# echo-https must be created by the kube-client, because it's used in a test # that verifies `sectionName`, which is internally read from krt, # so it could be just a `model.ServiceInstance` apiVersion: gateway.networking.k8s.io/v1beta1 kind: GatewayClass metadata: name: higress spec: controllerName: higress.io/gateway-controller --- apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: name: gateway namespace: higress-system spec: addresses: - value: higress-gateway type: Hostname gatewayClassName: higress listeners: - name: default hostname: "*.domain.example" port: 80 protocol: HTTP --- apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: name: http namespace: higress-system spec: parentRefs: - name: gateway rules: - backendRefs: - name: echo-https namespace: default port: 80 --- apiVersion: v1 kind: Service metadata: name: echo-https namespace: default spec: ports: - name: http port: 80 protocol: TCP - name: https port: 443 protocol: TCP --- apiVersion: gateway.networking.k8s.io/v1 kind: BackendTLSPolicy metadata: name: tls-upstream-echo namespace: default spec: targetRefs: - kind: Service name: echo group: "" validation: caCertificateRefs: - kind: ConfigMap name: auth-cert group: "" hostname: auth.example.com --- apiVersion: gateway.networking.k8s.io/v1 kind: BackendTLSPolicy metadata: name: tls-upstream-echo-https-merged-rules namespace: default spec: targetRefs: - kind: Service name: echo-https group: "" - kind: Service name: echo-https group: "" sectionName: https - kind: Service name: echo-https group: "" sectionName: non-existing-port-name validation: caCertificateRefs: - kind: ConfigMap name: auth-cert group: "" hostname: auth.example.com --- apiVersion: gateway.networking.k8s.io/v1 kind: BackendTLSPolicy metadata: name: existing-status namespace: default spec: targetRefs: - kind: Service name: httpbin group: "" validation: caCertificateRefs: - kind: ConfigMap name: auth-cert group: "" hostname: auth.example.com status: ancestors: - ancestorRef: group: "" kind: Service name: httpbin conditions: - lastTransitionTime: 2000-01-01T01:01:01Z message: hello reason: Accepted status: "True" type: Accepted controllerName: example.com/some-other-controller --- apiVersion: gateway.networking.k8s.io/v1 kind: BackendTLSPolicy metadata: name: bad-service namespace: default spec: targetRefs: - kind: Service name: does-not-exist group: "" validation: caCertificateRefs: - kind: ConfigMap name: auth-cert group: "" hostname: auth.example.com --- apiVersion: gateway.networking.k8s.io/v1 kind: BackendTLSPolicy metadata: name: unknown-configmap namespace: default spec: targetRefs: - kind: Service name: httpbin-second group: "" validation: caCertificateRefs: - kind: ConfigMap name: does-not-exist group: "" hostname: auth.example.com --- apiVersion: gateway.networking.k8s.io/v1 kind: BackendTLSPolicy metadata: name: malformed-configmap namespace: default spec: targetRefs: - kind: Service name: httpbin-other group: "" validation: caCertificateRefs: - kind: ConfigMap name: malformed group: "" hostname: auth.example.com --- apiVersion: gateway.networking.k8s.io/v1 kind: BackendTLSPolicy metadata: name: bad-configmap-type namespace: default spec: targetRefs: - kind: Service name: foo-svc group: "" validation: caCertificateRefs: - kind: UnknownKind name: blah group: "" hostname: auth.example.com --- # ServiceEntry with multiple hosts for testing multiple DestinationRules apiVersion: networking.istio.io/v1 kind: ServiceEntry metadata: name: multi-host-service namespace: default spec: hosts: - api.example.com - cdn.example.com ports: - number: 443 name: https protocol: HTTPS - number: 8443 name: tls protocol: TLS resolution: DNS --- apiVersion: gateway.networking.k8s.io/v1 kind: BackendTLSPolicy metadata: name: multi-host-service-entry namespace: default spec: targetRefs: - kind: ServiceEntry name: multi-host-service group: networking.istio.io validation: wellKnownCACertificates: System hostname: cdn.example.com --- apiVersion: gateway.networking.k8s.io/v1 kind: BackendTLSPolicy metadata: name: multi-host-service-entry-section-name namespace: default spec: targetRefs: - kind: ServiceEntry name: multi-host-service group: networking.istio.io sectionName: tls validation: caCertificateRefs: - kind: ConfigMap name: auth-cert group: "" hostname: api.example.com --- # Simple ServiceEntry with 2 ports for testing sectionName apiVersion: networking.istio.io/v1 kind: ServiceEntry metadata: name: external-service namespace: default spec: hosts: - external.example.com ports: - number: 80 name: http protocol: HTTP - number: 443 name: https protocol: HTTPS resolution: DNS --- apiVersion: gateway.networking.k8s.io/v1 kind: BackendTLSPolicy metadata: name: tls-external-service-https namespace: default spec: targetRefs: - kind: ServiceEntry name: external-service group: networking.istio.io sectionName: https - kind: ServiceEntry name: external-service group: networking.istio.io sectionName: non-existing-port-name validation: wellKnownCACertificates: System hostname: external.example.com