# Kind configuration for EveAI Dev Environment
# File: kind-dev-cluster.yaml
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
name: eveai-dev-cluster
networking:
  # API server configuration
  apiServerAddress: "127.0.0.1"
  apiServerPort: 3000

  # Pod subnet (avoid conflicts with host network)
  podSubnet: "10.244.0.0/16"
  serviceSubnet: "10.96.0.0/12"

nodes:
- role: control-plane
  kubeadmConfigPatches:
    - |
      kind: InitConfiguration
      nodeRegistration:
        kubeletExtraArgs:
          node-labels: "ingress-ready=true"
  # Minimal port mappings - only Ingress and essential monitoring
  extraPortMappings:
  # Ingress Controller - Main entry point (all app access via Ingress)
  - containerPort: 80
    hostPort: 3080
    protocol: TCP
  - containerPort: 443
    hostPort: 3443
    protocol: TCP

  # Essential monitoring ports (optional - for direct access)
  # Redis (for direct debugging if needed)
  - containerPort: 30006
    hostPort: 3006
    protocol: TCP

  # MinIO S3 API (for direct S3 access)
  - containerPort: 30008
    hostPort: 3008
    protocol: TCP

  # MinIO Console (for direct management)
  - containerPort: 30009
    hostPort: 3009
    protocol: TCP

  # Prometheus (for direct metrics access)
  - containerPort: 30010
    hostPort: 3010
    protocol: TCP

  # Grafana (for direct dashboard access)
  - containerPort: 30012
    hostPort: 3012
    protocol: TCP

  # Static files rsync access
  - containerPort: 30873
    hostPort: 3873
    protocol: TCP

  # Mount points for persistent data on host
  extraMounts:
  # MinIO data persistence
  - hostPath: $HOME/k8s-data/dev/minio
    containerPath: /mnt/minio-data
  # Application logs
  - hostPath: $HOME/k8s-data/dev/logs
    containerPath: /mnt/app-logs
  # Prometheus data
  - hostPath: $HOME/k8s-data/dev/prometheus
    containerPath: /mnt/prometheus-data
  # Grafana data
  - hostPath: $HOME/k8s-data/dev/grafana
    containerPath: /mnt/grafana-data
  # mkcert CA certificate
  - hostPath: $HOME/k8s-data/dev/certs
    containerPath: /usr/local/share/ca-certificates

# Configure registry access - temporarily disabled for testing
# containerdConfigPatches:
# - |-
#   [plugins."io.containerd.grpc.v1.cri".registry]
#     config_path = "/etc/containerd/certs.d"
#   [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
#     [plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry.ask-eve-ai-local.com"]
#       endpoint = ["https://registry.ask-eve-ai-local.com"]
#   [plugins."io.containerd.grpc.v1.cri".registry.configs]
#     [plugins."io.containerd.grpc.v1.cri".registry.configs."registry.ask-eve-ai-local.com".tls]
#       ca_file = "/usr/local/share/ca-certificates/mkcert-ca.crt"
#       insecure_skip_verify = false