higress/pkg/ingress/kube/gateway/istio/testdata/reference-policy-tls.yaml

apiVersion: gateway.networking.k8s.io/v1alpha2
kind: GatewayClass
metadata:
  name: higress
spec:
  controllerName: higress.io/gateway-controller
---
apiVersion: gateway.networking.k8s.io/v1alpha2
kind: Gateway
metadata:
  name: gateway
  namespace: higress-system
spec:
  addresses:
  - value: higress-gateway
    type: Hostname
  gatewayClassName: higress
  listeners:
  - name: cross
    hostname: "cert1.domain.example"
    port: 443
    protocol: HTTPS
    allowedRoutes:
      namespaces:
        from: Selector
        selector:
          matchLabels:
            kubernetes.io/metadata.name: "cert"
    tls:
      mode: Terminate
      certificateRefs:
      - name: cert
        namespace: cert
---
apiVersion: gateway.networking.k8s.io/v1alpha2
kind: ReferenceGrant
metadata:
  name: allow-cert
  namespace: cert
spec:
  from:
  - group: gateway.networking.k8s.io
    kind: Gateway
    namespace: higress-system
  to:
    - group: ""
      kind: Secret
---
apiVersion: gateway.networking.k8s.io/v1alpha2
kind: HTTPRoute
metadata:
  name: http
  namespace: cert
spec:
  parentRefs:
  - name: gateway
    namespace: higress-system
  hostnames: ["cert1.domain.example"]
  rules:
  - backendRefs:
    - name: httpbin
      port: 80