apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

metadata:
  name: rxminder-production

# Reference the base configuration
resources:
  - ../../base
  - namespace.yaml

# Override namespace for production
namespace: rxminder-prod

# Production-specific labels
labels:
  - pairs:
      environment: production
      tier: prod

# Production image tags and configurations
images:
  - name: frontend-image
    newName: gitea-http.taildb3494.ts.net/will/rxminder
    newTag: v1.0.0
  - name: couchdb-image
    newName: couchdb
    newTag: 3.3.2

# Production replicas - higher for availability
replicas:
  - name: rxminder-frontend
    count: 3
  - name: rxminder-couchdb
    count: 1

# Production resource patches
patchesStrategicMerge:
  - frontend-resources.yaml
  - couchdb-resources.yaml
  - ingress-prod.yaml

# Production secrets (to be created manually or via external secret management)
secretGenerator:
  - name: couchdb-secret
    behavior: replace
    literals:
      - username=admin
      # Note: In production, use external secret management like:
      # - Kubernetes External Secrets Operator
      # - HashiCorp Vault
      # - AWS Secrets Manager
      # This is just a placeholder
      - password=CHANGE_IN_PRODUCTION

# Production-specific patches for security and performance
patches:
  # Production-specific ConfigMap patches
  - target:
      kind: ConfigMap
      name: rxminder-config
    patch: |-
      - op: replace
        path: /data/NODE_ENV
        value: "production"
      - op: replace
        path: /data/LOG_LEVEL
        value: "warn"
      - op: add
        path: /data/ENABLE_MONITORING
        value: "true"
      - op: add
        path: /data/CACHE_TTL
        value: "3600"

  # Enable HTTPS redirect on ingress
  - target:
      kind: Ingress
      name: rxminder-ingress
    patch: |-
      - op: add
        path: /metadata/annotations/nginx.ingress.kubernetes.io~1ssl-redirect
        value: "true"
      - op: add
        path: /metadata/annotations/cert-manager.io~1cluster-issuer
        value: "letsencrypt-prod"

  # Add resource limits for production workloads
  - target:
      kind: Deployment
      name: rxminder-frontend
    patch: |-
      - op: replace
        path: /spec/template/spec/containers/0/resources
        value:
          requests:
            memory: "256Mi"
            cpu: "100m"
          limits:
            memory: "512Mi"
            cpu: "500m"

  # Production storage class and size
  - target:
      kind: StatefulSet
      name: rxminder-couchdb
    patch: |-
      - op: replace
        path: /spec/volumeClaimTemplates/0/spec/storageClassName
        value: "ssd"
      - op: replace
        path: /spec/volumeClaimTemplates/0/spec/resources/requests/storage
        value: "10Gi"

  # Production CouchDB resources
  - target:
      kind: StatefulSet
      name: rxminder-couchdb
    patch: |-
      - op: replace
        path: /spec/template/spec/containers/0/resources
        value:
          requests:
            memory: "512Mi"
            cpu: "200m"
          limits:
            memory: "1Gi"
            cpu: "1000m"