---
apiVersion: v1
kind: Namespace
metadata:
  name: umami

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: umami-postgres-data
  namespace: umami
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 5Gi

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: postgres
  namespace: umami
  labels:
    app: postgres
spec:
  replicas: 1
  selector:
    matchLabels:
      app: postgres
  template:
    metadata:
      labels:
        app: postgres
    spec:
      containers:
        - name: postgres
          image: postgres:15-alpine
          imagePullPolicy: IfNotPresent
          env:
            - name: POSTGRES_DB
              value: "umami"
            - name: POSTGRES_USER
              value: "umami"
            - name: POSTGRES_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: umami-secrets
                  key: postgres-password
          volumeMounts:
            - name: postgres-data
              mountPath: /var/lib/postgresql/data
          resources:
            requests:
              memory: "128Mi"
              cpu: "100m"
            limits:
              memory: "256Mi"
              cpu: "500m"
      volumes:
        - name: postgres-data
          persistentVolumeClaim:
            claimName: umami-postgres-data

---
apiVersion: v1
kind: Service
metadata:
  name: postgres
  namespace: umami
spec:
  selector:
    app: postgres
  ports:
    - port: 5432
      targetPort: 5432

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: umami
  namespace: umami
  labels:
    app: umami
spec:
  replicas: 1
  selector:
    matchLabels:
      app: umami
  template:
    metadata:
      labels:
        app: umami
    spec:
      initContainers:
        - name: wait-for-postgres
          image: busybox:1.36
          command:
            - sh
            - -c
            - |
              until nc -z postgres 5432; do
                echo "waiting for postgres..."; sleep 2
              done
      containers:
        - name: umami
          image: ghcr.io/umami-software/umami:postgresql-latest
          imagePullPolicy: Always
          env:
            - name: DATABASE_URL
              valueFrom:
                secretKeyRef:
                  name: umami-secrets
                  key: database-url
            - name: APP_SECRET
              valueFrom:
                secretKeyRef:
                  name: umami-secrets
                  key: app-secret
          ports:
            - containerPort: 3000
          resources:
            requests:
              memory: "128Mi"
              cpu: "100m"
            limits:
              memory: "512Mi"
              cpu: "500m"

---
apiVersion: v1
kind: Service
metadata:
  name: umami
  namespace: umami
spec:
  selector:
    app: umami
  ports:
    - port: 80
      targetPort: 3000

---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: umami
  namespace: umami
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
  ingressClassName: traefik
  rules:
    - host: umami.chemavx.xyz
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: umami
                port:
                  number: 80
  tls:
    - hosts:
        - umami.chemavx.xyz
      secretName: umami-tls

# Secrets gestionados manualmente — NO añadir aquí para evitar que ArgoCD sobreescriba.
# Ver instrucciones de deploy en argocd-app.yaml