apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

resources:
  - ../../base
  - gitea-service.yaml

namePrefix: prod-

patches:
  - target:
      kind: Ingress
      name: bakery-ingress
    patch: |-
      - op: replace
        path: /spec/tls/0/hosts/0
        value: bakewise.ai
      - op: replace
        path: /spec/tls/0/hosts/1
        value: gitea.bakewise.ai
      - op: replace
        path: /spec/tls/0/hosts/2
        value: registry.bakewise.ai
      - op: add
        path: /spec/tls/0/hosts/-
        value: mail.bakewise.ai
      - op: replace
        path: /spec/tls/0/secretName
        value: bakery-ia-prod-tls-cert
      - op: replace
        path: /spec/rules/0/host
        value: bakewise.ai
      - op: replace
        path: /spec/rules/1/host
        value: gitea.bakewise.ai
      - op: replace
        path: /spec/rules/2/host
        value: registry.bakewise.ai
      # Mail rule removed - mail ingress is deployed separately via mailu-helm
      - op: add
        path: /metadata/annotations/nginx.ingress.kubernetes.io~1cors-allow-origin
        value: "https://bakewise.ai,https://www.bakewise.ai,https://mail.bakewise.ai,https://registry.bakewise.ai,https://gitea.bakewise.ai"
      - op: add
        path: /metadata/annotations/nginx.ingress.kubernetes.io~1limit-rps
        value: "100"
      - op: add
        path: /metadata/annotations/nginx.ingress.kubernetes.io~1limit-connections
        value: "50"
      - op: add
        path: /metadata/annotations/cert-manager.io~1cluster-issuer
        value: "letsencrypt-production"
      - op: add
        path: /metadata/annotations/cert-manager.io~1acme-challenge-type
        value: "http01"