# deployment/manifests/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: kakao-review-api
  labels:
    app: kakao-review-api
    version: v1
spec:
  replicas: 1
  selector:
    matchLabels:
      app: kakao-review-api
  template:
    metadata:
      labels:
        app: kakao-review-api
        version: v1
    spec:
      imagePullSecrets:
      - name: acr-secret
      containers:
      - name: api
        image: acrdigitalgarage03.azurecr.io/kakao-review-api:latest
        imagePullPolicy: Always
        ports:
        - containerPort: 19000
          name: http
        
        # 🔧 ConfigMap 환경 변수
        envFrom:
        - configMapRef:
            name: kakao-review-api-config
        
        # 🔧 Secret 환경 변수
        env:
        - name: EXTERNAL_API_KEY
          valueFrom:
            secretKeyRef:
              name: kakao-review-api-secret
              key: EXTERNAL_API_KEY
        - name: DB_USERNAME
          valueFrom:
            secretKeyRef:
              name: kakao-review-api-secret
              key: DB_USERNAME
        - name: DB_PASSWORD
          valueFrom:
            secretKeyRef:
              name: kakao-review-api-secret
              key: DB_PASSWORD
        - name: JWT_SECRET
          valueFrom:
            secretKeyRef:
              name: kakao-review-api-secret
              key: JWT_SECRET
        # 🔧 Chrome/ChromeDriver 환경 변수 (VM과 동일)
        - name: WDM_LOCAL
          value: "/tmp/.wdm"
        - name: WDM_LOG_LEVEL
          value: "0"
        - name: CHROME_BIN
          value: "/usr/bin/google-chrome"
        - name: CHROMEDRIVER_BIN
          value: "/usr/local/bin/chromedriver"
        - name: DISPLAY
          value: ":99"
        - name: DBUS_SESSION_BUS_ADDRESS
          value: "/dev/null"
        
        # 🔧 리소스 제한 (Chrome 실행에 충분한 리소스)
        resources:
          requests:
            memory: "2Gi"
            cpu: "1000m"
          limits:
            memory: "4Gi"
            cpu: "2000m"
        
        # 🔧 헬스 체크 (타임아웃 증가)
        livenessProbe:
          httpGet:
            path: /health
            port: 19000
          initialDelaySeconds: 60
          periodSeconds: 30
          timeoutSeconds: 15
          failureThreshold: 5
        
        readinessProbe:
          httpGet:
            path: /health
            port: 19000
          initialDelaySeconds: 30
          periodSeconds: 10
          timeoutSeconds: 10
          failureThreshold: 5
        
        # 🔧 간소화된 보안 컨텍스트 (AKS 호환)
        securityContext:
          runAsNonRoot: false
          runAsUser: 0
          allowPrivilegeEscalation: true
          readOnlyRootFilesystem: false
          capabilities:
            add:
            - SYS_ADMIN
            drop: []
        
        # 🔧 볼륨 마운트 (Chrome 실행 최적화)
        volumeMounts:
        - name: tmp-volume
          mountPath: /tmp
        - name: dev-shm
          mountPath: /dev/shm
      
      # 🔧 볼륨 정의 (간소화)
      volumes:
      - name: tmp-volume
        emptyDir: {}
      - name: dev-shm
        emptyDir:
          medium: Memory
          sizeLimit: 2Gi
      
      restartPolicy: Always
      
      # 🔧 Pod 레벨 보안 설정 제거 (AKS 호환을 위해)
      # securityContext: 제거