There are now 2 gateway-api-gateways(http/https); add explicit gateway

support to http-support, and handle $scheme better.

 apiVersion: gateway.networking.k8s.io/v1beta1
 kind: Gateway
 metadata:
-  name: gateway
+  name: gateway-http
 spec:
   gatewayClassName: istio
   listeners:
     - name: http-all
       port: 80
       protocol: HTTP
+---
+apiVersion: gateway.networking.k8s.io/v1beta1
+kind: Gateway
+metadata:
+  name: gateway-https
+spec:
+  gatewayClassName: istio
+  listeners:
     - name: https-base
       protocol: HTTPS
       port: 443

@@ -38,22 +38,32 @@ releases:
           group: gateway.networking.k8s.io
           kind: Gateway
           namespace: {{ .Values.namespace }}
-          name: {{ .Values.name }}-gateway
+          name: {{ .Values.name }}-gateway-http
         patch:
           - op: replace
             path: /spec/gatewayClassName
             value: {{ .Values.gatewayClassName }}
+      - target:
+          version: v1beta1
+          group: gateway.networking.k8s.io
+          kind: Gateway
+          namespace: {{ .Values.namespace }}
+          name: {{ .Values.name }}-gateway-https
+        patch:
           - op: replace
-            path: /spec/listeners/1/hostname
+            path: /spec/gatewayClassName
+            value: {{ .Values.gatewayClassName }}
+          - op: replace
+            path: /spec/listeners/0/hostname
             value: {{ .Values.base.domain }}
           - op: replace
-            path: /spec/listeners/1/tls/certificateRefs/0/name
+            path: /spec/listeners/0/tls/certificateRefs/0/name
             value: {{ .Values.name }}-exact-cert
           - op: replace
-            path: /spec/listeners/2/hostname
+            path: /spec/listeners/1/hostname
             value: "*.{{ .Values.base.domain }}"
           - op: replace
-            path: /spec/listeners/2/tls/certificateRefs/0/name
+            path: /spec/listeners/1/tls/certificateRefs/0/name
             value: {{ .Values.name }}-subs-cert
       - target:
           version: v1

 namespace: default
 istio:
   enabled: true
-  gateway: istio-system/cluster-local-gateway
 gatewayAPI:
   enabled: false
-  gateway: gateway
 redirect:
   - hosts:
       - example.com
     target: www.example.com
+    scheme: https
+    istio:
+      gateway: istio-system/cluster-local-gateway
+    gatewayAPI:
+      gateway: gateway-http
+  - hosts:
+      - "*"
+    scheme: https
+    istio:
+      gateway: istio-system/cluster-local-gateway
+    gatewayAPI:
+      gateway: gateway-http
 proxy:
   - frontend:
       host: www.example.com
@@ -19,6 +29,10 @@ proxy:
       stub: real.example.com
       address: 8.8.8.8
     authority: www.example.com
+    istio:
+      gateway: istio-system/cluster-local-gateway
+    gatewayAPI:
+      gateway: gateway-https
     config: |
       server {
               server_name www.example.com;

@@ -19,6 +19,8 @@ releases:
       - raw:
           resources:
             {{- range $redirect_index, $redirect := .Values.redirect }}
+              {{- $scheme := $redirect | get "scheme" "http" }}
+              {{- $target := $redirect | get "target" "" }}
               {{- if $.Values.istio.enabled }}
             - apiVersion: networking.istio.io/v1alpha3
               kind: VirtualService
@@ -28,14 +30,16 @@ releases:
                 hosts:
                   {{- $redirect.hosts | toYaml | nindent 20 }}
                 gateways:
-                  - {{ $.Values.istio.gateway }}
+                  - {{ $redirect.istio.gateway }}
                 http:
                   - match:
                       - uri:
                           prefix: /
                     redirect:
                       redirectCode: 302
-                      authority: {{ $redirect.target }}
+                      authority: {{ $target }}
+                      scheme: {{ $scheme }}
+                      derivePort: FROM_PROTOCOL_DEFAULT
               {{- end }}
               {{- if $.Values.gatewayAPI.enabled }}
             - apiVersion: gateway.networking.k8s.io/v1beta1
@@ -44,7 +48,7 @@ releases:
                 name: http-support-redirect-{{ $redirect_index }}-{{ index $redirect.hosts 0 }}
               spec:
                 parentRefs:
-                  - name: {{ $.Values.gatewayAPI.gateway }}
+                  - name: {{ $redirect.gatewayAPI.gateway }}
                 hostnames:
                   {{- $redirect.hosts | toYaml | nindent 20 }}
                 rules:
@@ -55,9 +59,10 @@ releases:
                     filters:
                       - type: RequestRedirect
                         requestRedirect:
-                          scheme: https
+                          scheme: {{ $scheme }}
                           statusCode: 302
-                          hostname: {{ $redirect.target }}
+                          hostname: {{ $target }}
+                          port: {{ if eq $scheme "https" }}443{{ else }}80{{ end }}
               {{- end }}
             {{- end }}
             - apiVersion: v1
@@ -90,7 +95,7 @@ releases:
                 hosts:
                   - {{ $proxy.frontend.host }}
                 gateways:
-                  - {{ $.Values.istio.gateway }}
+                  - {{ $proxy.istio.gateway }}
                 http:
                   - match:
                       - uri:
@@ -119,7 +124,7 @@ releases:
                 name: http-support-proxy-{{ $proxy_index }}-{{ index $proxy.frontend.host 0 }}
               spec:
                 parentRefs:
-                  - name: {{ $.Values.gatewayAPI.gateway }}
+                  - name: {{ $proxy.gatewayAPI.gateway }}
                 hostnames:
                   - {{ $proxy.frontend.host }}
                 rules: