# ==========================================
# Helm Values - shop-recycle (PROD环境)
# 生产环境配置（高可用、安全）
# ==========================================

environment: prod

replicaCount: 3

gateway:
  replicaCount: 3
  
  resources:
    requests:
      memory: "1Gi"
      cpu: "1000m"
    limits:
      memory: "2Gi"
      cpu: "2000m"
  
  javaOpts: "-Xms1g -Xmx2g -XX:+UseG1GC -XX:MaxGCPauseMillis=200 -XX:+ParallelRefProcEnabled"
  
  livenessProbe:
    httpGet:
      path: /health
      port: 8080
    initialDelaySeconds: 60
    periodSeconds: 10
    timeoutSeconds: 5
    failureThreshold: 3
  
  readinessProbe:
    httpGet:
      path: /health
      port: 8080
    initialDelaySeconds: 30
    periodSeconds: 5
    timeoutSeconds: 3
    failureThreshold: 2
  
  ingress:
    enabled: true
    className: "nginx"
    annotations:
      cert-manager.io/cluster-issuer: "letsencrypt-prod"
      nginx.ingress.kubernetes.io/ssl-redirect: "true"
      nginx.ingress.kubernetes.io/rate-limit: "500"
      nginx.ingress.kubernetes.io/auth-type: "basic"
      # nginx.ingress.kubernetes.io/auth-secret: "basic-auth"
      # nginx.ingress.kubernetes.io/auth-realm: "Authentication Required"
    hosts:
      - host: "gateway.example.com"
        paths:
          - path: /
            pathType: Prefix
      - host: "api.example.com"
        paths:
          - path: /
            pathType: Prefix
    tls:
      - secretName: gateway-tls-prod
        hosts:
          - "gateway.example.com"
          - "api.example.com"

orderService:
  replicaCount: 3
  
  resources:
    requests:
      memory: "1Gi"
      cpu: "1000m"
    limits:
      memory: "2Gi"
      cpu: "2000m"

paymentService:
  replicaCount: 3
  
  resources:
    requests:
      memory: "1Gi"
      cpu: "1000m"
    limits:
      memory: "2Gi"
      cpu: "2000m"

# 生产级安全配置
networkPolicy:
  enabled: true
  policyTypes:
    - Ingress
    - Egress

podSecurityPolicy:
  enabled: true

rbac:
  create: true

# 节点亲和性 - 使用专用节点池
affinity:
  nodeAffinity:
    requiredDuringSchedulingIgnoredDuringExecution:
      nodeSelectorTerms:
        - matchExpressions:
            - key: node-role.kubernetes.io/application
              operator: In
              values:
                - "true"
  podAntiAffinity:
    requiredDuringSchedulingIgnoredDuringExecution:
      - labelSelector:
          matchExpressions:
            - key: app
              operator: In
              values:
                - shop-recycle-gateway
        topologyKey: kubernetes.io/hostname

tolerations:
  - key: "production"
    operator: "Equal"
    value: "true"
    effect: "NoSchedule"

# 监控和日志
monitoring:
  enabled: true
  serviceMonitor:
    enabled: true
    interval: 15s

logging:
  level: WARN
  format: json