jiazhizhong/higress
1
0
Fork 0
mirror of https://github.com/alibaba/higress.git synced 2026-04-22 04:27:26 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
ccb1539f433d3e07eed20d29ebb4a5204c47c369
higress/pkg/ingress/kube/gateway/istio/testdata/backend-tls-policy.yaml
EndlessSeeker ccb1539f43 Feat: upgrade gateway api to latest (#3160)
2025-11-26 10:15:00 +08:00

282 lines
5.8 KiB
YAML
Raw Blame History

# echo-https must be created by the kube-client, because it's used in a test
# that verifies `sectionName`, which is internally read from krt,
# so it could be just a `model.ServiceInstance`
apiVersion: gateway.networking.k8s.io/v1beta1
kind: GatewayClass
metadata:
name: higress
spec:
controllerName: higress.io/gateway-controller
---
apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
name: gateway
namespace: higress-system
spec:
addresses:
- value: higress-gateway
type: Hostname
gatewayClassName: higress
listeners:
- name: default
hostname: "*.domain.example"
port: 80
protocol: HTTP
---
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: http
namespace: higress-system
spec:
parentRefs:
- name: gateway
rules:
- backendRefs:
- name: echo-https
namespace: default
port: 80
---
apiVersion: v1
kind: Service
metadata:
name: echo-https
namespace: default
spec:
ports:
- name: http
port: 80
protocol: TCP
- name: https
port: 443
protocol: TCP
---
apiVersion: gateway.networking.k8s.io/v1
kind: BackendTLSPolicy
metadata:
name: tls-upstream-echo
namespace: default
spec:
targetRefs:
- kind: Service
name: echo
group: ""
validation:
caCertificateRefs:
- kind: ConfigMap
name: auth-cert
group: ""
hostname: auth.example.com
---
apiVersion: gateway.networking.k8s.io/v1
kind: BackendTLSPolicy
metadata:
name: tls-upstream-echo-https-merged-rules
namespace: default
spec:
targetRefs:
- kind: Service
name: echo-https
group: ""
- kind: Service
name: echo-https
group: ""
sectionName: https
- kind: Service
name: echo-https
group: ""
sectionName: non-existing-port-name
validation:
caCertificateRefs:
- kind: ConfigMap
name: auth-cert
group: ""
hostname: auth.example.com
---
apiVersion: gateway.networking.k8s.io/v1
kind: BackendTLSPolicy
metadata:
name: existing-status
namespace: default
spec:
targetRefs:
- kind: Service
name: httpbin
group: ""
validation:
caCertificateRefs:
- kind: ConfigMap
name: auth-cert
group: ""
hostname: auth.example.com
status:
ancestors:
- ancestorRef:
group: ""
kind: Service
name: httpbin
conditions:
- lastTransitionTime: 2000-01-01T01:01:01Z
message: hello
reason: Accepted
status: "True"
type: Accepted
controllerName: example.com/some-other-controller
---
apiVersion: gateway.networking.k8s.io/v1
kind: BackendTLSPolicy
metadata:
name: bad-service
namespace: default
spec:
targetRefs:
- kind: Service
name: does-not-exist
group: ""
validation:
caCertificateRefs:
- kind: ConfigMap
name: auth-cert
group: ""
hostname: auth.example.com
---
apiVersion: gateway.networking.k8s.io/v1
kind: BackendTLSPolicy
metadata:
name: unknown-configmap
namespace: default
spec:
targetRefs:
- kind: Service
name: httpbin-second
group: ""
validation:
caCertificateRefs:
- kind: ConfigMap
name: does-not-exist
group: ""
hostname: auth.example.com
---
apiVersion: gateway.networking.k8s.io/v1
kind: BackendTLSPolicy
metadata:
name: malformed-configmap
namespace: default
spec:
targetRefs:
- kind: Service
name: httpbin-other
group: ""
validation:
caCertificateRefs:
- kind: ConfigMap
name: malformed
group: ""
hostname: auth.example.com
---
apiVersion: gateway.networking.k8s.io/v1
kind: BackendTLSPolicy
metadata:
name: bad-configmap-type
namespace: default
spec:
targetRefs:
- kind: Service
name: foo-svc
group: ""
validation:
caCertificateRefs:
- kind: UnknownKind
name: blah
group: ""
hostname: auth.example.com
---
# ServiceEntry with multiple hosts for testing multiple DestinationRules
apiVersion: networking.istio.io/v1
kind: ServiceEntry
metadata:
name: multi-host-service
namespace: default
spec:
hosts:
- api.example.com
- cdn.example.com
ports:
- number: 443
name: https
protocol: HTTPS
- number: 8443
name: tls
protocol: TLS
resolution: DNS
---
apiVersion: gateway.networking.k8s.io/v1
kind: BackendTLSPolicy
metadata:
name: multi-host-service-entry
namespace: default
spec:
targetRefs:
- kind: ServiceEntry
name: multi-host-service
group: networking.istio.io
validation:
wellKnownCACertificates: System
hostname: cdn.example.com
---
apiVersion: gateway.networking.k8s.io/v1
kind: BackendTLSPolicy
metadata:
name: multi-host-service-entry-section-name
namespace: default
spec:
targetRefs:
- kind: ServiceEntry
name: multi-host-service
group: networking.istio.io
sectionName: tls
validation:
caCertificateRefs:
- kind: ConfigMap
name: auth-cert
group: ""
hostname: api.example.com
---
# Simple ServiceEntry with 2 ports for testing sectionName
apiVersion: networking.istio.io/v1
kind: ServiceEntry
metadata:
name: external-service
namespace: default
spec:
hosts:
- external.example.com
ports:
- number: 80
name: http
protocol: HTTP
- number: 443
name: https
protocol: HTTPS
resolution: DNS
---
apiVersion: gateway.networking.k8s.io/v1
kind: BackendTLSPolicy
metadata:
name: tls-external-service-https
namespace: default
spec:
targetRefs:
- kind: ServiceEntry
name: external-service
group: networking.istio.io
sectionName: https
- kind: ServiceEntry
name: external-service
group: networking.istio.io
sectionName: non-existing-port-name
validation:
wellKnownCACertificates: System
hostname: external.example.com
Reference in New Issue View Git Blame Copy Permalink