and WebSocket annotations
    nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
    nginx.ingress.kubernetes.io/proxy-connect-timeout: "600"
    nginx.ingress.kubernetes.io/proxy-body-size: "10m"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
    nginx.ingress.kubernetes.io/proxy-buffering: "off"
    nginx.ingress.kubernetes.io/proxy-http-version: "1.1"
    nginx.ingress.kubernetes.io/upstream-keepalive-timeout: "3600"

    # WebSocket upgrade support
    nginx.ingress.kubernetes.io/websocket-services: "gateway-service"
spec:
  ingressClassName: nginx
  tls:
  - hosts:
    - localhost
    - bakery-ia.local
    - monitoring.bakery-ia.local
    secretName: bakery-dev-tls-cert
  rules:
  - host: localhost
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: frontend-service
            port:
              number: 3000
      - path: /api
        pathType: Prefix
        backend:
          service:
            name: gateway-service
            port:
              number: 8000
  - host: bakery-ia.local
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: frontend-service
            port:
              number: 3000
      - path: /api
        pathType: Prefix
        backend:
          service:
            name: gateway-service
            port:
              number: 8000
  # Note: SigNoz monitoring is deployed via Helm in the 'signoz' namespace
  # SigNoz creates its own Ingress via Helm chart configuration (signoz-values-dev.yaml)
  # Access at: https://monitoring.bakery-ia.local/
  # SignOz is served at the root of the monitoring subdomain