{{- if eq .Values.cilium.cluster "hel1" }}
# TODO: Move to ListernerSets when those get Promoted to GA
# Resources:
# - https://gateway-api.sigs.k8s.io/geps/gep-1713/
# - https://github.com/kubernetes-sigs/gateway-api/issues/1713
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: shared-gateway
  namespace: kube-system
spec:
  gatewayClassName: cilium
  listeners:
    - name: http
      protocol: HTTP
      port: 80
      allowedRoutes:
        namespaces:
          from: Selector
          selector:
            matchLabels:
              shared-gateway-access: "true"
    - name: https
      protocol: HTTPS
      port: 443
      tls:
        certificateRefs:
          - group: ''
            kind: Secret
            name: wildcard-oceanbox-io
      allowedRoutes:
        namespaces:
          from: Selector
          selector:
            matchLabels:
              shared-gateway-access: "true"
    - name: ssh
      protocol: TCP
      port: 22
      allowedRoutes:
        namespaces:
          from: Selector
          selector:
            matchLabels:
              shared-gateway-access: "true"
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: wildcard-oceanbox-io
spec:
  secretName: wildcard-oceanbox-io
  commonName: oceanbox.io
  dnsNames:
    - oceanbox.io
    - "*.oceanbox.io"
  issuerRef:
    name: letsencrypt-prod-dns01
    kind: ClusterIssuer
{{- end}}