# ============================== # Gateway # ============================== --- apiVersion: gateway.networking.k8s.io/v1 kind: Gateway metadata: name: my-gateway spec: gatewayClassName: eg listeners: - name: http protocol: HTTP port: 80 allowedRoutes: namespaces: from: Same # ============================== # Public HTTP Routes # ============================== --- apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: name: my-public-routes namespace: default spec: parentRefs: - name: my-gateway rules: - matches: - path: type: PathPrefix value: /khmer-eid/auth backendRefs: - name: khmer-eid port: 8200 filters: - type: URLRewrite urlRewrite: path: type: ReplacePrefixMatch replacePrefixMatch: /auth - matches: - path: type: PathPrefix value: /nginx backendRefs: - name: my-nginx port: 8081 # ============================== # Protected HTTP Routes # ============================== --- apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: name: my-protected-routes namespace: default spec: parentRefs: - name: my-gateway rules: - matches: - path: type: PathPrefix value: /khmer-eid backendRefs: - name: khmer-eid port: 8200 filters: - type: URLRewrite urlRewrite: path: type: ReplacePrefixMatch replacePrefixMatch: / # ============================== # Forward Auth # ============================== --- apiVersion: gateway.envoyproxy.io/v1alpha1 kind: SecurityPolicy metadata: name: my-ext-auth spec: targetRefs: - group: gateway.networking.k8s.io kind: HTTPRoute name: my-protected-routes extAuth: http: path: /auth backendRefs: - name: khmer-eid port: 8200 headersToBackend: ["x-auth-user"]