diff --git a/calico-enterprise/networking/ingress-gateway/create-ingress-gateway.mdx b/calico-enterprise/networking/ingress-gateway/create-ingress-gateway.mdx
index f3316997c6..ce5e08de95 100644
--- a/calico-enterprise/networking/ingress-gateway/create-ingress-gateway.mdx
+++ b/calico-enterprise/networking/ingress-gateway/create-ingress-gateway.mdx
@@ -2,6 +2,9 @@
description: Deploy a Calico Ingress Gateway in a Calico Enterprise cluster by applying GatewayAPI and Gateway resources tied to the Tigera-managed gateway class.
---
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+
# Create an ingress gateway
Create an ingress gateway to manage ingress traffic with the Kubernetes Gateway API.
@@ -33,7 +36,32 @@ You need to do the following:
allow traffic through the gateway by adding the `tigera-gateway` namespace to the list of excluded namespaces in the
`namespaceSelector` field.
-1. To enable Gateway API support, create a `GatewayAPI` resource with the name `tigera-secure`:
+1. Enable Gateway API support by creating a `GatewayAPI` resource named `tigera-secure`. You can enable it at install time with Helm, or at any time with `kubectl`. Both methods create the same `tigera-secure` resource and the default `tigera-gateway-class`.
+
+
+
+
+ When you [install $[prodname] with Helm](../../getting-started/install-on-clusters/kubernetes/helm.mdx), set `gatewayAPI.enabled` to `true` in your `values.yaml`:
+
+ ```yaml title='values.yaml'
+ gatewayAPI:
+ enabled: true
+ ```
+
+ The Tigera Operator creates the `tigera-secure` `GatewayAPI` resource as part of the installation. To customize the gateway, set any [`GatewayAPI` spec field](../../reference/installation/api.mdx#gatewayapispec) under `gatewayAPI:` — for example, to [define additional gateway classes](customize-ingress-gateway.mdx#configure-multiple-gateway-classes):
+
+ ```yaml title='values.yaml'
+ gatewayAPI:
+ enabled: true
+ gatewayClasses:
+ - name: tigera-gateway-class
+ - name: internal-gateway-class
+ ```
+
+
+
+
+ If $[prodname] is already installed, create the `GatewayAPI` resource directly:
```bash
kubectl apply -f - <
+
+
The Tigera Operator pulls and sets up the hardened Envoy Gateway images.
This gives you a set of Gateway API resources, including the `GatewayClass` resource you need to create your gateway.
diff --git a/calico-enterprise/networking/ingress-gateway/customize-ingress-gateway.mdx b/calico-enterprise/networking/ingress-gateway/customize-ingress-gateway.mdx
index 30358a2faf..97aeaa11be 100644
--- a/calico-enterprise/networking/ingress-gateway/customize-ingress-gateway.mdx
+++ b/calico-enterprise/networking/ingress-gateway/customize-ingress-gateway.mdx
@@ -24,6 +24,10 @@ For full details, see [the `GatewayAPI` reference documentation](../../reference
To make use of these customization fields, use `kubectl edit gatewayapi tigera-secure` to edit the YAML for the `GatewayAPI` resource, and add or modify the customization fields that you require.
+:::tip
+You can also set these fields at install time. When you [install $[prodname] with Helm](../../getting-started/install-on-clusters/kubernetes/helm.mdx), add any `GatewayAPI` spec field under `gatewayAPI:` in your `values.yaml`, alongside `enabled: true`.
+:::
+
### Customization examples
This section contains examples of common customizations.
diff --git a/calico-enterprise/reference/installation/helm_customization.mdx b/calico-enterprise/reference/installation/helm_customization.mdx
index bc3bcdb5ab..8aface888a 100644
--- a/calico-enterprise/reference/installation/helm_customization.mdx
+++ b/calico-enterprise/reference/installation/helm_customization.mdx
@@ -17,6 +17,7 @@ You can customize the following resources and settings during $[prodname] Helm-b
- [Policy recommendation](api.mdx#policyrecommendationspec)
- [Authentication](api.mdx#authenticationspec)
- [Application layer](api.mdx#applicationlayerspec)
+- [Gateway API (Calico Ingress Gateway)](api.mdx#gatewayapispec)
- [Amazon cloud integration](api.mdx#amazoncloudintegrationspec)
- [Default felix configuration](../resources/felixconfig.mdx#spec)
@@ -78,6 +79,10 @@ applicationLayer:
enabled: false
+gatewayAPI:
+ enabled: false
+
+
amazonCloudIntegration:
enabled: false