ams0 · May 15, 2025 11:53
diff --git a/aks-gatewayapi-https-http.yaml b/aks-gatewayapi-https-http.yaml
 apiVersion: gateway.networking.k8s.io/v1
 kind: Gateway
 metadata:
  name: public-gateway
  namespace: istio-system
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
 spec:
  infrastructure:
    annotations:
      service.beta.kubernetes.io/port_443_health-probe_protocol: tcp
      service.beta.kubernetes.io/port_80_health-probe_protocol: tcp
  gatewayClassName: istio  # or your controller’s gateway class name
  listeners:
    - name: https
      hostname: "*.test.ne.azure.kubespaces.cloud"
      protocol: HTTPS
      port: 443
      allowedRoutes:
        namespaces:
          from: All
      tls:
        mode: Terminate
        certificateRefs:
          - name: test-wildcard-tls
    - name: http
      protocol: HTTP
      port: 80
      hostname: "*.test.ne.azure.kubespaces.cloud"
      allowedRoutes:
        namespaces:
          from: All
 ---
 apiVersion: gateway.networking.k8s.io/v1
 kind: HTTPRoute
 metadata:
  name: nginx-route-https
  namespace: default
  annotations:
    external-dns.alpha.kubernetes.io/hostname: aks.test.ne.azure.kubespaces.cloud
 spec:
  hostnames:
    - aks.test.ne.azure.kubespaces.cloud
  parentRefs:
    - name: public-gateway
      namespace: istio-system
      sectionName: https  # matches listener name in the Gateway
  rules:
    - matches:
        - path:
            type: PathPrefix
            value: /
      backendRefs:
        - name: nginx
          port: 80
 ---
 apiVersion: gateway.networking.k8s.io/v1
 kind: HTTPRoute
 metadata:
  name: nginx-route-http
  namespace: default
 spec:
  parentRefs:
    - name: public-gateway
      namespace: istio-system
      sectionName: http 
  hostnames:
    - aks.test.ne.azure.kubespaces.cloud
  rules:
  - filters:
    - type: RequestRedirect
      requestRedirect:
        scheme: https
        statusCode: 301
	apiVersion: gateway.networking.k8s.io/v1
	kind: Gateway
	metadata:
	name: public-gateway
	namespace: istio-system
	annotations:
	cert-manager.io/cluster-issuer: letsencrypt-prod
	spec:
	infrastructure:
	annotations:
	service.beta.kubernetes.io/port_443_health-probe_protocol: tcp
	service.beta.kubernetes.io/port_80_health-probe_protocol: tcp
	gatewayClassName: istio # or your controller’s gateway class name
	listeners:
	- name: https
	hostname: "*.test.ne.azure.kubespaces.cloud"
	protocol: HTTPS
	port: 443
	allowedRoutes:
	namespaces:
	from: All
	tls:
	mode: Terminate
	certificateRefs:
	- name: test-wildcard-tls
	- name: http
	protocol: HTTP
	port: 80
	hostname: "*.test.ne.azure.kubespaces.cloud"
	allowedRoutes:
	namespaces:
	from: All
	---
	apiVersion: gateway.networking.k8s.io/v1
	kind: HTTPRoute
	metadata:
	name: nginx-route-https
	namespace: default
	annotations:
	external-dns.alpha.kubernetes.io/hostname: aks.test.ne.azure.kubespaces.cloud
	spec:
	hostnames:
	- aks.test.ne.azure.kubespaces.cloud
	parentRefs:
	- name: public-gateway
	namespace: istio-system
	sectionName: https # matches listener name in the Gateway
	rules:
	- matches:
	- path:
	type: PathPrefix
	value: /
	backendRefs:
	- name: nginx
	port: 80
	---
	apiVersion: gateway.networking.k8s.io/v1
	kind: HTTPRoute
	metadata:
	name: nginx-route-http
	namespace: default
	spec:
	parentRefs:
	- name: public-gateway
	namespace: istio-system
	sectionName: http
	hostnames:
	- aks.test.ne.azure.kubespaces.cloud
	rules:
	- filters:
	- type: RequestRedirect
	requestRedirect:
	scheme: https
	statusCode: 301