# Patch: production Pingora overrides
#
# DOMAIN_SUFFIX and ACME_EMAIL are substituted by sed at deploy time.
# See overlays/production/kustomization.yaml for the deploy command.

# Production config: routes only (TLS and telemetry are the same as base).
# The cert is issued by cert-manager via the ClusterIssuer defined in
# cert-manager.yaml and stored in the pingora-tls Secret.  The proxy fetches
# it from the K8s API on startup and on renewal — no acme-cache PVC needed.
apiVersion: v1
kind: ConfigMap
metadata:
  name: pingora-config
  namespace: ingress
data:
  config.toml: |
    [listen]
    http  = "0.0.0.0:80"
    https = "0.0.0.0:443"

    [tls]
    cert_path = "/etc/tls/tls.crt"
    key_path  = "/etc/tls/tls.key"

    [telemetry]
    otlp_endpoint = ""

    [[routes]]
    host_prefix = "docs"
    backend     = "http://docs.lasuite.svc.cluster.local:8000"
    websocket   = true

    [[routes]]
    host_prefix = "meet"
    backend     = "http://meet.lasuite.svc.cluster.local:8000"
    websocket   = true

    [[routes]]
    host_prefix = "drive"
    backend     = "http://drive.lasuite.svc.cluster.local:8000"

    [[routes]]
    host_prefix = "mail"
    backend     = "http://messages.lasuite.svc.cluster.local:8000"

    [[routes]]
    host_prefix = "chat"
    backend     = "http://conversations.lasuite.svc.cluster.local:8000"
    websocket   = true

    [[routes]]
    host_prefix = "people"
    backend     = "http://people.lasuite.svc.cluster.local:8000"

    [[routes]]
    host_prefix = "src"
    backend     = "http://gitea.devtools.svc.cluster.local:3000"
    websocket   = true

    [[routes]]
    host_prefix = "auth"
    backend     = "http://hydra-public.ory.svc.cluster.local:4444"

    [[routes]]
    host_prefix = "s3"
    backend     = "http://seaweedfs-filer.storage.svc.cluster.local:8333"