# Google Cloud Load Balancer Configuration
# This configuration uses GCP-native load balancing

apiVersion: v1
kind: Service
metadata:
  name: veza-backend-api-lb
  namespace: veza-production
  annotations:
    # Use GCP Load Balancer
    cloud.google.com/load-balancer-type: "Internal"  # or "External"
    cloud.google.com/backend-config: '{"default": "veza-backend-config"}'
    cloud.google.com/neg: '{"ingress": true}'
spec:
  type: LoadBalancer
  ports:
  - name: http
    port: 80
    targetPort: 8080
    protocol: TCP
  selector:
    app: veza-backend-api
---
# BackendConfig for GCP Load Balancer
apiVersion: cloud.google.com/v1
kind: BackendConfig
metadata:
  name: veza-backend-config
  namespace: veza-production
spec:
  # Health checks
  healthCheck:
    checkIntervalSec: 10
    timeoutSec: 5
    healthyThreshold: 2
    unhealthyThreshold: 3
    type: HTTP
    requestPath: /health
    port: 8080
  
  # Session affinity
  sessionAffinity:
    affinityType: "CLIENT_IP"
    affinityCookieTtlSec: 3600
  
  # Connection draining
  connectionDraining:
    drainingTimeoutSec: 60
  
  # Timeout
  timeoutSec: 60
  
  # IAP (Identity-Aware Proxy) - optional
  # iap:
  #   enabled: true
  #   oauthclientCredentials:
  #     secretName: iap-oauth-credentials
  
  # CDN - optional
  # cdn:
  #   enabled: true
  #   cachePolicy:
  #     includeHost: true
  #     includeProtocol: true
  #     includeQueryString: true
---
# FrontendConfig for SSL policies
apiVersion: networking.gke.io/v1beta1
kind: FrontendConfig
metadata:
  name: veza-frontend-config
  namespace: veza-production
spec:
  sslPolicy: "modern"
  redirectToHttps:
    enabled: true
    responseCodeName: "MOVED_PERMANENTLY_DEFAULT"
---
# Ingress for GCP Load Balancer
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: veza-ingress-gcp
  namespace: veza-production
  annotations:
    kubernetes.io/ingress.class: "gce"
    kubernetes.io/ingress.global-static-ip-name: "veza-static-ip"
    networking.gke.io/managed-certificates: "veza-ssl-cert"
    networking.gke.io/v1beta1.FrontendConfig: "veza-frontend-config"
spec:
  rules:
  - host: api.veza.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: veza-backend-api
            port:
              number: 8080
---
# ManagedCertificate for automatic SSL
apiVersion: networking.gke.io/v1
kind: ManagedCertificate
metadata:
  name: veza-ssl-cert
  namespace: veza-production
spec:
  domains:
  - api.veza.com
  - app.veza.com