# HTTPRoute for HashiCorp Vault behind Envoy Gateway (Gateway API).
# Matches the intent of server.httpRoute in values.yaml (chart may not render it yet).
#
# Before applying:
#   kubectl get svc -n vault
# If the Vault Service is not named "vault" (e.g. release "foo" -> Service "foo-vault"),
# change spec.rules[].backendRefs[].name below.
#
# Ensure your Gateway allows routes from namespace "vault" (listener allowedRoutes / infrastructure).
#
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: vault-httproute
  namespace: vault
spec:
  parentRefs:
    - group: gateway.networking.k8s.io
      kind: Gateway
      name: envoy-gateway
      namespace: envoy-gateway-system
      sectionName: http
  hostnames:
    - vault.fireflylab.local
  rules:
    - matches:
        - path:
            type: PathPrefix
            value: /
      backendRefs:
        - group: ""
          kind: Service
          name: vault
          port: 8200
          weight: 1