apiVersion: gateway.networking.k8s.io/v1alpha2
kind: GatewayClass
metadata:
  name: higress
spec:
  controllerName: higress.io/gateway-controller
---
apiVersion: gateway.networking.k8s.io/v1alpha2
kind: Gateway
metadata:
  name: gateway
  namespace: higress-system
spec:
  addresses:
  - value: higress-gateway
    type: Hostname
  gatewayClassName: higress
  listeners:
  - name: passthrough
    port: 34000
    protocol: TLS
    allowedRoutes:
      namespaces:
        from: All
    tls:
      mode: Passthrough
  - name: terminate
    hostname: "domain.example"
    port: 34000
    protocol: HTTPS
    allowedRoutes:
      namespaces:
        from: All
    tls:
      mode: Terminate
      certificateRefs:
      - name: my-cert-http
  - name: terminate-mtls
    hostname: "other.example"
    port: 34000
    protocol: HTTPS
    allowedRoutes:
      namespaces:
        from: All
    tls:
      mode: Terminate
      certificateRefs:
      - name: my-cert-http
      options:
        gateway.higress.io/tls-terminate-mode: MUTUAL
---
apiVersion: gateway.networking.k8s.io/v1alpha2
kind: TLSRoute
metadata:
  name: tls
  namespace: default
spec:
  parentRefs:
  - name: gateway
    namespace: higress-system
  rules:
  - backendRefs:
    - name: httpbin
      port: 443
---
apiVersion: gateway.networking.k8s.io/v1alpha2
kind: TLSRoute
metadata:
  name: tls-match
  namespace: default
spec:
  parentRefs:
  - name: gateway
    namespace: higress-system
  hostnames:
  - "foo.com"
  rules:
  - backendRefs:
    - name: httpbin-foo
      port: 443
---
apiVersion: gateway.networking.k8s.io/v1alpha2
kind: HTTPRoute
metadata:
  name: http
  namespace: default
spec:
  parentRefs:
  - name: gateway
    namespace: higress-system
  hostnames: ["domain.example"]
  rules:
  - backendRefs:
    - name: httpbin
      port: 80