apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
  name: gateway
  namespace: higress-system
spec:
  addresses:
  - value: higress-gateway
    type: Hostname
  gatewayClassName: higress
  listeners:
  - name: simple
    hostname: "*.domain.example"
    port: 80
    protocol: HTTP
    allowedRoutes:
      namespaces:
        from: All
---
apiVersion: inference.networking.k8s.io/v1
kind: InferencePool
metadata:
  name: my-ip
  namespace: inferencepool
spec:
  endpointPickerRef:
    failureMode: FailOpen
    group: ""
    kind: Service
    name: endpoint-picker-svc
    port:
      number: 9002
  selector:
    matchLabels:
      app: model-server
  targetPorts:
    - number: 3000
---
apiVersion: gateway.networking.k8s.io/v1beta1
kind: ReferenceGrant
metadata:
  name: allow-service-ip
  namespace: inferencepool
spec:
  from:
  - group: gateway.networking.k8s.io
    kind: HTTPRoute
    namespace: higress-system
  to:
  - group: inference.networking.k8s.io
    kind: InferencePool
    name: my-ip
---
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
  name: backend-allowed-ip
  namespace: higress-system
spec:
  parentRefs:
  - name: gateway
    namespace: higress-system
  hostnames: ["simple.domain.example"]
  rules:
  - backendRefs:
    - name: my-ip
      kind: InferencePool
      group: inference.networking.k8s.io
      namespace: inferencepool
      port: 80
---
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
  name: backend-not-allowed-ip
  namespace: higress-system
spec:
  parentRefs:
  - name: gateway
    namespace: higress-system
  hostnames: ["simple2.domain.example"]
  rules:
  - backendRefs:
    - name: my-ip
      kind: InferencePool
      group: inference.networking.k8s.io
      namespace: inferencepool
      port: 80
      weight: 1
    - name: httpbin
      namespace: default
      port: 80
      weight: 1