apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

resources:
  - ../../base

namePrefix: prod-

patches:
  - target:
      kind: Ingress
      name: bakery-ingress
    patch: |-
      - op: replace
        path: /spec/tls/0/hosts/0
        value: bakewise.ai
      - op: replace
        path: /spec/tls/0/secretName
        value: bakery-ia-prod-tls-cert
      - op: replace
        path: /spec/rules/0/host
        value: bakewise.ai
      - op: add
        path: /metadata/annotations/nginx.ingress.kubernetes.io~1cors-allow-origin
        value: "https://bakewise.ai,https://www.bakewise.ai,https://mail.bakewise.ai,https://registry.bakewise.ai,https://gitea.bakewise.ai"
      - op: add
        path: /metadata/annotations/nginx.ingress.kubernetes.io~1limit-rps
        value: "100"
      - op: add
        path: /metadata/annotations/nginx.ingress.kubernetes.io~1limit-connections
        value: "50"
      - op: add
        path: /metadata/annotations/cert-manager.io~1cluster-issuer
        value: "letsencrypt-production"
      - op: add
        path: /metadata/annotations/cert-manager.io~1acme-challenge-type
        value: "http01"
# NOTE: Gitea and Registry ingresses are managed by Gitea Helm chart
# See infrastructure/cicd/gitea/values-prod.yaml for production ingress configuration
# NOTE: mail.bakewise.ai is handled by separate mailu ingress