As a Korifi API user, I want to be able to use custom domains

[danail-branekov]

Acceptance

GIVEN I have deployed Korifi (e.g. on kind) with a default domain apps-127-0-0-1.nip.io
GIVEN I have pushed an app (e.g. dorifi)
WHEN I create a new domain - cf create-shared-domain foo-127-0-0-1.nip.io
AND I have configured the workloads certificate to allow the new domain
AND I map the app to the new domain - cf map-route dorifi foo-127-0-0-1.nip.io --hostname dorifi-foo
THEN I want to be able to request the app on the new domain: curl -k https://dorifi-foo.foo-127-0-0-1.nip.io

What happens right now

The app is not accessible on the new domain:

❯ curl -k https://dorifi-foo.foo-127-0-0-1.nip.io
curl: (35) error:0A000126:SSL routines::unexpected eof while reading

Dev notes

The reason the new domain is not accessible is that the korifi gateway is not configured with allowedRoutes for the new domain. A workaround would be to add the allowed route via kubectl by adding

  - allowedRoutes:
      namespaces:
        from: All
    hostname: '*.foo-127-0-0-1.nip.io'
    name: https-apps-foo
    port: 32443
    protocol: HTTPS
    tls:
      certificateRefs:
      - group: ""
        kind: Secret
        name: korifi-workloads-ingress-cert
        namespace: korifi
      mode: Terminate

However, this is not achievable by using the cf cli only.

• Maybe when we create the new domain, we also need to either update the korifi gateway, or create a new one for the new domain. If we decide to update the gteway, we need to ensure that further helm upgrades do not remove the new entries.
• Or maybe we need to reconcile a CFDomain into Gateway and not create the gateway with the helm chart in the first place?
• What about domain certificates? How do we configure the workload certificate with the new domain by using the cf cli only? Or shall we create a new certificate for the new domain?

I am marking this issue as bug as we probably broke custom domains when we introduced the gateway api.