gitops/scripts/kong-gateway/GatewayAPI-example.yaml

apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: example-gateway
  namespace: kong
  annotations:
    konghq.com/publish-service: kong/kong-gateway-proxy
spec:
  gatewayClassName: kong
  listeners:
    - name: https
      port: 443
      protocol: HTTPS
      hostname: "*.onwalk.net"  # ⭐ 通配符域名，匹配所有子域
      tls:
        mode: Terminate
        certificateRefs:
          - name: onwalk-tls  # 存放 *.onwalk.net 证书的 Secret
      allowedRoutes:
        namespaces:
          from: All
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: ui-route
  namespace: ai
spec:
  parentRefs:
    - name: example-gateway
      namespace: kong
  hostnames:
    - open-webui.onwalk.net
  rules:
    - matches:
        - path:
            type: PathPrefix
            value: /
      backendRefs:
        - name: open-webui
          port: 80
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: keycloak-route
  namespace: keycloak
spec:
  parentRefs:
    - name: example-gateway
      namespace: kong
  hostnames:
    - keycloak.onwalk.net
  rules:
    - matches:
        - path:
            type: PathPrefix
            value: /
      backendRefs:
        - name: keycloak
          port: 80
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: argocd-route
  namespace: argocd
spec:
  parentRefs:
    - name: example-gateway
      namespace: kong   # ⭐ 必须指定！
  hostnames:
    - argocd.onwalk.net  # ⭐ 注意要匹配实际访问域名
  rules:
    - matches:
        - path:
            type: PathPrefix
            value: /
      backendRefs:
        - name: argocd-server
          port: 80