{{- if .Values.httpRoute.enabled -}}
{{- $fullName := include "makai.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: {{ $fullName }}
  labels:
    {{- include "makai.labels" . | nindent 4 }}
spec:
  parentRefs:
    {{- toYaml .Values.httpRoute.parentRefs | nindent 4 }}
  {{- with .Values.httpRoute.hostnames }}
  hostnames:
    {{- toYaml . | nindent 4 }}
  {{- end }}
  rules:
    {{- range .Values.httpRoute.rules }}
    - {{- with .matches }}
      matches:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      backendRefs:
        - name: {{ $fullName }}
          port: {{ $svcPort }}
    {{- end }}
---
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
  name: allow-gateway-to-{{ $fullName }}
  labels:
    {{- include "makai.labels" . | nindent 4 }}
spec:
  endpointSelector:
    matchLabels:
      {{- include "makai.selectorLabels" . | nindent 6 }}
  ingress:
  - fromCIDRSet:
    {{- range .Values.clusterConfig.ingress_whitelist }}
    - cidr: {{ . }}
    {{- end }}
  - fromEndpoints:
    - matchLabels:
        "k8s:io.kubernetes.pod.namespace": {{ .Release.Namespace }}
{{- end }}