Refactor xdatabase-proxy configuration and deployment settings

- Updated environment variables in development and production deployment YAML files to enhance configurability.
- Introduced new environment variables for TLS settings, including auto-generation and renewal options.
- Modified health check endpoint from /healthz to /health for consistency.
- Enhanced start-proxy-test and test-server scripts to align with new configuration standards.
- Added comprehensive README documentation detailing features, installation, configuration, and usage scenarios.
- Implemented a new configuration management system in config.go to handle environment variables and legacy support.
- Created a factory pattern for proxy and resolver creation, allowing for better separation of concerns and easier future extensions.
- Established TLS management with support for file-based, Kubernetes secret, and in-memory certificate handling.
- Added validation for configuration settings to ensure coherence and correctness.
- Introduced structured logging for better observability and debugging.

Author: hasirciogluhq

CHANGELOG.md

@@ -8,39 +8,33 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [Unreleased]
 
 ### Added
-- Multi-platform Docker build support for macOS, Linux (amd64, arm64, 386)
-- Automated TLS certificate creation in Kubernetes Secret when secret doesn't exist
-- Enhanced TLS configuration with three priority levels:
-  - File-based TLS (TLS_CERT_FILE + TLS_KEY_FILE)
-  - Kubernetes Secret TLS (TLS_SECRET_NAME)
-  - Memory-based TLS with self-signed generation
-- Static backend support for non-Kubernetes deployments via STATIC_BACKENDS environment variable
-- Health check and readiness endpoints on port 8080 (/health, /ready)
-- Debug logging mode with DEBUG environment variable
-- Comprehensive environment variable documentation in README
-- Go module caching in GitHub Actions for faster builds
-- Matrix testing strategy for Ubuntu and macOS platforms in CI/CD
-
-### Changed
-- Updated Dockerfile to explicitly set CGO_ENABLED=0 and GOOS=linux for cross-platform compatibility
-- Enhanced Dockerfile with ca-certificates, tzdata, health checks, and proper port exposure
-- Improved GitHub Actions workflow with separate test job for multiple platforms
-- Refactored TLS provider initialization logic for better multi-instance safety
-- Updated README.md with complete environment variable reference and usage examples
-- Improved logging for TLS provider selection and certificate operations
-
-### Fixed
-- macOS build compatibility issues with Docker and GitHub Actions
-- Multi-instance race condition in TLS certificate generation
-- Kubernetes Secret auto-creation now properly handles concurrent pod startups
-
-### Security
-- Self-signed certificates now only generated once at startup to prevent race conditions
-- Kubernetes Secret-based TLS provider automatically creates missing certificates securely
-
-## [2.0.0] - 2026-01-12
-
-### Added
+- **Runtime Environment Detection**: Auto-detect execution environment (Kubernetes/Container/VM)
+- **Flexible Discovery Modes**: 
+  - Kubernetes discovery from any runtime (in-cluster or remote with kubeconfig)
+  - Static backend configuration for non-Kubernetes deployments
+- **Enterprise TLS Management**:
+  - `TLS_AUTO_GENERATE`: Automatic self-signed certificate generation
+  - `TLS_AUTO_RENEW`: Automatic certificate renewal for expired/invalid certs
+  - `TLS_RENEWAL_THRESHOLD_DAYS`: Configurable renewal threshold
+  - Certificate expiration validation
+  - **Optional TLS**: `TLS_ENABLED` flag to make TLS completely optional
+- **Professional Configuration System**:
+  - Runtime-aware configuration (kubernetes/container/vm)
+  - Type-safe configuration with validation
+  - Smart auto-detection for all modes (runtime, discovery, TLS)
+- **Enhanced Environment Variables**:
+  - `DATABASE_TYPE`: Database type (postgresql)
+  - `RUNTIME`: Explicit runtime environment setting
+  - `DISCOVERY_MODE`: Explicit discovery mode
+  - `TLS_MODE`: Explicit TLS provider mode
+  - `TLS_ENABLED`: Enable/disable TLS
+  - `NAMESPACE`: Professional naming (replaces POD_NAMESPACE)
+- **Multi-Runtime Kubernetes Access**:
+  - Access Kubernetes from VM/Container using KUBECONFIG
+  - Support for multiple Kubernetes contexts
+  - Remote cluster discovery from non-Kubernetes environments
+- **Configuration Validation**: Comprehensive validation with helpful error messages
+- **Backward Compatibility**: Full support for legacy environment variables
 - New proxy manager component for advanced proxy infrastructure management
 - Comprehensive structured logger with improved console output formatting
 - Self-signed certificate generation capability for TLS
@@ -54,6 +48,24 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Filesystem-based TLS storage provider
 
 ### Changed
+- **Removed `PROXY_ENABLED`**: Proxy always runs when started (fail-fast on misconfiguration)
+- **Professional Configuration Architecture**:
+  - Type-safe enums for modes (RuntimeEnvironment, DiscoveryMode, TLSMode)
+  - Validation-first approach with clear error messages
+  - Smart defaults for all settings
+- **Improved Factory Pattern**:
+  - Runtime-aware resolver factory
+  - TLS factory with certificate lifecycle management
+  - Better error handling and logging
+- **Enhanced README**:
+  - Complete rewrite with enterprise focus
+  - Clear runtime scenarios and examples
+  - Professional documentation structure
+  - Architecture diagram
+- **Better Logging**:
+  - Runtime information in startup logs
+  - TLS mode and certificate status
+  - Discovery mode details
 - Merged main branch into development branch for latest stable features
 - Updated Docker CMD path to reflect new folder structure (`cmd/proxy`)
 - Refactored connection handler to improve error handling and lifecycle management for production environments
@@ -65,26 +77,47 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Restructured folder hierarchy for better organization
 - Updated GitHub usernames and repository references across all configuration files
 - Modified platform support in deployment workflow (amd64, arm64, 386)
+- **TLS Now Optional**: Proxy can run without TLS if `TLS_ENABLED=false`
+- Updated all Kubernetes deployment YAMLs to use new environment variable scheme
+- Updated test and development scripts to use new configuration format
 
-### Deprecated
+### Fixed
+- Multi-instance TLS certificate creation race conditions
+- Kubernetes discovery from non-Kubernetes runtimes
+- Certificate lifecycle management issues
+- Configuration validation edge cases
+- Connection lifecycle issues in production environments
+- Error response handling in connection handler
+- Binary file cleanup (removed `proxy` binary from tracking)
+- Certificate file management in repository
 
 ### Removed
+- `PROXY_ENABLED` environment variable (proxy always runs)
+- `POD_NAMESPACE` in favor of generic `NAMESPACE`
+- `POSTGRESQL_PROXY_ENABLED` in favor of `DATABASE_TYPE`
+- `TLS_ENABLE_SELF_SIGNED` in favor of `TLS_AUTO_GENERATE`
+- Unnecessary configuration complexity
 - Deleted old HTTP health check implementation (`cmd/proxy/internal/http/health.go`)
 - Removed legacy Kubernetes client implementation
 - Cleaned up old proxy server implementations and tests
 - Removed temporary binary and certificate files from repository root
 
-### Fixed
-- Connection lifecycle issues in production environments
-- Error response handling in connection handler
-- Binary file cleanup (removed `proxy` binary from tracking)
-- Certificate file management in repository
-
 ### Security
+- Enhanced certificate validation
+- Automatic certificate renewal prevents expired certs
+- Multi-instance safe certificate generation
+- Better TLS configuration validation
 - Enhanced TLS configuration with improved certificate management
 - Added self-signed certificate generation for development environments
 - Improved certificate storage security with filesystem provider
 
+### Architecture
+- **Configuration-Driven Design**: All behavior controlled by environment variables
+- **Runtime Awareness**: Detects and adapts to execution environment
+- **Fail-Fast Philosophy**: Clear errors on misconfiguration
+- **Production-Grade**: Enterprise-ready with proper validation and error handling
+- **Optional TLS**: Full support for non-TLS deployments
+
 ## [1.0.8] - 2025-07-07
 
 ### Fixed