Add gateway-api support to keycloak.

+---
+apiVersion: gateway.networking.k8s.io/v1beta1
+kind: HTTPRoute
+metadata:
+  name: kpg-keycloak
+spec:
+  parentRefs:
+    - name: gateway
+  hostnames:
+    - "auth.local"
+  rules:
+    - matches:
+        - path:
+            type: PathPrefix
+            value: /
+      backendRefs:
+        - name: kpg-keycloak-service
+          port: 8080
+---
+

+---
+apiVersion: networking.istio.io/v1beta1
+kind: DestinationRule
+metadata:
+  name: kpg-keycloak-originate-tls
+spec:
+  host: kpg-keycloak
+  trafficPolicy:
+    portLevelSettings:
+      - port:
+          number: 8080
+        tls:
+          mode: DISABLE
+          credentialName: kpg-keycloak-crt
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: kpg-keycloak-crt
+spec:
+  secretName: kpg-keycloak-crt
+  dnsNames:
+  - auth.local
+  issuerRef:
+    name: ca-issuer
+    # We can reference ClusterIssuers by changing the kind here.
+    # The default value is Issuer (i.e. a locally namespaced Issuer)
+    kind: ClusterIssuer
+    group: cert-manager.io
+---
+apiVersion: networking.istio.io/v1beta1
+kind: VirtualService
+metadata:
+  name: kpg-keycloak
+spec:
+  hosts:
+    - auth.local
+  gateways:
+    - istio-system/cluster-local-gateway
+  http:
+    - route:
+      - destination:
+          port:
+            number: 8080
+          host: kpg-keycloak-service.default.svc.cluster.local
+  tls:
+    - match:
+        - sniHosts:
+            - auth.local
+      route:
+      - destination:
+          port:
+            number: 8443
+          host: kpg-keycloak-service.default.svc.cluster.local
+

@@ -69,57 +69,4 @@ spec:
   hostname: INSECURE-DISABLE
   tlsSecret: INSECURE-DISABLE
 ---
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: kpg-keycloak-crt
-spec:
-  secretName: kpg-keycloak-crt
-  dnsNames:
-  - auth.local
-  issuerRef:
-    name: ca-issuer
-    # We can reference ClusterIssuers by changing the kind here.
-    # The default value is Issuer (i.e. a locally namespaced Issuer)
-    kind: ClusterIssuer
-    group: cert-manager.io
----
-apiVersion: networking.istio.io/v1beta1
-kind: DestinationRule
-metadata:
-  name: kpg-keycloak-originate-tls
-spec:
-  host: kpg-keycloak
-  trafficPolicy:
-    portLevelSettings:
-      - port:
-          number: 8080
-        tls:
-          mode: DISABLE
-          credentialName: kpg-keycloak-crt
----
-apiVersion: networking.istio.io/v1beta1
-kind: VirtualService
-metadata:
-  name: kpg-keycloak
-spec:
-  hosts:
-    - auth.local
-  gateways:
-    - istio-system/cluster-local-gateway
-  http:
-    - route:
-      - destination:
-          port:
-            number: 8080
-          host: kpg-keycloak-service.default.svc.cluster.local
-  tls:
-    - match:
-        - sniHosts:
-            - auth.local
-      route:
-      - destination:
-          port:
-            number: 8443
-          host: kpg-keycloak-service.default.svc.cluster.local
 

@@ -3,6 +3,8 @@ kind: Kustomization
 
 resources:
   - ./keycloak.yaml
+  - ./istio.yaml
+  - ./gateway-api.yaml
 
 configMapGenerator:
   - name: kpg-keycloak-scripts

@@ -16,6 +16,11 @@ certificate:
   hostName: auth.local
   issuerRef: ca-issuer
 virtualService:
+  enabled: true
   hostName: auth.local
   gateway: istio-system/cluster-local-gateway
   issuerRef: ca-issuer
+gatewayAPI:
+  enabled: false
+  gateway: gateway
+  hostName: auth.local

@@ -30,26 +30,56 @@ releases:
     needs:
     - kpg-postgresql
     strategicMergePatches:
+      {{- if not .Values.virtualService.enabled }}
+      - apiVersion: networking.istio.io/v1beta1
+        kind: VirtualService
+        metadata:
+          name: kpg-keycloak-originate-tls
+          namespace: {{ .Values.namespace }}
+        $patch: delete
+      {{- end }}
       - apiVersion: cert-manager.io/v1
         kind: Certificate
         metadata:
           name: kpg-keycloak-crt
           namespace: {{ .Values.namespace }}
+        {{- if .Values.virtualService.enabled }}
         spec:
           dnsNames:
             - {{ .Values.certificate.hostName }}
           issuerRef:
             name: {{ .Values.certificate.issuerRef }}
+        {{- else }}
+        $patch: delete
+        {{- end }}
       - apiVersion: networking.istio.io/v1beta1
         kind: VirtualService
         metadata:
           name: kpg-keycloak
           namespace: {{ .Values.namespace }}
+        {{- if .Values.virtualService.enabled }}
         spec:
           hosts:
             - {{ .Values.virtualService.hostName }}
           gateways:
             - {{ .Values.virtualService.gateway }}
+        {{- else }}
+        $patch: delete
+        {{- end }}
+      - apiVersion: gateway.networking.k8s.io/v1beta1
+        kind: HTTPRoute
+        metadata:
+          name: kpg-keycloak
+          namespace: {{ .Values.namespace }}
+        {{- if .Values.gatewayAPI.enabled }}
+        spec:
+          parentRefs:
+            - name: {{ .Values.gatewayAPI.gateway }}
+          hostnames:
+            - {{ .Values.gatewayAPI.hostName }}
+        {{- else }}
+        $patch: delete
+        {{- end }}
 
     jsonPatches:
       - target:
@@ -62,6 +92,7 @@ releases:
           - op: replace
             path: /spec/unsupported/podTemplate/spec/initContainers/0/image
             value: {{ .Values.postgresql.waitForPg.image }}
+      {{- if .Values.virtualService.enabled }}
       - target:
           kind: VirtualService
           name: kpg-keycloak
@@ -72,7 +103,5 @@ releases:
           - op: replace
             path: /spec/tls/0/match/0/sniHosts/0
             value: {{ .Values.virtualService.hostName }}
-#          - op: replace
-#            path: /spec/tls/0/match/0/sniHosts/0
-#            value: {{ .Values.virtualService.hostName }}
+      {{- end }}