--- apiVersion: gateway.networking.k8s.io/v1 kind: Gateway metadata: name: vault namespace: vault labels: app.kubernetes.io/name: vault app.kubernetes.io/instance: vault traefik.io/instance: internal annotations: cert-manager.io/cluster-issuer: vault-issuer cert-manager.io/common-name: vault.k8s.syd1.au.unkin.net cert-manager.io/private-key-size: "4096" cert-manager.io/alt-names: vault.service.consul,vault.query.consul external-dns.alpha.kubernetes.io/hostname: vault.k8s.syd1.au.unkin.net external-dns.alpha.kubernetes.io/target: 198.18.200.4 spec: gatewayClassName: traefik-internal listeners: - name: http port: 80 protocol: HTTP hostname: vault.k8s.syd1.au.unkin.net allowedRoutes: namespaces: from: Same - name: https port: 443 protocol: HTTPS hostname: vault.k8s.syd1.au.unkin.net allowedRoutes: namespaces: from: Same tls: mode: Terminate certificateRefs: - kind: Secret name: vault-tls - name: vault-direct port: 8200 protocol: HTTPS allowedRoutes: namespaces: from: Same tls: mode: Terminate certificateRefs: - kind: Secret name: vault-tls