apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: annotations: internal.istio.io/gateway-semantics: gateway internal.istio.io/gateway-service: istio-ingressgateway.istio-system.svc.domain.suffix internal.istio.io/parents: Gateway/gateway/default.istio-system name: gateway-istio-autogenerated-k8s-gateway-default namespace: istio-system spec: servers: - hosts: - allowed-1/*.domain.example - allowed-2/*.domain.example port: name: default number: 80 protocol: HTTP --- apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: annotations: internal.istio.io/parents: HTTPRoute/http.allowed-1 internal.istio.io/route-semantics: gateway name: allowed-1~a-example.allowed-1.svc.domain.suffix namespace: allowed-1 spec: gateways: - mesh hosts: - a-example.allowed-1.svc.domain.suffix http: - match: - headers: my-header: exact: some-value uri: prefix: /foo name: allowed-1/http route: - destination: host: svc1.allowed-1.svc.domain.suffix port: number: 80 - match: - uri: regex: /foo((\/).*)? name: allowed-1/http route: - destination: host: svc2.allowed-1.svc.domain.suffix port: number: 80 --- apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: annotations: internal.istio.io/parents: HTTPRoute/http.allowed-1 internal.istio.io/route-semantics: gateway name: allowed-1~b-example.allowed-1.svc.domain.suffix namespace: allowed-1 spec: gateways: - mesh hosts: - b-example.allowed-1.svc.domain.suffix http: - match: - headers: my-header: exact: some-value uri: prefix: /foo name: allowed-1/http route: - destination: host: svc1.allowed-1.svc.domain.suffix port: number: 80 - match: - uri: regex: /foo((\/).*)? name: allowed-1/http route: - destination: host: svc2.allowed-1.svc.domain.suffix port: number: 80 --- apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: annotations: internal.istio.io/parents: HTTPRoute/http.allowed-1,HTTPRoute/http.allowed-2 internal.istio.io/route-semantics: gateway name: istio-system~gateway-istio-autogenerated-k8s-gateway-default~a.domain.example namespace: allowed-1 spec: gateways: - istio-system/gateway-istio-autogenerated-k8s-gateway-default hosts: - a.domain.example http: - match: - headers: my-header: exact: some-value queryParams: my-param: regex: some-value uri: exact: /baz name: allowed-2/http route: - destination: host: svc2.allowed-2.svc.domain.suffix port: number: 80 - match: - uri: prefix: /foo/bar name: allowed-2/http route: - destination: host: svc2.allowed-2.svc.domain.suffix port: number: 80 - match: - headers: my-header: exact: some-value uri: prefix: /foo name: allowed-1/http route: - destination: host: svc1.allowed-1.svc.domain.suffix port: number: 80 - match: - uri: prefix: /bar name: allowed-2/http route: - destination: host: svc2.allowed-2.svc.domain.suffix port: number: 80 - match: - method: exact: PATCH uri: prefix: / name: allowed-2/http route: - destination: host: svc2.allowed-2.svc.domain.suffix port: number: 80 - match: - uri: prefix: / name: allowed-2/http route: - destination: host: svc3.allowed-2.svc.domain.suffix port: number: 80 - match: - uri: regex: /foo((\/).*)? name: allowed-1/http route: - destination: host: svc2.allowed-1.svc.domain.suffix port: number: 80 --- apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: annotations: internal.istio.io/parents: HTTPRoute/http.allowed-1 internal.istio.io/route-semantics: gateway name: istio-system~gateway-istio-autogenerated-k8s-gateway-default~b.domain.example namespace: allowed-1 spec: gateways: - istio-system/gateway-istio-autogenerated-k8s-gateway-default hosts: - b.domain.example http: - match: - headers: my-header: exact: some-value uri: prefix: /foo name: allowed-1/http route: - destination: host: svc1.allowed-1.svc.domain.suffix port: number: 80 - match: - uri: regex: /foo((\/).*)? name: allowed-1/http route: - destination: host: svc2.allowed-1.svc.domain.suffix port: number: 80 --- apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: annotations: internal.istio.io/parents: HTTPRoute/http.allowed-2 internal.istio.io/route-semantics: gateway name: allowed-2~a-example.allowed-2.svc.domain.suffix namespace: allowed-2 spec: gateways: - mesh hosts: - a-example.allowed-2.svc.domain.suffix http: - match: - headers: my-header: exact: some-value queryParams: my-param: regex: some-value uri: exact: /baz name: allowed-2/http route: - destination: host: svc2.allowed-2.svc.domain.suffix port: number: 80 - match: - uri: prefix: /foo/bar name: allowed-2/http route: - destination: host: svc2.allowed-2.svc.domain.suffix port: number: 80 - match: - uri: prefix: /bar name: allowed-2/http route: - destination: host: svc2.allowed-2.svc.domain.suffix port: number: 80 - match: - method: exact: PATCH uri: prefix: / name: allowed-2/http route: - destination: host: svc2.allowed-2.svc.domain.suffix port: number: 80 - match: - uri: prefix: / name: allowed-2/http route: - destination: host: svc3.allowed-2.svc.domain.suffix port: number: 80 ---