istio.io/istio@v0.0.0-20240520182934-d79c90f27776/pilot/pkg/config/kube/gateway/testdata/reference-policy-tls.yaml

istio.io/istio@v0.0.0-20240520182934-d79c90f27776/pilot/pkg/config/kube/gateway/testdata/reference-policy-tls.yaml (about)

     1  apiVersion: gateway.networking.k8s.io/v1beta1
     2  kind: GatewayClass
     3  metadata:
     4    name: istio
     5  spec:
     6    controllerName: istio.io/gateway-controller
     7  ---
     8  apiVersion: gateway.networking.k8s.io/v1beta1
     9  kind: Gateway
    10  metadata:
    11    name: gateway
    12    namespace: istio-system
    13  spec:
    14    addresses:
    15    - value: istio-ingressgateway
    16      type: Hostname
    17    gatewayClassName: istio
    18    listeners:
    19    - name: cross
    20      hostname: "cert1.domain.example"
    21      port: 443
    22      protocol: HTTPS
    23      allowedRoutes:
    24        namespaces:
    25          from: Selector
    26          selector:
    27            matchLabels:
    28              kubernetes.io/metadata.name: "cert"
    29      tls:
    30        mode: Terminate
    31        certificateRefs:
    32        - name: cert
    33          namespace: cert
    34  ---
    35  apiVersion: gateway.networking.k8s.io/v1beta1
    36  kind: ReferenceGrant
    37  metadata:
    38    name: allow-cert
    39    namespace: cert
    40  spec:
    41    from:
    42    - group: gateway.networking.k8s.io
    43      kind: Gateway
    44      namespace: istio-system
    45    to:
    46      - group: ""
    47        kind: Secret
    48  ---
    49  apiVersion: gateway.networking.k8s.io/v1beta1
    50  kind: HTTPRoute
    51  metadata:
    52    name: http
    53    namespace: cert
    54  spec:
    55    parentRefs:
    56    - name: gateway
    57      namespace: istio-system
    58    hostnames: ["cert1.domain.example"]
    59    rules:
    60    - backendRefs:
    61      - name: httpbin
    62        port: 80