---
apiVersion: v1
kind: Secret
metadata:
  name: supersecret
  namespace: default

data:
  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
  tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0=

---
kind: GatewayClass
apiVersion: gateway.networking.k8s.io/v1alpha2
metadata:
  name: my-gateway-class
spec:
  controllerName: traefik.io/gateway-controller

---
kind: Gateway
apiVersion: gateway.networking.k8s.io/v1alpha2
metadata:
  name: my-gateway
  namespace: default
spec:
  gatewayClassName: my-gateway-class
  listeners: # Use GatewayClass defaults for listener definition.
    - name: tls
      protocol: TLS
      port: 443
      tls:
        mode: Terminate
        certificateRefs:
          - kind: Secret
            name: supersecret
      allowedRoutes:
        namespaces:
          from: Same

---
kind: HTTPRoute
apiVersion: gateway.networking.k8s.io/v1alpha2
metadata:
  name: http-app-1
  namespace: default
spec:
  hostnames:
    - "foo.com"
  rules:
    - matches:
        - path:
            type: Exact
            value: /bar
      backendRefs:
        - name: whoami
          port: 80
          weight: 1