From b2daa822a61408457dad6f8ea52f88566de477a8 Mon Sep 17 00:00:00 2001
From: Jan Novak <jan.novak@livesport.eu>
Date: Thu, 19 Feb 2026 00:51:37 +0100
Subject: [PATCH] gitops/cilium: configure gateway listeners and allow routes
 from all namespaces

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 .../cilium/helmrelelase_cilium.yaml           | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/gitops/home-kubernetes/cilium/helmrelelase_cilium.yaml b/gitops/home-kubernetes/cilium/helmrelelase_cilium.yaml
index 735e081..fe9e350 100644
--- a/gitops/home-kubernetes/cilium/helmrelelase_cilium.yaml
+++ b/gitops/home-kubernetes/cilium/helmrelelase_cilium.yaml
@@ -33,6 +33,25 @@ spec:
       enabled: true
     gatewayAPI:
       enabled: true
+      gateway:
+        listeners:
+          - name: http
+            port: 80
+            protocol: HTTP
+            allowedRoutes:
+              namespaces:
+                from: All
+          - name: https
+            port: 443
+            protocol: HTTPS
+            allowedRoutes:
+              namespaces:
+                from: All
     kubeProxyReplacement: true
     k8sServiceHost: 192.168.0.31  # or LB IP
     k8sServicePort: 6443
+
+    # disable envoy daemonset - i guess that is stupid idea anyway
+    # envoy:
+    #  enabled: false
+    # l7Proxy: false