Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,9 @@
description: Deploy a Calico Ingress Gateway in a Calico Enterprise cluster by applying GatewayAPI and Gateway resources tied to the Tigera-managed gateway class.
---

import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';

# Create an ingress gateway

Create an ingress gateway to manage ingress traffic with the Kubernetes Gateway API.
Expand Down Expand Up @@ -33,7 +36,32 @@ You need to do the following:
allow traffic through the gateway by adding the `tigera-gateway` namespace to the list of excluded namespaces in the
`namespaceSelector` field.

1. To enable Gateway API support, create a `GatewayAPI` resource with the name `tigera-secure`:
1. Enable Gateway API support by creating a `GatewayAPI` resource named `tigera-secure`. You can enable it at install time with Helm, or at any time with `kubectl`. Both methods create the same `tigera-secure` resource and the default `tigera-gateway-class`.

<Tabs groupId="cig-enable">

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Worth previewing the rendered page — <Tabs> nested inside an ordered-list item can render oddly in Docusaurus (list numbering / indentation). Low risk, just confirm it looks right in the build.

<TabItem label="Helm (at install time)" value="helm" default>

When you [install $[prodname] with Helm](../../getting-started/install-on-clusters/kubernetes/helm.mdx), set `gatewayAPI.enabled` to `true` in your `values.yaml`:

```yaml title='values.yaml'
gatewayAPI:
enabled: true
```

The Tigera Operator creates the `tigera-secure` `GatewayAPI` resource as part of the installation. To customize the gateway, set any [`GatewayAPI` spec field](../../reference/installation/api.mdx#gatewayapispec) under `gatewayAPI:` — for example, to [define additional gateway classes](customize-ingress-gateway.mdx#configure-multiple-gateway-classes):

```yaml title='values.yaml'
gatewayAPI:
enabled: true
gatewayClasses:
- name: tigera-gateway-class
- name: internal-gateway-class
```

</TabItem>
<TabItem label="kubectl (after installation)" value="kubectl">

If $[prodname] is already installed, create the `GatewayAPI` resource directly:

```bash
kubectl apply -f - <<EOF
Expand All @@ -43,6 +71,10 @@ You need to do the following:
name: tigera-secure
EOF
```

</TabItem>
</Tabs>

The Tigera Operator pulls and sets up the hardened Envoy Gateway images.
This gives you a set of Gateway API resources, including the `GatewayClass` resource you need to create your gateway.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,10 @@ For full details, see [the `GatewayAPI` reference documentation](../../reference

To make use of these customization fields, use `kubectl edit gatewayapi tigera-secure` to edit the YAML for the `GatewayAPI` resource, and add or modify the customization fields that you require.

:::tip
You can also set these fields at install time. When you [install $[prodname] with Helm](../../getting-started/install-on-clusters/kubernetes/helm.mdx), add any `GatewayAPI` spec field under `gatewayAPI:` in your `values.yaml`, alongside `enabled: true`.
:::

### Customization examples

This section contains examples of common customizations.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ You can customize the following resources and settings during $[prodname] Helm-b
- [Policy recommendation](api.mdx#policyrecommendationspec)
- [Authentication](api.mdx#authenticationspec)
- [Application layer](api.mdx#applicationlayerspec)
- [Gateway API (Calico Ingress Gateway)](api.mdx#gatewayapispec)
- [Amazon cloud integration](api.mdx#amazoncloudintegrationspec)
- [Default felix configuration](../resources/felixconfig.mdx#spec)

Expand Down Expand Up @@ -78,6 +79,10 @@ applicationLayer:
enabled: false
<if enabled is true: applicationLayer resource spec fields to configure>

gatewayAPI:
enabled: false
<if enabled is true: GatewayAPI resource spec fields to configure>

amazonCloudIntegration:
enabled: false
<if enabled is true: amazonCloudIntegration resource spec fields to configure>
Expand Down