# Enhanced Ingress with Load Balancing Configuration
# This ingress includes load balancing annotations and optimizations

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: veza-ingress
  namespace: veza-production
  annotations:
    # Ingress class
    kubernetes.io/ingress.class: nginx
    
    # SSL/TLS
    cert-manager.io/cluster-issuer: letsencrypt-prod
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/ssl-protocols: "TLSv1.2 TLSv1.3"
    nginx.ingress.kubernetes.io/ssl-ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384"
    nginx.ingress.kubernetes.io/ssl-prefer-server-ciphers: "true"
    
    # Load Balancing
    nginx.ingress.kubernetes.io/load-balance: "round_robin"  # Options: round_robin, least_conn, ip_hash
    # nginx.ingress.kubernetes.io/upstream-hash-by: "$request_uri"  # For consistent hashing
    
    # Connection Keep-Alive
    nginx.ingress.kubernetes.io/upstream-keepalive-connections: "64"
    nginx.ingress.kubernetes.io/upstream-keepalive-timeout: "60"
    nginx.ingress.kubernetes.io/upstream-keepalive-requests: "100"
    
    # Health Checks
    nginx.ingress.kubernetes.io/health-check: "true"
    nginx.ingress.kubernetes.io/health-check-path: "/health"
    nginx.ingress.kubernetes.io/health-check-interval: "10s"
    nginx.ingress.kubernetes.io/health-check-timeout: "5s"
    nginx.ingress.kubernetes.io/health-check-expected-status: "200"
    
    # Circuit Breaker
    nginx.ingress.kubernetes.io/upstream-max-fails: "3"
    nginx.ingress.kubernetes.io/upstream-fail-timeout: "30s"
    
    # Rate Limiting
    nginx.ingress.kubernetes.io/limit-rps: "100"
    nginx.ingress.kubernetes.io/limit-connections: "10"
    
    # Timeouts
    nginx.ingress.kubernetes.io/proxy-connect-timeout: "60"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "60"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "60"
    
    # WebSocket Support (for chat and stream)
    nginx.ingress.kubernetes.io/proxy-set-headers: "veza-ws-headers"
    nginx.ingress.kubernetes.io/websocket-services: "veza-backend-api,veza-stream-server"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "86400"  # 24 hours for WebSocket
    nginx.ingress.kubernetes.io/proxy-send-timeout: "86400"
spec:
  tls:
  - hosts:
    - app.veza.com
    - api.veza.com
    - stream.veza.com
    secretName: veza-tls
  rules:
  # Frontend
  - host: app.veza.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: veza-frontend
            port:
              number: 80
  # Backend API
  - host: api.veza.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: veza-backend-api
            port:
              number: 8080
  # Stream Server
  - host: stream.veza.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: veza-stream-server
            port:
              number: 8080
---
# ConfigMap for custom headers
apiVersion: v1
kind: ConfigMap
metadata:
  name: veza-ws-headers
  namespace: veza-production
data:
  X-Forwarded-Proto: "https"
  X-Real-IP: "$remote_addr"
  X-Forwarded-For: "$proxy_add_x_forwarded_for"