apiVersion: gateway.networking.k8s.io/v1 kind: Gateway metadata: name: gateway-certificate-nonexistent-secret namespace: gateway-conformance-infra spec: gatewayClassName: "{GATEWAY_CLASS_NAME}" listeners: - name: https port: 443 protocol: HTTPS allowedRoutes: namespaces: from: All tls: certificateRefs: - group: "" kind: Secret name: nonexistent-certificate --- apiVersion: gateway.networking.k8s.io/v1 kind: Gateway metadata: name: gateway-certificate-unsupported-group namespace: gateway-conformance-infra spec: gatewayClassName: "{GATEWAY_CLASS_NAME}" listeners: - name: https port: 443 protocol: HTTPS allowedRoutes: namespaces: from: All tls: certificateRefs: - group: wrong.group.company.io kind: Secret name: tls-validity-checks-certificate --- apiVersion: gateway.networking.k8s.io/v1 kind: Gateway metadata: name: gateway-certificate-unsupported-kind namespace: gateway-conformance-infra spec: gatewayClassName: "{GATEWAY_CLASS_NAME}" listeners: - name: https port: 443 protocol: HTTPS allowedRoutes: namespaces: from: All tls: certificateRefs: - group: "" kind: WrongKind name: tls-validity-checks-certificate --- apiVersion: gateway.networking.k8s.io/v1 kind: Gateway metadata: name: gateway-certificate-malformed-secret namespace: gateway-conformance-infra spec: gatewayClassName: "{GATEWAY_CLASS_NAME}" listeners: - name: https port: 443 protocol: HTTPS allowedRoutes: namespaces: from: All tls: certificateRefs: - group: "" kind: Secret name: malformed-certificate --- apiVersion: v1 kind: Secret metadata: name: malformed-certificate namespace: gateway-conformance-infra data: # this certificate is invalid because contains an invalid pem (base64 of "Hello world"), # and the certificate and the key are identical tls.crt: SGVsbG8gd29ybGQK tls.key: SGVsbG8gd29ybGQK type: kubernetes.io/tls