apiVersion: v1
kind: ServiceAccount
metadata:
  name: mpc-server-party
  namespace: mpc-system
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: mpc-server-party
  namespace: mpc-system
  labels:
    app: mpc-server-party
    component: compute
spec:
  replicas: 3  # Start with 3 parties, can scale up/down dynamically
  selector:
    matchLabels:
      app: mpc-server-party
  template:
    metadata:
      labels:
        app: mpc-server-party
        component: compute
        party-role: persistent  # Party role: persistent, delegate, or temporary
    spec:
      serviceAccountName: mpc-server-party
      containers:
      - name: server-party
        image: mpc-system/server-party:latest
        imagePullPolicy: IfNotPresent
        ports:
        - name: grpc
          containerPort: 50051
          protocol: TCP
        - name: http
          containerPort: 8080
          protocol: TCP
        env:
        - name: MPC_SERVER_GRPC_PORT
          value: "50051"
        - name: MPC_SERVER_HTTP_PORT
          value: "8080"
        - name: MPC_SERVER_ENVIRONMENT
          valueFrom:
            configMapKeyRef:
              name: mpc-config
              key: environment
        - name: MPC_DATABASE_HOST
          valueFrom:
            configMapKeyRef:
              name: mpc-config
              key: postgres_host
        - name: MPC_DATABASE_PORT
          value: "5432"
        - name: MPC_DATABASE_USER
          valueFrom:
            secretKeyRef:
              name: mpc-secrets
              key: postgres_user
        - name: MPC_DATABASE_PASSWORD
          valueFrom:
            secretKeyRef:
              name: mpc-secrets
              key: postgres_password
        - name: MPC_DATABASE_DBNAME
          value: "mpc_system"
        - name: MPC_DATABASE_SSLMODE
          value: "disable"
        - name: SESSION_COORDINATOR_ADDR
          value: "mpc-session-coordinator:50051"
        - name: MESSAGE_ROUTER_ADDR
          value: "mpc-message-router:50051"
        - name: MPC_CRYPTO_MASTER_KEY
          valueFrom:
            secretKeyRef:
              name: mpc-secrets
              key: crypto_master_key
        - name: PARTY_ID
          valueFrom:
            fieldRef:
              fieldPath: metadata.name  # Use pod name as unique party ID
        resources:
          requests:
            memory: "256Mi"
            cpu: "250m"
          limits:
            memory: "512Mi"
            cpu: "500m"
        livenessProbe:
          httpGet:
            path: /health
            port: 8080
          initialDelaySeconds: 30
          periodSeconds: 10
          timeoutSeconds: 5
          failureThreshold: 3
        readinessProbe:
          httpGet:
            path: /health
            port: 8080
          initialDelaySeconds: 10
          periodSeconds: 5
          timeoutSeconds: 3
          failureThreshold: 2
---
apiVersion: v1
kind: Service
metadata:
  name: mpc-server-party
  namespace: mpc-system
  labels:
    app: mpc-server-party
spec:
  selector:
    app: mpc-server-party
  clusterIP: None  # Headless service for service discovery
  ports:
  - name: grpc
    port: 50051
    targetPort: 50051
    protocol: TCP
  - name: http
    port: 8080
    targetPort: 8080
    protocol: TCP