first commit

vault/httproute.yaml

@@ -0,0 +1,35 @@
+# HTTPRoute for HashiCorp Vault behind Envoy Gateway (Gateway API).
+# Matches the intent of server.httpRoute in values.yaml (chart may not render it yet).
+#
+# Before applying:
+#   kubectl get svc -n vault
+# If the Vault Service is not named "vault" (e.g. release "foo" -> Service "foo-vault"),
+# change spec.rules[].backendRefs[].name below.
+#
+# Ensure your Gateway allows routes from namespace "vault" (listener allowedRoutes / infrastructure).
+#
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: vault-httproute
+  namespace: vault
+spec:
+  parentRefs:
+    - group: gateway.networking.k8s.io
+      kind: Gateway
+      name: envoy-gateway
+      namespace: envoy-gateway-system
+      sectionName: http
+  hostnames:
+    - vault.fireflylab.local
+  rules:
+    - matches:
+        - path:
+            type: PathPrefix
+            value: /
+      backendRefs:
+        - group: ""
+          kind: Service
+          name: vault
+          port: 8200
+          weight: 1