From 4fad1f111144e60fa1fb4e518e9446a84f96e2de Mon Sep 17 00:00:00 2001
From: Matthias Hinrichs <matthias.hinrichs@sbb.ch>
Date: Thu, 15 Jan 2026 10:55:52 +0100
Subject: [PATCH] =?UTF-8?q?F=C3=BCge=20die=20Konfiguration=20f=C3=BCr=20de?=
 =?UTF-8?q?n=20gemeinsamen=20externen=20Gateway=20hinzu?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../shared-external-gateway.yaml              | 25 +++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 07_bootstrap_argocd/shared-external-gateway.yaml

diff --git a/07_bootstrap_argocd/shared-external-gateway.yaml b/07_bootstrap_argocd/shared-external-gateway.yaml
new file mode 100644
index 0000000..6e520b3
--- /dev/null
+++ b/07_bootstrap_argocd/shared-external-gateway.yaml
@@ -0,0 +1,25 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: shared-external-gateway
+  namespace: default
+  labels:
+    bgp.cilium.io/ip-pool: default  # Damit bekommt das Gateway eine IP aus deinem Pool
+  annotations:
+    # Damit external-dns diesen Gateway findet und einen DNS-Eintrag erstellt
+    # (falls external-dns Gateway API unterstützt, was es tut)
+    cert-manager.io/cluster-issuer: cloudflare-cluster-issuer
+spec:
+  gatewayClassName: envoy-gateway-class
+  listeners:
+    - name: http
+      hostname: "*.hnrx.net"
+      protocol: HTTPS
+      port: 443
+      allowedRoutes:
+        namespaces:
+          from: All
+      tls:
+        mode: Terminate
+        certificateRefs:
+          - name: shared-external-gateway-tls
\ No newline at end of file