# Example: Traefik with multiple middlewares and custom cert
# Deploy with: helm install rdp-web-gateway ./chart/rdp-web-gateway -f examples/traefik-advanced.yaml

service:
  type: ClusterIP
  port: 80
  targetPort: 8080

traefik:
  enabled: true
  host: rdp.yourdomain.com
  annotations:
    # Optional annotations
    kubernetes.io/ingress.class: traefik
  entryPoints:
    - web       # HTTP (will redirect to HTTPS)
    - websecure # HTTPS
  middlewares:
    # Redirect HTTP to HTTPS
    - name: redirect-to-https
    # Add security headers
    - name: security-headers
    # Rate limiting
    - name: rate-limit
  tls:
    enabled: true
    certResolver: letsencrypt
    # Specify multiple domains/SANs
    domains:
      - main: rdp.yourdomain.com
        sans:
          - www.rdp.yourdomain.com
          - rdp-gateway.yourdomain.com

config:
  rdpBroker:
    host: "rdpbroker"
    port: 3389
  server:
    port: 8080

# Production resource limits
resources:
  limits:
    cpu: 2000m
    memory: 2Gi
  requests:
    cpu: 500m
    memory: 512Mi

# Autoscaling for production
autoscaling:
  enabled: true
  minReplicas: 3
  maxReplicas: 20
  targetCPUUtilizationPercentage: 60
  targetMemoryUtilizationPercentage: 70

# Pod anti-affinity for high availability
affinity:
  podAntiAffinity:
    preferredDuringSchedulingIgnoredDuringExecution:
      - weight: 100
        podAffinityTerm:
          labelSelector:
            matchExpressions:
              - key: app.kubernetes.io/name
                operator: In
                values:
                  - rdp-web-gateway
          topologyKey: kubernetes.io/hostname