pleshakov/README.md

## README.md

      
    Raw
  

              README.md
            
          
    Steps:
kubectl apply -f cafe.yaml
kubectl apply -f full.yaml
kubectl apply -f wildcard.yaml
kubectl apply -f gateway.yaml
kubectl apply -f routes.yaml

GW_IP=XXX.YYY.ZZZ.III # public IP of the data plane
GW_HTTPS_PORT=<port number> # public HTTPS port

curl --resolve cafe.example.com:$GW_HTTPS_PORT:$GW_IP https://cafe.example.com:$GW_HTTPS_PORT/coffee --insecure
curl --resolve cafe.example.com:$GW_HTTPS_PORT:$GW_IP https://cafe.example.com:$GW_HTTPS_PORT/tea --insecure


## cafe.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: coffee
spec:
  replicas: 1
  selector:
    matchLabels:
      app: coffee
  template:
    metadata:
      labels:
        app: coffee
    spec:
      containers:
      - name: coffee
        image: nginxdemos/nginx-hello:plain-text
        ports:
        - containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
  name: coffee
spec:
  ports:
  - port: 80
    targetPort: 8080
    protocol: TCP
    name: http
  selector:
    app: coffee
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: tea
spec:
  replicas: 1
  selector:
    matchLabels:
      app: tea
  template:
    metadata:
      labels:
        app: tea
    spec:
      containers:
      - name: tea
        image: nginxdemos/nginx-hello:plain-text
        ports:
        - containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
  name: tea
spec:
  ports:
  - port: 80
    targetPort: 8080
    protocol: TCP
    name: http
  selector:
    app: tea

## full.yaml
apiVersion: v1
data:
  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURvVENDQW9tZ0F3SUJBZ0lVWGNJbWUxbFI3dVB5NHNjKzVibzZuSXhrdExZd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1lERUxNQWtHQTFVRUJoTUNWVk14RXpBUkJnTlZCQWdNQ2xOdmJXVXRVM1JoZEdVeElUQWZCZ05WQkFvTQpHRWx1ZEdWeWJtVjBJRmRwWkdkcGRITWdVSFI1SUV4MFpERVpNQmNHQTFVRUF3d1FZMkZtWlM1bGVHRnRjR3hsCkxtTnZiVEFlRncweU16QTVNVGd5TWpFd01UaGFGdzB5TkRBNU1UY3lNakV3TVRoYU1HQXhDekFKQmdOVkJBWVQKQWxWVE1STXdFUVlEVlFRSURBcFRiMjFsTFZOMFlYUmxNU0V3SHdZRFZRUUtEQmhKYm5SbGNtNWxkQ0JYYVdSbgphWFJ6SUZCMGVTQk1kR1F4R1RBWEJnTlZCQU1NRUdOaFptVXVaWGhoYlhCc1pTNWpiMjB3Z2dFaU1BMEdDU3FHClNJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUNSNU5IV0x0VnNiWVpUN1N6TFFwMFhyNTc2R2hBc1BnY0MKaENlWGtsTkI5bk1ZVjN4ckVYY1FJWmNtRDRaN0lXYWJSWXIzUGpkTm1wcEhBNEtkNEk4QmtGcUo1VmdSZ0ZaOApkUk0wQmdHc1c0WVVFNWNMRCtlaStESjhoU2x4d0tjMXZ1a1U0S3IyclpLdTdZZVJPZEVoV1AyUlNNcWk1RlZPCmp1UXRLWi9TdGhZc1VPallVMXBRTlBaNHZzQXlBQld6VWR6YmUvSXYxd0tQNGNOdWhqWlB4QU9CTHpmcFBTemQKR1VIQjgxR292a2RZckx2KzU5T2Z3WHJtTms5a2dnTXNzTnZhTkg3dFVWbGFVa3UzZzlxbE43dXRCRXRoYXVUeAozdWlpeFFMRDNXMm9zSDhmbEJHcFRRZUZGRHJTOFRaZUNRUi9QMk5mSEtXQjkrZGZ1WlQxQWdNQkFBR2pVekJSCk1CMEdBMVVkRGdRV0JCU2NnbEROOHI5Rjk1ZzBwZWFQS0ZGMUtiYVBqREFmQmdOVkhTTUVHREFXZ0JTY2dsRE4KOHI5Rjk1ZzBwZWFQS0ZGMUtiYVBqREFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHQ1NxR1NJYjNEUUVCQ3dVQQpBNElCQVFBSkNEd0dMSjVPWC9HUkVDeERsTmhwRUkxbG5jMGNoelhUc2FkWGhqOFBFNDRGQkQzZlBjb0pCbEt4CnpwTG5QcUNCODljdkdOWW5qS1NPNXZnQXYrbHZobTZuYUdPVzhQUExKM1pIM0d5VVVETnA4QVIxM1JyRnl4SjEKNU5GYVVtM0Z5VFJMVkVnZ0g3NmJSdVBxYTFCbndiNEI2UVBla0o4eEl6WXVWelY4bGJ1eEpGVlVmQTIwNXcrNgpvQ2F4MGZiZ1Z1dDNNQUhvWTA0VGNzZ3pWK0ZHUmRaRzM5V09uWTczNDZYaFQyNWF3OUhHTjlkNGd3SFJrWjlXClV1NnhPMTNzYW5oc2xUaHZZaWZOL3JyU1lCeXowdk10UlNmMXBvSndXcFJxUXA1RVo3ZTlrVUlCTnFUaXJlU3IKVmg5bXE2TVlNb2JNZWFKejlhbXdxMHdxMWEvMQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
  tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRQ1I1TkhXTHRWc2JZWlQKN1N6TFFwMFhyNTc2R2hBc1BnY0NoQ2VYa2xOQjluTVlWM3hyRVhjUUlaY21ENFo3SVdhYlJZcjNQamRObXBwSApBNEtkNEk4QmtGcUo1VmdSZ0ZaOGRSTTBCZ0dzVzRZVUU1Y0xEK2VpK0RKOGhTbHh3S2MxdnVrVTRLcjJyWkt1CjdZZVJPZEVoV1AyUlNNcWk1RlZPanVRdEtaL1N0aFlzVU9qWVUxcFFOUFo0dnNBeUFCV3pVZHpiZS9JdjF3S1AKNGNOdWhqWlB4QU9CTHpmcFBTemRHVUhCODFHb3ZrZFlyTHYrNTlPZndYcm1OazlrZ2dNc3NOdmFOSDd0VVZsYQpVa3UzZzlxbE43dXRCRXRoYXVUeDN1aWl4UUxEM1cyb3NIOGZsQkdwVFFlRkZEclM4VFplQ1FSL1AyTmZIS1dCCjkrZGZ1WlQxQWdNQkFBRUNnZ0VBUC9CYWpsWEVMMXJvemd0WjRGTDNhaFFMeG14NXZnb0pKRzhxc3VEc0lES1UKU295OCtHZVZHTHEvOVd4RWNkNDNpOEUwb0JyaVBkNk4wcVdWTHYvbGJMZ0pGZm92V0t3NE94OU1KVGFrc1JjRApjZlVMODBzckoxOURNUk5qRUhsd1RydTJodkhYdTNoaW1zdDY2SWpBUUs4eG9lU1cra0M3cWt3eGNDR1g2ODQ3CnZUOWxJbnl6a0hEaWtGdU84R0lYbjFPa0ZrRXU2aG5DVU1yQ21FQ1Y4SVZCQ1J1WmNxTGxjV3FiUTdCNVFFMGIKcm5CYzVnSG53VjQzdnJLUUU5Zm5rSE9WRmJxVmVuWlFGNTIwTVZrWjRzNkFWczI4aGtkaTRXcUo4TmdEVTA5Zwo5TkM5Y0crdkRNNzRrSDBja0V2MC9QaE1XODI2YkhpNWlSVEdQMFV1bVFLQmdRRE5sSVpmeDNNMUJJdUZxVm1ICjgzNnJaQXA2aWs5WWxJaWFWMUhUZ2pyZWo4bkNFRkFQSnQzazVNUi9sNUdJSlhoVnFjVkFTaVZvTjJGNTlEbXkKaTFDeGwzYUlDbWJNNWhLN3A3TXBBVVB0dHpwa2JXR2ErMDNrTE9nYldZUTN2bisrWkFURDhsRjdEWG1WWk5ueApLV0dMT0p1OWpEbE9uVzlBQVo3UGptL1dUd0tCZ1FDMXJObjRLTEZROFA2YXg0aHpSRW93cWxkRnRRclR1ZHFvCnFFQXdXdTRjWEloK1lvMCtXREozT1dDLzArUnRDc2lnaG5UZUdrV00xb3BRRmJVYS8vSllNWGFIdGFOR3h3VG8KZW9yc0xERjFJNjJoVzVGNW5vaVhPMk5DNkhDd3Jobmp5RFpGNDREeXpQamkyRWpjTGhOU0FmV1pWeWJsbGtkSgo3Um9lbTk1VGV3S0JnUUNMb2xCTENndmtmUHZQZzZGK1NCTkhrcUhUYmRKTEZraGFuT2pGUXZWOWFpamVHWHBuCmNEelRWZGRwMnFkTTFEYVI2TWhEekpqdjJuM28rY3VlekNXNUdtbTJLV3A5emQvM2VnYWsyV2tzTTRJRDZJK2QKVndnbTdhR1J3aEdlVTFRdEczNXBJVlBhd3VKTWFMM25vZlhSUEZmOFBSeEhtNE9POUFyTWE3RG0zUUtCZ1FDRApxMVVHZ0NlUzdEYjY0cVpJTkRRNDlSdnZUM2tiWGxYVmFxdXE0QncydmZIRzk1STZueDFrUDFlWmIrN2NBTGJMCmNPZCttVGZURFNLTlRFNUgxVHhGSXdRdTh6djA3Z1Rtb1BuU2xXejY0dkxTUVZVNytlUXhCeiszbkZNZ0dlNTEKb2dPRHY1RVRaKzd5S2FNVXdPZ0x4WlBFb045MkFlYUU4Nnk4aG1jcHhRS0JnSDZSeHNGMDhlNE1PZE1oNTVQWQp2MHlFWEpVeGErbW13T015RUxaWm94ZFZ2a0ovb0xHbHRpWHl5QlQrNkZScWpnK1BNbFZHRFZnSWJFVnNoMm9TCkt1eFNrZW1GSFVmaGdHMXhIUkRIUW5xUDNLTjNaUVZwRzdJY3FUMi9iNVpVeUZBVjg4YnFsdmtFZUVYN0FuT2wKWnlNZHhQVjV1c0RPNCtxdFl6MWF0dU5xCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
kind: Secret
metadata:
  name: full
type: kubernetes.io/tls

## gateway.yaml
apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
  name: gateway
spec:
  # gatewayClassName: eg
  # gatewayClassName: contour
  # gatewayClassName: gke-l7-global-external-managed
  gatewayClassName: nginx
  listeners:
  - name: example
    port: 443
    hostname: "*.example.com"
    protocol: HTTPS
    tls:
      mode: Terminate
      certificateRefs:
      - kind: Secret
        name: wildcard
  - name: cafe
    port: 443
    protocol: HTTPS
    hostname: "cafe.example.com"
    tls:
      mode: Terminate
      certificateRefs:
        - kind: Secret
          name: full

## routes.yaml
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
  name: coffee
spec:
  parentRefs:
  - name: gateway
    sectionName: example
  hostnames:
  - "cafe.example.com"
  rules:
  - matches:
    - path:
        type: PathPrefix
        value: /coffee
    backendRefs:
    - name: coffee
      port: 80
---
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
  name: tea
spec:
  parentRefs:
  - name: gateway
    sectionName: cafe
  hostnames:
  - "*.example.com"
  rules:
  - matches:
    - path:
        type: PathPrefix
        value: /tea
    backendRefs:
    - name: tea
      port: 80

## wildcard.yaml
apiVersion: v1
data:
  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURtekNDQW9PZ0F3SUJBZ0lVUXZaQ0g2Qm5uK1lhNkZLc0ljeWZ5czRQUWdVd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1hURUxNQWtHQTFVRUJoTUNWVk14RXpBUkJnTlZCQWdNQ2xOdmJXVXRVM1JoZEdVeElUQWZCZ05WQkFvTQpHRWx1ZEdWeWJtVjBJRmRwWkdkcGRITWdVSFI1SUV4MFpERVdNQlFHQTFVRUF3d05LaTVsZUdGdGNHeGxMbU52CmJUQWVGdzB5TXpBNU1UZ3lNakV3TlRaYUZ3MHlOREE1TVRjeU1qRXdOVFphTUYweEN6QUpCZ05WQkFZVEFsVlQKTVJNd0VRWURWUVFJREFwVGIyMWxMVk4wWVhSbE1TRXdId1lEVlFRS0RCaEpiblJsY201bGRDQlhhV1JuYVhSegpJRkIwZVNCTWRHUXhGakFVQmdOVkJBTU1EU291WlhoaGJYQnNaUzVqYjIwd2dnRWlNQTBHQ1NxR1NJYjNEUUVCCkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEdTBNcU5TSWFBQ2g3aEV3bFQ4NUU1bTNWM0dkWS9ZQ1pDSGhFZkFGQ1AKRGlSeDl0R0FINVcxQ2JyVG5rOGNoVktoUXI2NDM2WWdWb2pTZDZLVGFiTGpsejBCUHBiMCtpUHo3aGsyVTRBUAoxSWFBQmhya0pHN1FTeGxNbnplS0VXSkFFZVpDd3RDNTl2RzhUc0V6bDdBaGJKaGswV01mREgvRFpEcHNuVmIwCkZNZDBjV0FtOWpYT21qMGdxOWJyR0lnM0FmTnJ3VXBiZGJmbHlpSlFNYjlFcE5XQ3lpYXRMcm5UTTc1d2VsY3cKb2pmWGVrUk9YN2hSR002OXZXVDlWM2JVQWU1T0UyOGkxT0hzVVdEOHdGWTRpOGNtYkpkaUEzOGU0RldPZnZMMAphZVhzVDVsTE4wMVQvMW5kZnVYYk1QNlh3bCs5ZmVwcWRVQkFlbExBN1FtUEFnTUJBQUdqVXpCUk1CMEdBMVVkCkRnUVdCQlJJVzVTV1FzUFZXSlk4UU1QQk9NTTRhNy94OHpBZkJnTlZIU01FR0RBV2dCUklXNVNXUXNQVldKWTgKUU1QQk9NTTRhNy94OHpBUEJnTlZIUk1CQWY4RUJUQURBUUgvTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFBcQozWG5jVUtXaU1rcTJRMytYL3U5blFwWENkNWxsY0llcGc3ODU3SDZZSW50WUpTclA0M3hPSHlCUHUyUkNYK3h2CkpkbDJaVW1CUzNqQ3Z0Q1ByaGUrSU9CeTdISUtKNVozbWlYOENNdmxHU05LTFVSN1ZpTEdsRTdqeHRkNFUxZGMKcUpENy81MU95NCtBSnpOVEZBNUk0OStoVkNtaUYxUGlmeUtEVzlqRmhZMG5lQitGRE5PeHE4aGZOTXFKTHZGUgpETkhTaVNBSlI4alptRjQ5Nks1bWFqa1dHdzF2Y3FEUjFpeFF0NW0zY2lKN1pGRnkyUFZaa09UZnRhUVN1NktUCngxczg5OFE5b2NQdjRLaVVFU1p4Mzh6MUY2VE1TUGgzSklMRTVhQVp4RTl2UmNYOGs2WXVRZjY2akVoU01VdzkKNitHdEZMZ2psQlg0b1VxWjgwS2IKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
  tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRRHUwTXFOU0lhQUNoN2gKRXdsVDg1RTVtM1YzR2RZL1lDWkNIaEVmQUZDUERpUng5dEdBSDVXMUNiclRuazhjaFZLaFFyNjQzNllnVm9qUwpkNktUYWJMamx6MEJQcGIwK2lQejdoazJVNEFQMUlhQUJocmtKRzdRU3hsTW56ZUtFV0pBRWVaQ3d0QzU5dkc4ClRzRXpsN0FoYkpoazBXTWZESC9EWkRwc25WYjBGTWQwY1dBbTlqWE9tajBncTlickdJZzNBZk5yd1VwYmRiZmwKeWlKUU1iOUVwTldDeWlhdExyblRNNzV3ZWxjd29qZlhla1JPWDdoUkdNNjl2V1Q5VjNiVUFlNU9FMjhpMU9IcwpVV0Q4d0ZZNGk4Y21iSmRpQTM4ZTRGV09mdkwwYWVYc1Q1bExOMDFULzFuZGZ1WGJNUDZYd2wrOWZlcHFkVUJBCmVsTEE3UW1QQWdNQkFBRUNnZ0VBYW1KYllOMjJnTkpCV0QxZE1lYzJRZVhWU1lXYWNlZjRrd3FHMFBzWVorbkMKWlh3d2JuVmpnTjdCT2FUemsvNTJSVDBRN2hVL0VYZkxBb3Jsd3VwYWxOVWFDWFJpMWVXYVgzOG8veERxWXVMbgpPWisrbWZQNjQxSVpCbytFczc0enVOdmdhY3dVSkV0eisxRlA4cFkza1dRcGJQdnp2bkNZZDZldCtSV01GelZRCkszdjcrR3hzSU93bWEycFpucFh2SkI1Zis3YzAvY3RpVE04bEdLbUE4REZvbFN2ZUZybXpVdlR4MFBZNUxITW0KSEJUeXUwTWFaYWRZcTdRNVB1Z0NlR0FzN0FvYXRqd2xRTlBSMFhkTUFLNzlmellSZEsrdkxFWHl6TDgwdzJrdgo0N3dlOEtkMjNMM2twTzd6SHhPM2tCVGRXL3JRM25pNUVkUTFWcWlOTFFLQmdRRDNXbUtJbW5BK3c3elBFbC9YCnp2RVNmQ1htWVZhb1RSaVhpQ1dPUUFycDJ3Qk5RbXVOaU5Sbnkzd1JhbUwrbWJpc2Q3RlFvblk5ME1abEhOYnUKZzN1dXVNT0RHcnRiUS81MVlnNHlrTEpieGlZMUZ3RDRwMHcyQ29QTlJuNnpERnZxRDBmRUpKbHNBVFJWZTQyTgpUOGo1dnIxdDFaMEtFZEhURmdQYmxlZi96UUtCZ1FEM0tnQ3RLblZwMm5hWWNZczdjKzc1VFBBK21kdmZCV0I2CnlzWndtRmZSekZkTFlMNkkvQmFrZ09RTllEdmQ1Mi8vK3JQUS9CdTZBY0YwQVlQNkM4T3FDeTY2a3RsVHdKemwKZzZ3THZCVHlCQTh3RVVIQ3hXdmhMdDVQUUhiVFJ5Rm9qclFUZlhOS1F3MEVMSFR3T3lFdDNZMnNMcVpRdndzdwovVnpOWGNQNnl3S0JnUUNCVFZOaTIzQy9ycXk5aG5wcG92a3NVNCt3WGNQaUdPTTVHMmVlYytZQWw0WVIzUjNDCkQvd1JBak1xRzNZQ1o3TTlIUmlvOFRSa1hnWElCNHBuaG40YU9PV2pYRThDaDRtMkxQc0UvZFR1MnFkUWEyVUwKbHREbEV4d1JLNy9Cc3owOUhwM0NiK3R2cFRXSlZod0orZUl5Zzc0Y2MyVXpSVnR0UC8zbVJQZlJKUUtCZ0dxTgphLzg3SjZUN3JsYm4xQ3RNUG9DeEgzME5YVkZYQXhITXF5SE5PMGJSdmV4Y0I2Z01iVUo3NGxTMTRQazRGZnVYCnU3OWpnQngvTjBQb2gxbmJpbjJiRm9rT1Y2eVlnOHNhS2FoaGEvSXR0OUowRGhLR2c0eHZaUjFyWUE2VFFwN04Kcm1vY2tnQTR5YnE3NDZuUkErdSs4SjJDK3VZaWhoT1hsbE5la2VkakFvR0JBTmhVR0FpNnF5OWp3Sm1STDBQRgpTcytyeHhzZktibW11WWVacTRqWjhoNjZJMmdpcHowMjV5Q2dVNVlUTUxjNjRRdXgxMlQxRzFuWXdmenJlWDdICnZ4dGhZZjBaZjdLMXE2K01yLysxWHVnMXRlMWs0SGlFMzZHMi8zNzhuL2kxYk42Y0I4cVZKZ2FpcHFmMWpOWFQKRWxPNG9WMzlXaE5lMzUrdDJtS0wyblEwCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
kind: Secret
metadata:
  name: wildcard
type: kubernetes.io/tls
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: coffee
	spec:
	replicas: 1
	selector:
	matchLabels:
	app: coffee
	template:
	metadata:
	labels:
	app: coffee
	spec:
	containers:
	- name: coffee
	image: nginxdemos/nginx-hello:plain-text
	ports:
	- containerPort: 8080
	---
	apiVersion: v1
	kind: Service
	metadata:
	name: coffee
	spec:
	ports:
	- port: 80
	targetPort: 8080
	protocol: TCP
	name: http
	selector:
	app: coffee
	---
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: tea
	spec:
	replicas: 1
	selector:
	matchLabels:
	app: tea
	template:
	metadata:
	labels:
	app: tea
	spec:
	containers:
	- name: tea
	image: nginxdemos/nginx-hello:plain-text
	ports:
	- containerPort: 8080
	---
	apiVersion: v1
	kind: Service
	metadata:
	name: tea
	spec:
	ports:
	- port: 80
	targetPort: 8080
	protocol: TCP
	name: http
	selector:
	app: tea
	apiVersion: v1
	data:
	tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURvVENDQW9tZ0F3SUJBZ0lVWGNJbWUxbFI3dVB5NHNjKzVibzZuSXhrdExZd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1lERUxNQWtHQTFVRUJoTUNWVk14RXpBUkJnTlZCQWdNQ2xOdmJXVXRVM1JoZEdVeElUQWZCZ05WQkFvTQpHRWx1ZEdWeWJtVjBJRmRwWkdkcGRITWdVSFI1SUV4MFpERVpNQmNHQTFVRUF3d1FZMkZtWlM1bGVHRnRjR3hsCkxtTnZiVEFlRncweU16QTVNVGd5TWpFd01UaGFGdzB5TkRBNU1UY3lNakV3TVRoYU1HQXhDekFKQmdOVkJBWVQKQWxWVE1STXdFUVlEVlFRSURBcFRiMjFsTFZOMFlYUmxNU0V3SHdZRFZRUUtEQmhKYm5SbGNtNWxkQ0JYYVdSbgphWFJ6SUZCMGVTQk1kR1F4R1RBWEJnTlZCQU1NRUdOaFptVXVaWGhoYlhCc1pTNWpiMjB3Z2dFaU1BMEdDU3FHClNJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUNSNU5IV0x0VnNiWVpUN1N6TFFwMFhyNTc2R2hBc1BnY0MKaENlWGtsTkI5bk1ZVjN4ckVYY1FJWmNtRDRaN0lXYWJSWXIzUGpkTm1wcEhBNEtkNEk4QmtGcUo1VmdSZ0ZaOApkUk0wQmdHc1c0WVVFNWNMRCtlaStESjhoU2x4d0tjMXZ1a1U0S3IyclpLdTdZZVJPZEVoV1AyUlNNcWk1RlZPCmp1UXRLWi9TdGhZc1VPallVMXBRTlBaNHZzQXlBQld6VWR6YmUvSXYxd0tQNGNOdWhqWlB4QU9CTHpmcFBTemQKR1VIQjgxR292a2RZckx2KzU5T2Z3WHJtTms5a2dnTXNzTnZhTkg3dFVWbGFVa3UzZzlxbE43dXRCRXRoYXVUeAozdWlpeFFMRDNXMm9zSDhmbEJHcFRRZUZGRHJTOFRaZUNRUi9QMk5mSEtXQjkrZGZ1WlQxQWdNQkFBR2pVekJSCk1CMEdBMVVkRGdRV0JCU2NnbEROOHI5Rjk1ZzBwZWFQS0ZGMUtiYVBqREFmQmdOVkhTTUVHREFXZ0JTY2dsRE4KOHI5Rjk1ZzBwZWFQS0ZGMUtiYVBqREFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHQ1NxR1NJYjNEUUVCQ3dVQQpBNElCQVFBSkNEd0dMSjVPWC9HUkVDeERsTmhwRUkxbG5jMGNoelhUc2FkWGhqOFBFNDRGQkQzZlBjb0pCbEt4CnpwTG5QcUNCODljdkdOWW5qS1NPNXZnQXYrbHZobTZuYUdPVzhQUExKM1pIM0d5VVVETnA4QVIxM1JyRnl4SjEKNU5GYVVtM0Z5VFJMVkVnZ0g3NmJSdVBxYTFCbndiNEI2UVBla0o4eEl6WXVWelY4bGJ1eEpGVlVmQTIwNXcrNgpvQ2F4MGZiZ1Z1dDNNQUhvWTA0VGNzZ3pWK0ZHUmRaRzM5V09uWTczNDZYaFQyNWF3OUhHTjlkNGd3SFJrWjlXClV1NnhPMTNzYW5oc2xUaHZZaWZOL3JyU1lCeXowdk10UlNmMXBvSndXcFJxUXA1RVo3ZTlrVUlCTnFUaXJlU3IKVmg5bXE2TVlNb2JNZWFKejlhbXdxMHdxMWEvMQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
	tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRQ1I1TkhXTHRWc2JZWlQKN1N6TFFwMFhyNTc2R2hBc1BnY0NoQ2VYa2xOQjluTVlWM3hyRVhjUUlaY21ENFo3SVdhYlJZcjNQamRObXBwSApBNEtkNEk4QmtGcUo1VmdSZ0ZaOGRSTTBCZ0dzVzRZVUU1Y0xEK2VpK0RKOGhTbHh3S2MxdnVrVTRLcjJyWkt1CjdZZVJPZEVoV1AyUlNNcWk1RlZPanVRdEtaL1N0aFlzVU9qWVUxcFFOUFo0dnNBeUFCV3pVZHpiZS9JdjF3S1AKNGNOdWhqWlB4QU9CTHpmcFBTemRHVUhCODFHb3ZrZFlyTHYrNTlPZndYcm1OazlrZ2dNc3NOdmFOSDd0VVZsYQpVa3UzZzlxbE43dXRCRXRoYXVUeDN1aWl4UUxEM1cyb3NIOGZsQkdwVFFlRkZEclM4VFplQ1FSL1AyTmZIS1dCCjkrZGZ1WlQxQWdNQkFBRUNnZ0VBUC9CYWpsWEVMMXJvemd0WjRGTDNhaFFMeG14NXZnb0pKRzhxc3VEc0lES1UKU295OCtHZVZHTHEvOVd4RWNkNDNpOEUwb0JyaVBkNk4wcVdWTHYvbGJMZ0pGZm92V0t3NE94OU1KVGFrc1JjRApjZlVMODBzckoxOURNUk5qRUhsd1RydTJodkhYdTNoaW1zdDY2SWpBUUs4eG9lU1cra0M3cWt3eGNDR1g2ODQ3CnZUOWxJbnl6a0hEaWtGdU84R0lYbjFPa0ZrRXU2aG5DVU1yQ21FQ1Y4SVZCQ1J1WmNxTGxjV3FiUTdCNVFFMGIKcm5CYzVnSG53VjQzdnJLUUU5Zm5rSE9WRmJxVmVuWlFGNTIwTVZrWjRzNkFWczI4aGtkaTRXcUo4TmdEVTA5Zwo5TkM5Y0crdkRNNzRrSDBja0V2MC9QaE1XODI2YkhpNWlSVEdQMFV1bVFLQmdRRE5sSVpmeDNNMUJJdUZxVm1ICjgzNnJaQXA2aWs5WWxJaWFWMUhUZ2pyZWo4bkNFRkFQSnQzazVNUi9sNUdJSlhoVnFjVkFTaVZvTjJGNTlEbXkKaTFDeGwzYUlDbWJNNWhLN3A3TXBBVVB0dHpwa2JXR2ErMDNrTE9nYldZUTN2bisrWkFURDhsRjdEWG1WWk5ueApLV0dMT0p1OWpEbE9uVzlBQVo3UGptL1dUd0tCZ1FDMXJObjRLTEZROFA2YXg0aHpSRW93cWxkRnRRclR1ZHFvCnFFQXdXdTRjWEloK1lvMCtXREozT1dDLzArUnRDc2lnaG5UZUdrV00xb3BRRmJVYS8vSllNWGFIdGFOR3h3VG8KZW9yc0xERjFJNjJoVzVGNW5vaVhPMk5DNkhDd3Jobmp5RFpGNDREeXpQamkyRWpjTGhOU0FmV1pWeWJsbGtkSgo3Um9lbTk1VGV3S0JnUUNMb2xCTENndmtmUHZQZzZGK1NCTkhrcUhUYmRKTEZraGFuT2pGUXZWOWFpamVHWHBuCmNEelRWZGRwMnFkTTFEYVI2TWhEekpqdjJuM28rY3VlekNXNUdtbTJLV3A5emQvM2VnYWsyV2tzTTRJRDZJK2QKVndnbTdhR1J3aEdlVTFRdEczNXBJVlBhd3VKTWFMM25vZlhSUEZmOFBSeEhtNE9POUFyTWE3RG0zUUtCZ1FDRApxMVVHZ0NlUzdEYjY0cVpJTkRRNDlSdnZUM2tiWGxYVmFxdXE0QncydmZIRzk1STZueDFrUDFlWmIrN2NBTGJMCmNPZCttVGZURFNLTlRFNUgxVHhGSXdRdTh6djA3Z1Rtb1BuU2xXejY0dkxTUVZVNytlUXhCeiszbkZNZ0dlNTEKb2dPRHY1RVRaKzd5S2FNVXdPZ0x4WlBFb045MkFlYUU4Nnk4aG1jcHhRS0JnSDZSeHNGMDhlNE1PZE1oNTVQWQp2MHlFWEpVeGErbW13T015RUxaWm94ZFZ2a0ovb0xHbHRpWHl5QlQrNkZScWpnK1BNbFZHRFZnSWJFVnNoMm9TCkt1eFNrZW1GSFVmaGdHMXhIUkRIUW5xUDNLTjNaUVZwRzdJY3FUMi9iNVpVeUZBVjg4YnFsdmtFZUVYN0FuT2wKWnlNZHhQVjV1c0RPNCtxdFl6MWF0dU5xCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
	kind: Secret
	metadata:
	name: full
	type: kubernetes.io/tls
	apiVersion: gateway.networking.k8s.io/v1beta1
	kind: Gateway
	metadata:
	name: gateway
	spec:
	# gatewayClassName: eg
	# gatewayClassName: contour
	# gatewayClassName: gke-l7-global-external-managed
	gatewayClassName: nginx
	listeners:
	- name: example
	port: 443
	hostname: "*.example.com"
	protocol: HTTPS
	tls:
	mode: Terminate
	certificateRefs:
	- kind: Secret
	name: wildcard
	- name: cafe
	port: 443
	protocol: HTTPS
	hostname: "cafe.example.com"
	tls:
	mode: Terminate
	certificateRefs:
	- kind: Secret
	name: full
	apiVersion: gateway.networking.k8s.io/v1beta1
	kind: HTTPRoute
	metadata:
	name: coffee
	spec:
	parentRefs:
	- name: gateway
	sectionName: example
	hostnames:
	- "cafe.example.com"
	rules:
	- matches:
	- path:
	type: PathPrefix
	value: /coffee
	backendRefs:
	- name: coffee
	port: 80
	---
	apiVersion: gateway.networking.k8s.io/v1beta1
	kind: HTTPRoute
	metadata:
	name: tea
	spec:
	parentRefs:
	- name: gateway
	sectionName: cafe
	hostnames:
	- "*.example.com"
	rules:
	- matches:
	- path:
	type: PathPrefix
	value: /tea
	backendRefs:
	- name: tea
	port: 80