# deployment/manifests/deployment.yaml.fixed
apiVersion: apps/v1
kind: Deployment
metadata:
  name: vector-api
  labels:
    app: vector-api
spec:
  replicas: 1
  selector:
    matchLabels:
      app: vector-api
  template:
    metadata:
      labels:
        app: vector-api
    spec:
      # 🔧 볼륨 권한 설정을 위한 initContainer
      initContainers:
      - name: volume-permissions
        image: busybox:1.35
        command:
        - /bin/sh
        - -c
        - |
          echo "=== 볼륨 권한 설정 시작 ==="
          mkdir -p /app/vectordb
          chown -R 1000:1000 /app/vectordb
          chmod -R 755 /app/vectordb
          echo "=== 볼륨 권한 설정 완료 ==="
        volumeMounts:
        - name: vector-db-storage
          mountPath: /app/vectordb
        securityContext:
          runAsUser: 0

      containers:
      - name: vector-api
        image: acrdigitalgarage03.azurecr.io/vector-api:latest
        imagePullPolicy: Always
        ports:
        - containerPort: 8000

        # 🔧 보안 컨텍스트
        securityContext:
          runAsNonRoot: true
          runAsUser: 1000
          runAsGroup: 1000
          allowPrivilegeEscalation: false
          readOnlyRootFilesystem: false

        # 🔧 리소스 설정
        resources:
          requests:
            memory: "4Gi"
            cpu: "1000m"
          limits:
            memory: "8Gi"
            cpu: "2000m"

        # 🏥 헬스체크 설정
        livenessProbe:
          httpGet:
            path: /health
            port: 8000
          initialDelaySeconds: 120
          periodSeconds: 30
          timeoutSeconds: 15
          failureThreshold: 3

        readinessProbe:
          httpGet:
            path: /health
            port: 8000
          initialDelaySeconds: 60
          periodSeconds: 10
          timeoutSeconds: 10
          failureThreshold: 3

        # 📂 볼륨 마운트
        volumeMounts:
        - name: vector-db-storage
          mountPath: /app/vectordb

        # ConfigMap 환경 변수
        envFrom:
        - configMapRef:
            name: vector-api-config

        # 🌍 환경변수 설정 (인증 필드 제거)
        env:
        - name: PYTHONUNBUFFERED
          value: "1"
        - name: PYTHONDONTWRITEBYTECODE
          value: "1"
        # 🔧 ChromaDB 기본 설정 (인증 필드 제거)
        - name: ANONYMIZED_TELEMETRY
          value: "False"
        - name: CHROMA_DB_IMPL
          value: "duckdb+parquet"
        - name: ALLOW_RESET
          value: "True"
        # 🔧 로그 레벨
        - name: LOG_LEVEL
          value: "info"
        # 🔧 Claude API (ConfigMap에서 가져오기)
        - name: CLAUDE_API_KEY
          valueFrom:
            secretKeyRef:
              name: vector-api-secret
              key: CLAUDE_API_KEY
        - name: CLAUDE_MODEL
          valueFrom:
            configMapKeyRef:
              name: vector-api-config
              key: CLAUDE_MODEL
        # 🔧 기타 설정 (ConfigMap에서 가져오기)
        - name: APP_TITLE
          valueFrom:
            configMapKeyRef:
              name: vector-api-config
              key: APP_TITLE
        - name: APP_VERSION
          valueFrom:
            configMapKeyRef:
              name: vector-api-config
              key: APP_VERSION

      # 📦 볼륨 설정
      volumes:
      - name: vector-db-storage
        persistentVolumeClaim:
          claimName: vector-db-pvc

      # 🔐 이미지 Pull Secret
      imagePullSecrets:
      - name: acr-secret

      # 🎯 노드 선택 및 배치 설정
      nodeSelector:
        agentpool: aipool

      tolerations:
      - key: "dedicated"
        operator: "Equal"
        value: "aipool"
        effect: "NoSchedule"

      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
          - weight: 100
            podAffinityTerm:
              labelSelector:
                matchExpressions:
                - key: app
                  operator: In
                  values:
                  - vector-api
              topologyKey: kubernetes.io/hostname

      restartPolicy: Always
      dnsPolicy: ClusterFirst