traefik:
  # Service configuration
  service:
    type: LoadBalancer
    annotations:
      io.cilium/lb-ipam-ips: "192.168.0.2"
  
  # Ports configuration
  ports:
    web:
      port: 80
      exposedPort: 80
      protocol: TCP
    websecure:
      port: 443
      exposedPort: 443
      protocol: TCP
      tls:
        enabled: true
    metrics:
      port: 9100
      expose:
        default: false
      protocol: TCP

  # Enable dashboard
  ingressRoute:
    dashboard:
      enabled: true
      matchRule: Host(`traefik.noxxos.nl`)
      entryPoints:
        - websecure
  
  # Global arguments
  globalArguments:
    - "--global.checknewversion=false"
    - "--global.sendanonymoususage=false"
  
  # Additional arguments
  additionalArguments:
    - "--api.dashboard=true"
    - "--log.level=INFO"
    - "--accesslog=true"
    - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
    - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
  
  # Providers
  providers:
    kubernetesCRD:
      enabled: true
      allowCrossNamespace: true
    kubernetesIngress:
      enabled: true
      publishedService:
        enabled: true
  
  # Resource limits
  resources:
    requests:
      cpu: "100m"
      memory: "128Mi"
    limits:
      cpu: "500m"
      memory: "512Mi"
  
  # Replicas
  deployment:
    replicas: 2
  
  # Metrics (Prometheus)
  metrics:
    prometheus:
      enabled: true
      addEntryPointsLabels: true
      addServicesLabels: true
  
  # Security
  securityContext:
    capabilities:
      drop: [ALL]
      add: [NET_BIND_SERVICE]
    readOnlyRootFilesystem: true
    runAsGroup: 65532
    runAsNonRoot: true
    runAsUser: 65532
  
  podSecurityContext:
    fsGroup: 65532