--- kind: GatewayClass apiVersion: networking.x-k8s.io/v1alpha1 metadata: name: my-gateway-class spec: controller: traefik.io/gateway-controller --- kind: Gateway apiVersion: networking.x-k8s.io/v1alpha1 metadata: name: my-gateway namespace: default spec: gatewayClassName: my-gateway-class listeners: # Use GatewayClass defaults for listener definition. - protocol: TLS port: 9001 hostname: foo.example.com tls: mode: Passthrough routes: kind: TLSRoute namespaces: from: All selector: matchLabels: app: tls-app --- kind: TLSRoute apiVersion: networking.x-k8s.io/v1alpha1 metadata: name: tls-app-default namespace: default labels: app: tls-app spec: rules: - forwardTo: - serviceName: whoamitcp port: 9000 weight: 1 matches: - snis: - foo.default --- kind: TLSRoute apiVersion: networking.x-k8s.io/v1alpha1 metadata: name: tls-app-bar namespace: bar labels: app: tls-app spec: rules: - forwardTo: - serviceName: whoamitcp-bar port: 9000 weight: 1 matches: - snis: - foo.bar