apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

metadata:
  name: bakery-ia-prod

namespace: bakery-ia

resources:
  - ../../base
  - prod-ingress.yaml
  # SigNoz is managed via Helm deployment (see infrastructure/helm/deploy-signoz.sh)
  # Monitoring is handled by SigNoz (no separate monitoring components needed)
  # SigNoz paths are now included in the main ingress (ingress-https.yaml)

patchesStrategicMerge:
  - storage-patch.yaml

labels:
  - includeSelectors: true
    pairs:
      environment: production
      tier: production

# Production configuration patches
patches:
  # Override ConfigMap values for production
  - target:
      kind: ConfigMap
      name: bakery-config
    patch: |-
      - op: replace
        path: /data/ENVIRONMENT
        value: "production"
      - op: replace
        path: /data/DEBUG
        value: "false"
      - op: replace
        path: /data/LOG_LEVEL
        value: "INFO"
      - op: replace
        path: /data/PROFILING_ENABLED
        value: "false"
      - op: replace
        path: /data/MOCK_EXTERNAL_APIS
        value: "false"
      - op: add
        path: /data/REQUEST_TIMEOUT
        value: "30"
      - op: add
        path: /data/MAX_CONNECTIONS
        value: "100"
      - op: replace
        path: /data/ENABLE_TRACING
        value: "true"
      - op: replace
        path: /data/ENABLE_METRICS
        value: "true"
      - op: replace
        path: /data/ENABLE_LOGS
        value: "true"
      - op: add
        path: /data/OTEL_EXPORTER_OTLP_ENDPOINT
        value: "http://signoz-otel-collector.signoz.svc.cluster.local:4317"
      - op: add
        path: /data/OTEL_EXPORTER_OTLP_PROTOCOL
        value: "grpc"
      - op: add
        path: /data/OTEL_SERVICE_NAME
        value: "bakery-ia"
      - op: add
        path: /data/OTEL_RESOURCE_ATTRIBUTES
        value: "deployment.environment=production,cluster.name=bakery-ia-prod"
      - op: add
        path: /data/SIGNOZ_ENDPOINT
        value: "http://signoz.signoz.svc.cluster.local:8080"
      - op: add
        path: /data/SIGNOZ_FRONTEND_URL
        value: "https://monitoring.bakewise.ai"
      - op: add
        path: /data/SIGNOZ_ROOT_URL
        value: "https://monitoring.bakewise.ai"
      - op: add
        path: /data/RATE_LIMIT_ENABLED
        value: "true"
      - op: add
        path: /data/RATE_LIMIT_PER_MINUTE
        value: "60"
      - op: add
        path: /data/CORS_ORIGINS
        value: "https://bakewise.ai"
      - op: add
        path: /data/CORS_ALLOW_CREDENTIALS
        value: "true"
      - op: add
        path: /data/VITE_API_URL
        value: "/api"
      - op: add
        path: /data/VITE_ENVIRONMENT
        value: "production"
  # SigNoz resource patches for production
  # SigNoz ClickHouse production configuration
  - target:
      group: apps
      version: v1
      kind: StatefulSet
      name: signoz-clickhouse
      namespace: signoz
    patch: |-
      - op: replace
        path: /spec/replicas
        value: 2
      - op: replace
        path: /spec/template/spec/containers/0/resources
        value:
          requests:
            memory: "2Gi"
            cpu: "500m"
          limits:
            memory: "4Gi"
            cpu: "1000m"
  # SigNoz Main Service production configuration (v0.106.0+ unified service)
  - target:
      group: apps
      version: v1
      kind: StatefulSet
      name: signoz
      namespace: signoz
    patch: |-
      - op: replace
        path: /spec/replicas
        value: 2
      - op: replace
        path: /spec/template/spec/containers/0/resources
        value:
          requests:
            memory: "2Gi"
            cpu: "1000m"
          limits:
            memory: "4Gi"
            cpu: "2000m"
  # SigNoz AlertManager production configuration
  - target:
      group: apps
      version: v1
      kind: Deployment
      name: signoz-alertmanager
      namespace: signoz
    patch: |-
      - op: replace
        path: /spec/replicas
        value: 2
      - op: replace
        path: /spec/template/spec/containers/0/resources
        value:
          requests:
            memory: "512Mi"
            cpu: "250m"
          limits:
            memory: "1Gi"
            cpu: "500m"

images:
  - name: bakery/auth-service
    newTag: latest
  - name: bakery/tenant-service
    newTag: latest
  - name: bakery/training-service
    newTag: latest
  - name: bakery/forecasting-service
    newTag: latest
  - name: bakery/sales-service
    newTag: latest
  - name: bakery/external-service
    newTag: latest
  - name: bakery/notification-service
    newTag: latest
  - name: bakery/inventory-service
    newTag: latest
  - name: bakery/recipes-service
    newTag: latest
  - name: bakery/suppliers-service
    newTag: latest
  - name: bakery/pos-service
    newTag: latest
  - name: bakery/orders-service
    newTag: latest
  - name: bakery/production-service
    newTag: latest
  - name: bakery/alert-processor
    newTag: latest
  - name: bakery/gateway
    newTag: latest
  - name: bakery/dashboard
    newTag: latest

replicas:
  - name: auth-service
    count: 3
  - name: tenant-service
    count: 2
  - name: training-service
    count: 2
  - name: forecasting-service
    count: 3
  - name: sales-service
    count: 2
  - name: external-service
    count: 2
  - name: notification-service
    count: 3
  - name: inventory-service
    count: 2
  - name: recipes-service
    count: 2
  - name: suppliers-service
    count: 2
  - name: pos-service
    count: 2
  - name: orders-service
    count: 3
  - name: production-service
    count: 2
  - name: alert-processor
    count: 3
  - name: procurement-service
    count: 2
  - name: orchestrator-service
    count: 2
  - name: ai-insights-service
    count: 2
  - name: gateway
    count: 3
  - name: frontend
    count: 2