feat: Configure production deployment with math-tables namespace and ingress

Changes made:

- Remove problematic configuration-snippet from base ingress

- Add namespace creation for math-tables

- Configure ingress with nginx class and letsencrypt-prod issuer

- Set production hostname to math-tables.cl1.parano.ch

- Reduce production replicas to 1

- Update copyright year in index.html

deploy/overlays/production/deployment-patch.yaml

@@ -0,0 +1,37 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: math-exercises-app
+  annotations:
+    # Production environment annotation
+    environment: production
+    # Security annotations
+    seccomp.security.alpha.kubernetes.io/pod: docker/default
+spec:
+  replicas: 1
+  template:
+    spec:
+      containers:
+      - name: math-exercises
+        env:
+        - name: ENVIRONMENT
+          value: production
+        - name: DEBUG
+          value: "false"
+        # Enhanced security for production
+        securityContext:
+          readOnlyRootFilesystem: true
+          allowPrivilegeEscalation: false
+          runAsNonRoot: true
+          runAsUser: 1000
+          capabilities:
+            drop:
+              - ALL
+        # Production resource settings
+        resources:
+          requests:
+            memory: "64Mi"
+            cpu: "250m"
+          limits:
+            memory: "128Mi"
+            cpu: "500m"

deploy/overlays/production/ingress-patch.yaml

@@ -0,0 +1,23 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: math-exercises-ingress
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+spec:
+  ingressClassName: nginx
+  tls:
+  - hosts:
+    - math-tables.cl1.parano.ch
+    secretName: math-exercises-tls
+  rules:
+  - host: math-tables.cl1.parano.ch
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: math-exercises-service
+            port:
+              number: 80

deploy/overlays/production/kustomization.yaml

@@ -0,0 +1,25 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: math-tables
+
+resources:
+- ../../base
+- namespace.yaml
+
+# Production-specific patches
+patchesStrategicMerge:
+- deployment-patch.yaml
+- security-patch.yaml
+- ingress-patch.yaml
+
+# Production-specific configurations
+images:
+- name: math-exercises
+  newName: harbor.cl1.parano.ch/library/math-exercice
+  newTag: 1.0.0
+
+# Production-specific labels
+commonLabels:
+  environment: production
+  security-level: high

deploy/overlays/production/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: math-tables

deploy/overlays/production/security-patch.yaml

@@ -0,0 +1,27 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: math-exercises-app
+spec:
+  template:
+    spec:
+      # Additional security context for production
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1000
+        fsGroup: 2000
+        seccompProfile:
+          type: RuntimeDefault
+      containers:
+      - name: math-exercises
+        # Additional security settings for production
+        securityContext:
+          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
+          runAsNonRoot: true
+          runAsUser: 1000
+          capabilities:
+            drop:
+              - ALL
+            add:
+              - NET_BIND_SERVICE