api/virtual-gateway/v1-api/2-connection-handling/2.3-https-redirect.yaml

##################################################
# Test Name: HTTPS Redirect
# Test Number: 2.3
# Test Description:
#   - Gateway for HTTPS port to redirect to HTTPS
#   - Gateway for HTTPS TLS termination
##################################################
apiVersion: networking.mesh.gloo.solo.io/v1
kind: VirtualMesh
metadata:
  name: virtual-mesh
  namespace: gloo-mesh
spec:
  federation:                            # Enable automatic federation of all services to all clusters
    selectors:
      - {}
  meshes:
    - name: istiod-istio-system-cluster1
      namespace: gloo-mesh
    - name: istiod-istio-system-cluster2
      namespace: gloo-mesh
---
apiVersion: networking.enterprise.mesh.gloo.solo.io/v1beta1
kind: VirtualGateway
metadata:
  name: redirect
  namespace: gloo-mesh
spec:
  ingressGatewaySelectors:
  - portName: http2                      # match on port name http2 (the port we want to redirect)
    destinationSelectors:
    - kubeServiceMatcher:
        labels:
          istio: ingressgateway          # select all gateways with istio=ingressgateway label
        namespaces:
        - istio-system                   # only include istio-system namespace
  connectionHandlers:
  - connectionOptions:
      httpsRedirect: true                # enable https redirect
---
apiVersion: networking.enterprise.mesh.gloo.solo.io/v1beta1
kind: VirtualGateway
metadata:
  name: ingress
  namespace: gloo-mesh
spec:
  ingressGatewaySelectors:
  - portName: https                      # match on port name https
    destinationSelectors:
    - kubeServiceMatcher:
        labels:
          istio: ingressgateway          # select all gateways with istio=ingressgateway label
        namespaces:
        - istio-system                   # only include istio-system namespace
  connectionHandlers:
  - connectionOptions:                   # TLS Termination settings
      sslConfig:
        secretName: frontend-cert        # This kubernetes tls secret must be located on the same cluster in the same namespace as each gateway deployment
        tlsMode: SIMPLE
    connectionMatch:
      serverNames:
      - api.solo.io                      # This SNI should match the DNS name your cert is using
    http:
      routeConfig:
      - virtualHost:
          domains:
          - api.solo.io
          routes:
          - name: frontend
            routeAction:
              destinations:
              - kubeService:
                  clusterName: cluster1
                  name: frontend
                  namespace: app
                  port: 8080