---
apiVersion: v1
kind: Namespace
metadata:
  name: argocd
---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: argocd-gateway
  namespace: argocd
  labels:
    bgp.cilium.io/ip-pool: default  # Damit bekommt das Gateway eine IP aus deinem Pool
  annotations:
    # Damit external-dns diesen Gateway findet und einen DNS-Eintrag erstellt
    # (falls external-dns Gateway API unterstützt, was es tut)
    cert-manager.io/cluster-issuer: cloudflare-cluster-issuer
spec:
  gatewayClassName: envoy-gateway-class
  listeners:
    - name: https
      hostname: "argocd.k8s.hnrx.net"
      protocol: HTTPS
      port: 443
      allowedRoutes:
        namespaces:
          from: All
      tls:
        mode: Terminate
        certificateRefs:
          - name: argocd-gateway-tls
    - name: http
      hostname: "argocd.k8s.hnrx.net"
      protocol: HTTP
      port: 80
      allowedRoutes:
        kinds:
          - kind: HTTPRoute
          - kind: GRPCRoute
        namespaces:
          from: All