apiVersion: apps/v1
kind: Deployment
metadata:
  name: turbovault
  namespace: turbovault
  labels:
    app: turbovault
spec:
  replicas: 2
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 0
  selector:
    matchLabels:
      app: turbovault
  template:
    metadata:
      labels:
        app: turbovault
    spec:
      # Deploy to cloud nodes only
      nodeSelector:
        node-role: cloud
      # Pull images from private GitHub Container Registry
      imagePullSecrets:
      - name: ghcr-secret
      containers:
      - name: turbovault
        # UPDATE THIS: Replace with your registry path
        # Examples:
        #   - Gitea: gitea.kazcloud.dev/ryan/turbovault-app:latest
        #   - GitHub Container Registry: ghcr.io/ryankazokas/turbovault-app:latest
        #   - Docker Hub: docker.io/username/turbovault:latest
        image: ghcr.io/ryankazokas/turbovault-app:latest
        imagePullPolicy: Always
        ports:
        - containerPort: 3000
          name: http
          protocol: TCP
        env:
        # Load from ConfigMap
        - name: RAILS_ENV
          valueFrom:
            configMapKeyRef:
              name: turbovault-config
              key: RAILS_ENV
        - name: RAILS_LOG_TO_STDOUT
          valueFrom:
            configMapKeyRef:
              name: turbovault-config
              key: RAILS_LOG_TO_STDOUT
        - name: RAILS_SERVE_STATIC_FILES
          valueFrom:
            configMapKeyRef:
              name: turbovault-config
              key: RAILS_SERVE_STATIC_FILES
        - name: RAILS_MAX_THREADS
          valueFrom:
            configMapKeyRef:
              name: turbovault-config
              key: RAILS_MAX_THREADS
        - name: DATABASE_HOST
          valueFrom:
            configMapKeyRef:
              name: turbovault-config
              key: DATABASE_HOST
        - name: DATABASE_PORT
          valueFrom:
            configMapKeyRef:
              name: turbovault-config
              key: DATABASE_PORT
        - name: DATABASE_NAME
          valueFrom:
            configMapKeyRef:
              name: turbovault-config
              key: DATABASE_NAME
        - name: DATABASE_USERNAME
          valueFrom:
            configMapKeyRef:
              name: turbovault-config
              key: DATABASE_USERNAME
        # Load from Secrets
        - name: DATABASE_PASSWORD
          valueFrom:
            secretKeyRef:
              name: turbovault-secrets
              key: DATABASE_PASSWORD
        - name: SECRET_KEY_BASE
          valueFrom:
            secretKeyRef:
              name: turbovault-secrets
              key: SECRET_KEY_BASE
        - name: IGDB_CLIENT_ID
          valueFrom:
            secretKeyRef:
              name: turbovault-secrets
              key: IGDB_CLIENT_ID
              optional: true
        - name: IGDB_CLIENT_SECRET
          valueFrom:
            secretKeyRef:
              name: turbovault-secrets
              key: IGDB_CLIENT_SECRET
              optional: true
        resources:
          requests:
            memory: "512Mi"
            cpu: "250m"
          limits:
            memory: "1Gi"
            cpu: "1000m"
        livenessProbe:
          httpGet:
            path: /up
            port: 3000
          initialDelaySeconds: 30
          periodSeconds: 10
          timeoutSeconds: 5
          failureThreshold: 3
        readinessProbe:
          httpGet:
            path: /up
            port: 3000
          initialDelaySeconds: 10
          periodSeconds: 5
          timeoutSeconds: 3
          failureThreshold: 3
        volumeMounts:
        - name: storage
          mountPath: /app/storage
      volumes:
      - name: storage
        emptyDir: {}  # Replace with PersistentVolumeClaim for production