mirror of
https://github.com/alibaba/higress.git
synced 2026-05-23 12:17:30 +08:00
182 lines
3.9 KiB
YAML
182 lines
3.9 KiB
YAML
apiVersion: gateway.networking.k8s.io/v1beta1
|
|
kind: GatewayClass
|
|
metadata:
|
|
name: higress
|
|
spec:
|
|
controllerName: higress.io/gateway-controller
|
|
---
|
|
apiVersion: gateway.networking.k8s.io/v1beta1
|
|
kind: Gateway
|
|
metadata:
|
|
name: gateway
|
|
namespace: higress-system
|
|
spec:
|
|
# TODO: test per-port
|
|
tls:
|
|
frontend:
|
|
default:
|
|
validation:
|
|
caCertificateRefs:
|
|
- group: ""
|
|
kind: ConfigMap
|
|
name: my-cert-http
|
|
addresses:
|
|
- value: higress-gateway
|
|
type: Hostname
|
|
gatewayClassName: higress
|
|
listeners:
|
|
- name: passthrough
|
|
port: 34000
|
|
protocol: TLS
|
|
allowedRoutes:
|
|
namespaces:
|
|
from: All
|
|
tls:
|
|
mode: Passthrough
|
|
- name: terminate
|
|
hostname: "domain.example"
|
|
port: 34000
|
|
protocol: HTTPS
|
|
allowedRoutes:
|
|
namespaces:
|
|
from: All
|
|
tls:
|
|
mode: Terminate
|
|
certificateRefs:
|
|
- name: my-cert-http
|
|
- name: terminate-multi
|
|
hostname: "domainmulti.example"
|
|
port: 34000
|
|
protocol: HTTPS
|
|
allowedRoutes:
|
|
namespaces:
|
|
from: All
|
|
tls:
|
|
mode: Terminate
|
|
certificateRefs:
|
|
- name: my-cert-http
|
|
- name: my-cert-http2
|
|
- name: terminate-mtls
|
|
hostname: "other.example"
|
|
port: 34000
|
|
protocol: HTTPS
|
|
allowedRoutes:
|
|
namespaces:
|
|
from: All
|
|
tls:
|
|
mode: Terminate
|
|
certificateRefs:
|
|
- name: my-cert-http
|
|
options:
|
|
gateway.istio.io/tls-terminate-mode: MUTUAL
|
|
- name: terminate-mtls-frontendvalidation-configmap
|
|
hostname: "frontendvalidation-configmap.example"
|
|
port: 34000
|
|
protocol: HTTPS
|
|
allowedRoutes:
|
|
namespaces:
|
|
from: All
|
|
tls:
|
|
mode: Terminate
|
|
certificateRefs:
|
|
- name: my-cert-http
|
|
- name: terminate-mtls-frontendvalidation-secret
|
|
hostname: "frontendvalidation-secret.example"
|
|
port: 34000
|
|
protocol: HTTPS
|
|
allowedRoutes:
|
|
namespaces:
|
|
from: All
|
|
tls:
|
|
mode: Terminate
|
|
certificateRefs:
|
|
- name: my-cert-http
|
|
- name: terminate-istio-mtls
|
|
hostname: "egress.example"
|
|
port: 34000
|
|
protocol: HTTPS
|
|
allowedRoutes:
|
|
namespaces:
|
|
from: All
|
|
tls:
|
|
mode: Terminate
|
|
options:
|
|
gateway.istio.io/tls-terminate-mode: ISTIO_MUTUAL
|
|
- name: terminate-istio-builtin
|
|
hostname: "builtin.example"
|
|
port: 34000
|
|
protocol: HTTPS
|
|
allowedRoutes:
|
|
namespaces:
|
|
from: All
|
|
tls:
|
|
mode: Terminate
|
|
options:
|
|
gateway.istio.io/tls-terminate-mode: ISTIO_SIMPLE
|
|
---
|
|
apiVersion: gateway.networking.k8s.io/v1beta1
|
|
kind: Gateway
|
|
metadata:
|
|
name: gateway2
|
|
namespace: higress-system
|
|
spec:
|
|
addresses:
|
|
- value: higress-gateway
|
|
type: Hostname
|
|
gatewayClassName: higress
|
|
listeners:
|
|
- name: passthrough
|
|
port: 34000
|
|
protocol: TLS
|
|
allowedRoutes:
|
|
namespaces:
|
|
from: All
|
|
tls:
|
|
mode: Passthrough
|
|
---
|
|
apiVersion: gateway.networking.k8s.io/v1alpha2
|
|
kind: TLSRoute
|
|
metadata:
|
|
name: tls
|
|
namespace: default
|
|
spec:
|
|
parentRefs:
|
|
- name: gateway
|
|
namespace: higress-system
|
|
- name: gateway2
|
|
namespace: higress-system
|
|
rules:
|
|
- backendRefs:
|
|
- name: httpbin
|
|
port: 443
|
|
---
|
|
apiVersion: gateway.networking.k8s.io/v1alpha2
|
|
kind: TLSRoute
|
|
metadata:
|
|
name: tls-match
|
|
namespace: default
|
|
spec:
|
|
parentRefs:
|
|
- name: gateway
|
|
namespace: higress-system
|
|
hostnames:
|
|
- "foo.com"
|
|
rules:
|
|
- backendRefs:
|
|
- name: httpbin-foo
|
|
port: 443
|
|
---
|
|
apiVersion: gateway.networking.k8s.io/v1beta1
|
|
kind: HTTPRoute
|
|
metadata:
|
|
name: http
|
|
namespace: default
|
|
spec:
|
|
parentRefs:
|
|
- name: gateway
|
|
namespace: higress-system
|
|
hostnames: ["domain.example"]
|
|
rules:
|
|
- backendRefs:
|
|
- name: httpbin
|
|
port: 80 |