apiVersion: gateway.networking.k8s.io/v1beta1 kind: GatewayClass metadata: name: higress spec: controllerName: higress.io/gateway-controller --- apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: name: gateway namespace: higress-system spec: addresses: - value: higress-gateway type: Hostname gatewayClassName: higress listeners: - name: default hostname: "*.domain.example" port: 80 protocol: HTTP allowedRoutes: namespaces: from: All - name: foobar hostname: "*.foobar.example" port: 80 protocol: HTTP allowedRoutes: namespaces: from: All kinds: - kind: HTTPRoute - name: same-namespace hostname: "*.same-namespace.example" port: 80 protocol: HTTP - name: scope-route hostname: "*.scope-route.example" port: 80 protocol: HTTP allowedRoutes: namespaces: from: All kinds: - kind: TCPRoute - name: slctr-labels hostname: "*.slctr-labels.example" port: 80 protocol: HTTP allowedRoutes: namespaces: from: Selector selector: matchLabels: istio.io/test-name-part: group - name: slctr-expr-in-yes hostname: "*.slctr-expr-in-yes.example" port: 80 protocol: HTTP allowedRoutes: namespaces: from: Selector selector: matchExpressions: - key: istio.io/test-name-part operator: In values: - group - name: slctr-expr-in-no hostname: "*.slctr-expr-in-no.example" port: 80 protocol: HTTP allowedRoutes: namespaces: from: Selector selector: matchExpressions: - key: istio.io/test-name-part operator: In values: - public - name: slctr-expr-notin-yes hostname: "*.slctr-expr-notin-yes.example" port: 80 protocol: HTTP allowedRoutes: namespaces: from: Selector selector: matchExpressions: - key: istio.io/test-name-part operator: NotIn values: - private - key: istio.io/test-label-not-found operator: NotIn values: - irrelevant - name: slctr-expr-notin-no hostname: "*.slctr-expr-notin-no.example" port: 80 protocol: HTTP allowedRoutes: namespaces: from: Selector selector: matchExpressions: - key: istio.io/test-name-part operator: NotIn values: - group - key: istio.io/test-label-not-found operator: NotIn values: - irrelevant - name: slctr-expr-exists-yes hostname: "*.slctr-expr-exists-yes.example" port: 80 protocol: HTTP allowedRoutes: namespaces: from: Selector selector: matchExpressions: - key: istio.io/test-name-part operator: Exists - name: slctr-expr-exists-no hostname: "*.slctr-expr-exists-no.example" port: 80 protocol: HTTP allowedRoutes: namespaces: from: Selector selector: matchExpressions: - key: istio.io/test-name-public operator: Exists - name: slctr-expr-dne-yes hostname: "*.slctr-expr-dne-yes.example" port: 80 protocol: HTTP allowedRoutes: namespaces: from: Selector selector: matchExpressions: - key: istio.io/test-label-not-found operator: DoesNotExist - name: slctr-expr-dne-no hostname: "*.slctr-expr-dne-no.example" port: 80 protocol: HTTP allowedRoutes: namespaces: from: Selector selector: matchExpressions: - key: istio.io/test-name-part operator: DoesNotExist - name: slctr-combined-yes hostname: "*.slctr-combined-yes.example" port: 80 protocol: HTTP allowedRoutes: namespaces: from: Selector selector: matchLabels: istio.io/test-name-part: group matchExpressions: - key: istio.io/test-name-part operator: In values: - group - name: slctr-combined-no hostname: "*.slctr-combined-no.example" port: 80 protocol: HTTP allowedRoutes: namespaces: from: Selector selector: matchLabels: istio.io/test-name-part: public matchExpressions: - key: istio.io/test-name-part operator: In values: - group --- apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: name: section-name-cross-namespace namespace: default spec: parentRefs: - name: gateway namespace: higress-system sectionName: foobar hostnames: ["alpha.foobar.example"] rules: - backendRefs: - name: httpbin port: 80 --- apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: name: same-namespace-valid namespace: istio-system spec: parentRefs: - name: gateway namespace: higress-system sectionName: foobar - name: gateway namespace: higress-system sectionName: same-namespace rules: - backendRefs: - name: httpbin port: 81 --- apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: name: same-namespace-invalid namespace: default spec: parentRefs: - kind: Gateway name: gateway namespace: higress-system sectionName: same-namespace hostnames: ["foo.same.example"] rules: - backendRefs: - name: echo port: 80 --- apiVersion: gateway.networking.k8s.io/v1alpha2 kind: TCPRoute metadata: # Should not generate anything, the protocol is HTTP name: wrong-protocol namespace: default spec: parentRefs: - name: gateway namespace: higress-system sectionName: foobar rules: - backendRefs: - name: httpbin port: 82 --- apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: name: host-mismatch namespace: default spec: parentRefs: - name: gateway namespace: higress-system sectionName: foobar hostnames: ["no.match.example"] rules: - backendRefs: - name: httpbin port: 84 --- apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: name: bind-all namespace: default spec: parentRefs: - name: gateway namespace: higress-system rules: - backendRefs: - name: httpbin port: 85 --- apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: name: bind-cross-namespace namespace: group-namespace1 spec: parentRefs: - name: gateway namespace: higress-system sectionName: slctr-labels - name: gateway namespace: higress-system sectionName: slctr-expr-in-yes - name: gateway namespace: higress-system sectionName: slctr-expr-in-no - name: gateway namespace: higress-system sectionName: slctr-expr-notin-yes - name: gateway namespace: higress-system sectionName: slctr-expr-notin-no - name: gateway namespace: higress-system sectionName: slctr-expr-exists-yes - name: gateway namespace: higress-system sectionName: slctr-expr-exists-no - name: gateway namespace: higress-system sectionName: slctr-expr-dne-yes - name: gateway namespace: higress-system sectionName: slctr-expr-dne-no - name: gateway namespace: higress-system sectionName: slctr-combined-yes - name: gateway namespace: higress-system sectionName: slctr-combined-no rules: - backendRefs: - name: httpbin port: 86 --- apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: name: bind-cross-namespace namespace: group-namespace2 spec: parentRefs: - name: gateway namespace: higress-system sectionName: slctr-labels rules: - backendRefs: - name: httpbin port: 87 --- apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: name: invalid-bind-cross-namespace namespace: default spec: parentRefs: - name: gateway namespace: higress-system sectionName: slctr-labels rules: - backendRefs: - name: httpbin port: 87