{{- if .Values.global.meshExpansion.enabled }}
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: meshexpansion-gateway
  namespace: {{ .Release.Namespace }}
  labels:
    release: {{ .Release.Name }}
    istio.io/rev: {{ .Values.revision | default "default" }}
    install.operator.istio.io/owning-resource: {{ .Values.ownerName | default "unknown" }}
    operator.istio.io/component: "IngressGateways"
spec:
  selector:
    istio: ingressgateway
  servers:
    - port:
        number: 15012
        protocol: TCP
        name: tcp-istiod
      hosts:
        - "*"
    - port:
        number: 15017
        protocol: TCP
        name: tcp-istiodwebhook
      hosts:
        - "*"
---

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: meshexpansion-vs-istiod
  namespace: {{ .Release.Namespace }}
  labels:
    release: {{ .Release.Name }}
spec:
  hosts:
  - istiod.{{ .Values.global.istioNamespace }}.svc.{{ .Values.global.proxy.clusterDomain }}
  gateways:
  - meshexpansion-gateway
  tcp:
  - match:
    - port: 15012
    route:
    - destination:
        host: istiod.{{ .Values.global.istioNamespace }}.svc.{{ .Values.global.proxy.clusterDomain }}
        port:
          number: 15012
  - match:
    - port: 15017
    route:
    - destination:
        host: istiod.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}
        port:
          number: 443
---

apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: meshexpansion-dr-istiod
  namespace: {{ .Release.Namespace }}
  labels:
    release: {{ .Release.Name }}
spec:
  host: istiod.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }}
  trafficPolicy:
    portLevelSettings:
    - port:
        number: 15012
      tls:
        mode: DISABLE
    - port:
        number: 15017
      tls:
        mode: DISABLE

{{- end }}