# =============================================================================
# GAMILIT Frontend - Kubernetes Deployment
# =============================================================================
# Purpose: Deploys GAMILIT frontend SPA (React + Vite) with nginx
# Namespace: gamilit-production
# Replicas: 2 (min) - 5 (max with HPA)
# Resources: CPU 100m-200m, Memory 128Mi-256Mi per pod
# =============================================================================

apiVersion: apps/v1
kind: Deployment
metadata:
  name: gamilit-frontend
  namespace: gamilit-production
  labels:
    app: gamilit
    component: frontend
    tier: web
    version: v1.0.0
  annotations:
    deployment.kubernetes.io/revision: "1"
spec:
  replicas: 2
  revisionHistoryLimit: 10

  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 0

  selector:
    matchLabels:
      app: gamilit
      component: frontend
      tier: web

  template:
    metadata:
      labels:
        app: gamilit
        component: frontend
        tier: web
        version: v1.0.0

    spec:
      securityContext:
        runAsNonRoot: true
        runAsUser: 101  # nginx user
        fsGroup: 101

      containers:
        - name: frontend
          image: ghcr.io/gamilit/frontend:1.0.0
          imagePullPolicy: Always

          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
            runAsNonRoot: true
            runAsUser: 101
            capabilities:
              drop:
                - ALL
              add:
                - NET_BIND_SERVICE

          ports:
            - name: http
              containerPort: 80
              protocol: TCP

          resources:
            requests:
              cpu: 100m
              memory: 128Mi
            limits:
              cpu: 200m
              memory: 256Mi

          livenessProbe:
            httpGet:
              path: /
              port: http
            initialDelaySeconds: 10
            periodSeconds: 10
            timeoutSeconds: 3
            failureThreshold: 3

          readinessProbe:
            httpGet:
              path: /
              port: http
            initialDelaySeconds: 5
            periodSeconds: 5
            timeoutSeconds: 2
            failureThreshold: 2

          volumeMounts:
            - name: nginx-cache
              mountPath: /var/cache/nginx
            - name: nginx-run
              mountPath: /var/run

      volumes:
        - name: nginx-cache
          emptyDir: {}
        - name: nginx-run
          emptyDir: {}

      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
            - weight: 100
              podAffinityTerm:
                labelSelector:
                  matchExpressions:
                    - key: component
                      operator: In
                      values:
                        - frontend
                topologyKey: kubernetes.io/hostname