64 lines
1.4 KiB
YAML
64 lines
1.4 KiB
YAML
# Example: Traefik with Let's Encrypt
|
|
# Deploy with: helm install rdp-web-gateway ./chart/rdp-web-gateway -f examples/traefik-letsencrypt.yaml
|
|
|
|
# Disable LoadBalancer, use IngressRoute instead
|
|
service:
|
|
type: ClusterIP
|
|
port: 80
|
|
targetPort: 8080
|
|
|
|
# Enable Traefik IngressRoute
|
|
traefik:
|
|
enabled: true
|
|
host: rdp.yourdomain.com
|
|
entryPoints:
|
|
- websecure # HTTPS entry point
|
|
tls:
|
|
enabled: true
|
|
certResolver: letsencrypt # Must match your Traefik certResolver name
|
|
# Optional: Add middlewares
|
|
# middlewares:
|
|
# - name: redirect-to-https
|
|
# - name: rate-limit
|
|
|
|
# RDP Broker connection (internal ClusterIP)
|
|
config:
|
|
rdpBroker:
|
|
host: "rdpbroker" # Kubernetes service name
|
|
port: 3389
|
|
server:
|
|
port: 8080
|
|
|
|
# Recommended: Enable network policies for security
|
|
networkPolicy:
|
|
enabled: true
|
|
policyTypes:
|
|
- Ingress
|
|
- Egress
|
|
ingress:
|
|
# Allow traffic from Traefik
|
|
- from:
|
|
- namespaceSelector:
|
|
matchLabels:
|
|
name: traefik # Adjust to your Traefik namespace
|
|
ports:
|
|
- protocol: TCP
|
|
port: 8080
|
|
egress:
|
|
# Allow traffic to RdpBroker
|
|
- to:
|
|
- podSelector:
|
|
matchLabels:
|
|
app: rdpbroker
|
|
ports:
|
|
- protocol: TCP
|
|
port: 3389
|
|
# Allow DNS resolution
|
|
- to:
|
|
- namespaceSelector:
|
|
matchLabels:
|
|
name: kube-system
|
|
ports:
|
|
- protocol: UDP
|
|
port: 53
|