sigs.k8s.io/gateway-api@v1.0.0/conformance/tests/gateway-invalid-tls-certificateref.yaml

sigs.k8s.io/gateway-api@v1.0.0/conformance/tests/gateway-invalid-tls-certificateref.yaml (about)

     1  apiVersion: gateway.networking.k8s.io/v1
     2  kind: Gateway
     3  metadata:
     4    name: gateway-certificate-nonexistent-secret
     5    namespace: gateway-conformance-infra
     6  spec:
     7    gatewayClassName: "{GATEWAY_CLASS_NAME}"
     8    listeners:
     9      - name: https
    10        port: 443
    11        protocol: HTTPS
    12        allowedRoutes:
    13          namespaces:
    14            from: All
    15        tls:
    16          certificateRefs:
    17            - group: ""
    18              kind: Secret
    19              name: nonexistent-certificate
    20  ---
    21  apiVersion: gateway.networking.k8s.io/v1
    22  kind: Gateway
    23  metadata:
    24    name: gateway-certificate-unsupported-group
    25    namespace: gateway-conformance-infra
    26  spec:
    27    gatewayClassName: "{GATEWAY_CLASS_NAME}"
    28    listeners:
    29      - name: https
    30        port: 443
    31        protocol: HTTPS
    32        allowedRoutes:
    33          namespaces:
    34            from: All
    35        tls:
    36          certificateRefs:
    37            - group: wrong.group.company.io
    38              kind: Secret
    39              name: tls-validity-checks-certificate
    40  ---
    41  apiVersion: gateway.networking.k8s.io/v1
    42  kind: Gateway
    43  metadata:
    44    name: gateway-certificate-unsupported-kind
    45    namespace: gateway-conformance-infra
    46  spec:
    47    gatewayClassName: "{GATEWAY_CLASS_NAME}"
    48    listeners:
    49      - name: https
    50        port: 443
    51        protocol: HTTPS
    52        allowedRoutes:
    53          namespaces:
    54            from: All
    55        tls:
    56          certificateRefs:
    57            - group: ""
    58              kind: WrongKind
    59              name: tls-validity-checks-certificate
    60  ---
    61  apiVersion: gateway.networking.k8s.io/v1
    62  kind: Gateway
    63  metadata:
    64    name: gateway-certificate-malformed-secret
    65    namespace: gateway-conformance-infra
    66  spec:
    67    gatewayClassName: "{GATEWAY_CLASS_NAME}"
    68    listeners:
    69      - name: https
    70        port: 443
    71        protocol: HTTPS
    72        allowedRoutes:
    73          namespaces:
    74            from: All
    75        tls:
    76          certificateRefs:
    77            - group: ""
    78              kind: Secret
    79              name: malformed-certificate
    80  ---
    81  apiVersion: v1
    82  kind: Secret
    83  metadata:
    84    name: malformed-certificate
    85    namespace: gateway-conformance-infra
    86  data:
    87    # this certificate is invalid because contains an invalid pem (base64 of "Hello world"),
    88    # and the certificate and the key are identical
    89    tls.crt: SGVsbG8gd29ybGQK
    90    tls.key: SGVsbG8gd29ybGQK
    91  type: kubernetes.io/tls