# deployment/manifests/deployment.yaml - Base Image 호환 버전
apiVersion: apps/v1
kind: Deployment
metadata:
  name: vector-api
  labels:
    app: vector-api
    version: v1.0.9
  annotations:
    deployment.kubernetes.io/revision: "9"
    description: "Vector DB API with Base Image Compatibility"
spec:
  replicas: 1
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 0
      maxSurge: 1
  selector:
    matchLabels:
      app: vector-api
  template:
    metadata:
      labels:
        app: vector-api
        version: v1.0.9
      annotations:
        prometheus.io/scrape: "true"
        prometheus.io/port: "8000"
        prometheus.io/path: "/metrics"
    spec:
      # 🔧 initContainer 제거 - Base Image 설정 그대로 사용
      
      containers:
      - name: vector-api
        image: acrdigitalgarage03.azurecr.io/vector-api:latest
        imagePullPolicy: Always

        # 🔧 컨테이너 포트
        ports:
        - name: http
          containerPort: 8000
          protocol: TCP

        # 🔧 환경변수 (ConfigMap만 사용, Poetry 설정 제외)
        envFrom:
        - configMapRef:
            name: vector-api-config
        env:
        - name: CLAUDE_API_KEY
          valueFrom:
            secretKeyRef:
              name: vector-api-secret
              key: CLAUDE_API_KEY
        - name: HOME
          value: "/home/appuser"
        - name: USER
          value: "appuser"
        # 🔧 Poetry 관련 환경변수 모두 제거 (Base Image 설정 유지)
        # ❌ 제거: POETRY_CONFIG_DIR, POETRY_DATA_DIR, POETRY_CACHE_DIR
        # ❌ 제거: POETRY_VENV_PATH, POETRY_VIRTUALENVS_IN_PROJECT

        # 🗂️ 볼륨 마운트 (단순화)
        volumeMounts:
        - name: vector-db-storage
          mountPath: /home/appuser/vectordb
        - name: tmp-volume
          mountPath: /tmp

        # 🔧 보안 컨텍스트
        securityContext:
          runAsNonRoot: true
          runAsUser: 1000
          runAsGroup: 1000
          allowPrivilegeEscalation: false
          readOnlyRootFilesystem: false
          capabilities:
            drop:
              - ALL

        # 🔧 리소스 설정
        resources:
          requests:
            memory: "2Gi"
            cpu: "500m"
          limits:
            memory: "4Gi"
            cpu: "1000m"

        # 🏥 헬스체크 (Base Image 가상환경 확인)
        livenessProbe:
          exec:
            command:
            - /bin/sh
            - -c
            - |
              # Base Image 가상환경 확인
              poetry run python -c "import fastapi; print('✅ 정상')" 2>/dev/null || exit 1
          initialDelaySeconds: 60
          periodSeconds: 30
          timeoutSeconds: 10
          failureThreshold: 3

        readinessProbe:
          exec:
            command:
            - /bin/sh
            - -c
            - |
              # Base Image 패키지 확인
              poetry run python -c "import fastapi, uvicorn, pydantic; print('✅ 준비됨')" 2>/dev/null || exit 1
          initialDelaySeconds: 30
          periodSeconds: 10
          timeoutSeconds: 5
          failureThreshold: 3

        startupProbe:
          exec:
            command:
            - /bin/sh
            - -c
            - |
              # Poetry 환경 확인
              poetry env info && poetry show | head -5
          initialDelaySeconds: 10
          periodSeconds: 5
          timeoutSeconds: 10
          failureThreshold: 12  # 60초 대기

      # 📦 볼륨 설정 (단순화)
      volumes:
      - name: vector-db-storage
        #emptyDir:
        #  sizeLimit: 10Gi
        persistentVolumeClaim:
          claimName: vector-db-pvc
      - name: tmp-volume
        emptyDir:
          sizeLimit: 500Mi
        
      # 🔐 ACR 접근
      imagePullSecrets:
      - name: acr-secret

      # 🎯 노드 선택
      nodeSelector:
        agentpool: aipool

      tolerations:
      - key: "dedicated"
        operator: "Equal"
        value: "aipool"
        effect: "NoSchedule"

      # 🔧 Pod 레벨 보안
      securityContext:
        runAsNonRoot: true
        runAsUser: 1000
        runAsGroup: 1000
        fsGroup: 1000

      restartPolicy: Always
      dnsPolicy: ClusterFirst
      terminationGracePeriodSeconds: 30