ASM gateway CRD reference - Alibaba Cloud Service Mesh - Alibaba Cloud Documentation Center

Prerequisites

Add at least one Container Service for Kubernetes (ACK) cluster to your ASM instance. For details, see Add a cluster to an ASM instance.

Important

Deploy ASM gateways in the istio-system namespace. In Istio 1.6 and later, gateways deployed to other namespaces fail to start because they cannot retrieve the gateway configuration.

Configuration examples

Ingress gateway

Log on to the ASM console. In the left-side navigation pane, choose Service Mesh > Mesh Management.
On the Mesh Management page, click the name of the ASM instance. In the left-side navigation pane, choose ASM Gateways > Ingress Gateway.
On the Ingress Gateway page, click Create from YAML.

On the Create page, enter a name in the Name field, select istio-system from the Namespace drop-down list, paste the following YAML, and then click Create.

apiVersion: istio.alibabacloud.com/v1beta1
kind: IstioGateway
metadata:
  name: "myexample-customingressgateway"
  namespace: "istio-system"
spec:
  clusterIds:
    - "<cluster-id-1>"
    - "<cluster-id-2>"           # Deploy to multiple clusters
  cpu:
    targetAverageUtilization: 80
  env:
    - name: "envname1"
      value: "envvalue1"
  externalTrafficPolicy: Local
  gatewayType: ingress
  podLabels:
    key1: value1
  ports:
  - name: status-port
    port: 15020
    targetPort: 15020
  - name: http2
    port: 80
    targetPort: 80
  - name: https
    port: 443
    targetPort: 0
  - name: tls
    port: 15443
    targetPort: 15443
  replicaCount: 1
  resources:
    limits:
      cpu: '2'
      memory: 2G
    requests:
      cpu: 200m
      memory: 256Mi
  # Mount a ConfigMap volume (optional):
  # configVolumes:
  # - name: config-volume-lua
  #   configMapName: lua-libs
  #   mountPath: /var/lib/lua
  # Mount a Secret volume (optional):
  # secretVolumes:
  # - name: myexample-customingressgateway-certs
  #   secretName: istio-myexample-customingressgateway-certs
  #   mountPath: /etc/istio/myexample-customingressgateway-certs
  serviceType: LoadBalancer
  serviceAnnotations:
    service.beta.kubernetes.io/alicloud-loadbalancer-address-type: internet
  serviceLabels:
    serviceLabelKey1: "serviceLabelValue1"
  podAnnotations:
    podAnnotationsKey1: "podAnnotationsValue1"
  rollingMaxSurge: "100%"
  rollingMaxUnavailable: "25%"
  overrides:                     # Per-cluster overrides
    <cluster-id-1>:
      replicaCount: 1
      resources:
        limits:
          cpu: '2'
          memory: 2G
        requests:
          cpu: 200m
          memory: 256Mi
      serviceAnnotations:
        service.beta.kubernetes.io/alicloud-loadbalancer-address-type: internet
        service.beta.kubernetes.io/alibaba-cloud-loadbalancer-spec: "slb.s1.small"
    <cluster-id-2>:
      replicaCount: 2
      resources:
        limits:
          cpu: '4'
          memory: 4G
        requests:
          cpu: 400m
          memory: 512Mi
      serviceAnnotations:
        service.beta.kubernetes.io/alicloud-loadbalancer-address-type: internet
        service.beta.kubernetes.io/alibaba-cloud-loadbalancer-spec: "slb.s2.small"

Replace the following placeholders with actual values:

Placeholder	Description	Example
`<cluster-id-1>`	ID of the first target cluster	`c8a4b2xxxxxx`
`<cluster-id-2>`	ID of the second target cluster	`c9f3e7xxxxxx`

Note

To manage the ingress gateway with the Go client for Kubernetes, see Go struct definitions.

Verify the gateway Service:
1. Log on to the ACK console. In the left navigation pane, click Clusters.
2. Find the target cluster and click its name.
3. Select istio-system from the Namespace drop-down list.
4. Click the service name of the ingress gateway to view its details.
Verify the gateway pods:
1. Log on to the ACK console. In the left navigation pane, click Clusters.
2. On the Clusters page, find the cluster you want and click its name. In the left navigation pane, choose Workloads > Pods.
3. Select istio-system from the Namespace drop-down list.
4. Click a pod name of the ingress gateway to view its details.

Egress gateway

An egress gateway routes all outbound traffic in the mesh through a controlled exit point.

Log on to the ASM console. In the left-side navigation pane, choose Service Mesh > Mesh Management.
On the Mesh Management page, click the name of the ASM instance. In the left-side navigation pane, choose ASM Gateways > Egress Gateway.
On the Egress Gateway page, click Create from YAML.

On the Create page, enter a name in the Name field, select istio-system from the Namespace drop-down list, paste the following YAML, and then click Create.

apiVersion: istio.alibabacloud.com/v1beta1
kind: IstioGateway
metadata:
  name: egressgateway
  namespace: istio-system
spec:
  autoCreateGatewayYaml: false
  clusterIds:
    - <cluster-id>
  disableContainerPortExposed: true
  dnsPolicy: ClusterFirst
  gatewayType: egress
  hostNetwork: false
  podLabels:
    security.istio.io/tlsMode: istio
  ports:
    - name: http-0
      port: 80
      protocol: HTTP
      targetPort: 80
    - name: https-1
      port: 443
      protocol: HTTPS
      targetPort: 443
  readinessProbe: {}
  replicaCount: 1
  resources:
    limits:
      cpu: '2'
      memory: 4G
    requests:
      cpu: 200m
      memory: 256Mi
  rollingMaxSurge: 25%
  rollingMaxUnavailable: 25%
  runAsRoot: true
  serviceType: ClusterIP

Verify the gateway Service:
1. Log on to the ACK console. In the left navigation pane, click Clusters.
2. Find the target cluster and click its name.
3. Select istio-system from the Namespace drop-down list.
4. Click the service name of the egress gateway to view its details.
Verify the gateway pods:
1. Log on to the ACK console. In the left navigation pane, click Clusters.
2. On the Clusters page, find the cluster you want and click its name. In the left navigation pane, choose Workloads > Pods.
3. Select istio-system from the Namespace drop-down list.
4. Click a pod name of the egress gateway to view its details.

CRD field reference

Metadata

Field	Type	Description	Default
metadata.name	`string`	Gateway name. The generated Kubernetes Service and Deployment are both named `istio-{metadata.name}`.	None
metadata.namespace	`string`	Namespace for the gateway. The generated Service and Deployment reside in this namespace. Must be `istio-system` for Istio 1.6 and later.	`istio-system`

Gateway type and clusters

Field	Type	Description	Default
gatewayType	`string`	Gateway type. Valid values: ingress (routes inbound traffic), egress (routes outbound traffic).	`ingress`
clusterIds	`[]string`	IDs of the clusters where the gateway is deployed. All clusters must be managed by the current ASM instance.	None

Networking

Field	Type	Description	Default
ports	`[]ServicePort`	Ports and protocols for the gateway. Example: `name: http2, port: 80, targetPort: 80, protocol: HTTP2`. In ASM versions earlier than 1.9.7.107, set protocol to `TCP`.	None
serviceType	`string`	Kubernetes Service type. Valid values: LoadBalancer, NodePort, and ClusterIP. For egress gateways, typically set to `ClusterIP`. If a registered cluster does not support LoadBalancer Services, gateway creation may fail.	`LoadBalancer`
loadBalancerClass	`string`	Load balancer class for the gateway Service. Applies only when serviceType is `LoadBalancer`. Requires ASM v1.18 or later. For details, see Associate an NLB instance with an ingress gateway.	None
externalTrafficPolicy	`string`	Routing scope for inbound traffic. Cluster routes to cluster-wide endpoints; Local routes to node-local endpoints only. Applies to ingress gateways only.	`Cluster`
serviceAnnotations	`map[string]string`	Annotations on the gateway Service. Applies only when serviceType is `LoadBalancer`. Not typically configured for egress gateways. For common annotations, see Add annotations to the YAML file of a Service to configure CLB instances.	None
serviceLabels	`map[string]string`	Labels on the gateway Service.	None
hostNetwork	`bool`	Grants the gateway pod access to the host network namespace.	`false`
dnsPolicy	`string`	DNS policy for the gateway pod. For details, see DNS for Services and Pods.	`ClusterFirst`

Pod configuration

Field	Type	Description	Default
env	`[]EnvVar`	Environment variables for the gateway pod.	None
podLabels	`map[string]string`	Labels on the gateway pod.	None
podAnnotations	`map[string]string`	Annotations on the gateway pod.	None
nodeSelector	`map[string]string`	Node label selector for pod scheduling. Example: `nodeSelector: {key1: value1}`.	None
affinity	`Affinity`	Affinity rules for pod scheduling. For details, see Affinity and anti-affinity.	None
tolerations	`[]Toleration`	Tolerations that allow the pod to schedule onto nodes with matching taints. For details, see Taints and Tolerations.	None

Resources and scaling

Field	Type	Description	Default
replicaCount	`int32`	Number of pod replicas.	`1`
resources	`ResourceRequirements`	CPU and memory requests and limits for the gateway pod.	limits: cpu `2`, memory `2G`; requests: cpu `200m`, memory `256Mi`
rollingMaxSurge	`string`	Maximum number of pods (absolute or percentage) that can exceed the desired replica count during a rolling update.	`"100%"`
rollingMaxUnavailable	`string`	Maximum number of pods (absolute or percentage) that can be unavailable during a rolling update.	`"25%"`

Horizontal Pod Autoscaling (HPA)

Field	Type	Description	Default
cpu.targetAverageUtilization	`int32`	Target CPU utilization percentage (1--100) for HPA. When utilization exceeds this threshold, the replica count increases.	None
memory.targetAverageUtilization	`int32`	Target memory utilization percentage (1--100) for HPA. When utilization exceeds this threshold, the replica count increases.	None
maxReplicas	`int32`	Maximum replica count for HPA. Must be a positive integer.	None
minReplicas	`int32`	Minimum replica count for HPA. Must be a positive integer (minimum `1`).	None

Volumes

Field	Type	Description	Default
configVolumes	`[]ConfigVolume`	ConfigMap volumes mounted to the gateway pod. Each entry requires name, configMapName, and mountPath.	None
secretVolumes	`[]SecretVolume`	Secret volumes mounted to the gateway pod. Each entry requires name, secretName, and mountPath.	None

ConfigMap volume example:

configVolumes:
- name: config-volume-lua
  configMapName: lua-libs
  mountPath: /var/lib/lua

Secret volume example:

secretVolumes:
- name: myexample-customingressgateway-certs
  secretName: istio-myexample-customingressgateway-certs
  mountPath: /etc/istio/myexample-customingressgateway-certs

Kernel tuning

Field	Type	Description	Default
kernel.enabled	`bool`	Enables custom kernel parameter tuning for the gateway pod.	`false`
kernel.parameters	`KernelParameters`	Kernel sysctl parameters to apply. All values must be strings enclosed in double quotes because YAML interprets unquoted numbers as numeric values. Example: `net.core.somaxconn: "65535"`.	None

Supported kernel parameters:

Parameter	Parameter
`net.core.somaxconn`	`net.ipv4.tcp_max_orphans`
`net.core.netdev_max_backlog`	`net.ipv4.tcp_max_syn_backlog`
`net.ipv4.tcp_rmem`	`net.ipv4.tcp_no_metrics_save`
`net.ipv4.tcp_wmem`	`net.ipv4.tcp_autocorking`
`net.ipv4.ip_local_port_range`	`kernel.printk`
`net.ipv4.tcp_fin_timeout`	`vm.swappiness`
`net.ipv4.tcp_tw_timeout`	`net.ipv4.tcp_timestamps`
`net.ipv4.tcp_tw_reuse`	`net.ipv4.tcp_retries2`
`net.ipv4.tcp_tw_recycle`	`net.ipv4.tcp_slow_start_after_idle`

Note

Some kernel parameters may not be supported by the host kernel version, which causes the gateway pod to report errors. Run kubectl describe pod to view error details. Remove invalid parameters to allow the containers to start normally.

Compression (ingress gateways only)

Field	Type	Description	Default
compression.enabled	`bool`	Enables response compression on the ingress gateway.	`false`
compression.content_type	`[]string`	Content types eligible for compression, identified by the `Content-Type` header. Examples: text/html, application/json.	None
compression.min_content_length	`uint32`	Minimum response body size (in bytes, based on `Content-Length`) that triggers compression.	`30`
compression.disable_on_etag_header	`bool`	Disables compression for responses that include an `ETag` header when set to true.	`false`
compression.remove_accept_encoding_header	`bool`	Strips the `Accept-Encoding` header from requests before forwarding them upstream when set to true.	`false`
compression.gzip	`GzipConfig`	Gzip compression settings. Required to enable compression. To accept all defaults, set to `gzip: {}`.	None

Gzip settings

Field	Type	Description	Default
compression.gzip.memory_level	`uint32`	zlib memory usage level (1--9). Higher values use more memory but compress faster with better quality.	`5`
compression.gzip.compression_level	`string`	zlib compression level. Valid values: COMPRESSION_LEVEL_1 through COMPRESSION_LEVEL_9, DEFAULT_COMPRESSION, BEST_COMPRESSION, BEST_SPEED. See details below.	`DEFAULT_COMPRESSION`
compression.gzip.compression_strategy	`string`	zlib compression strategy. Valid values: DEFAULT_STRATEGY, FILTERED, FIXED, HUFFMAN_ONLY, RLE. See details below.	`DEFAULT_STRATEGY`
compression.gzip.window_bits	`uint32`	zlib sliding window size (9--15).	`12`
compression.gzip.chunk_size	`uint32`	zlib output buffer size in bytes.	`4096`

Compression levels:

Level	Equivalent	Behavior
COMPRESSION_LEVEL_1	BEST_SPEED	Fastest compression, lowest ratio
COMPRESSION_LEVEL_2 to COMPRESSION_LEVEL_6	Medium	Balanced speed and ratio
COMPRESSION_LEVEL_6	DEFAULT_COMPRESSION	Default balance of speed and ratio
COMPRESSION_LEVEL_7 to COMPRESSION_LEVEL_9	High	Highest ratio, slowest speed
COMPRESSION_LEVEL_9	BEST_COMPRESSION	Maximum compression ratio

Compression strategies:

Strategy	Use case
DEFAULT_STRATEGY	General-purpose. Produces good results in most cases.
FILTERED	Optimized for data with repeated patterns. Achieves higher ratios for text and generated data.
HUFFMAN_ONLY	Uses only Huffman coding. Best for static data that needs fast decompression.
RLE	Run-length encoding. Effective for repetitive sequences such as bitmap data.
FIXED	Uses a predefined coding tree instead of dynamically generated trees. Fast but low compression ratio.

Per-cluster overrides

Use overrides to configure distinct settings for specific clusters when clusterIds contains two or more entries. Each key is a cluster ID from the clusterIds array.

Field	Type	Description	Default
overrides	`map[string]Configuration`	Per-cluster configuration overrides.	None

Configurable override fields:

serviceAnnotations
podAnnotations
resources
replicaCount
HPA-related fields (ASM v1.16 or later)
serviceType (ASM v1.16 or later)

Example:

overrides:
  <cluster-id-1>:
    replicaCount: 2
    resources:
      limits:
        cpu: '4'
        memory: 4G
      requests:
        cpu: 400m
        memory: 512Mi
    serviceAnnotations:
      service.beta.kubernetes.io/alibaba-cloud-loadbalancer-spec: "slb.s2.small"

Fields that trigger rolling restarts

Changing the following fields causes a rolling restart of the gateway pods. Review these changes carefully before applying them to production environments.

Field	Notes
env
ports	In ASM v1.16 and later, changes to ports no longer trigger a rolling restart.
configVolumes
resources
secretVolumes
podLabels
podAnnotations
kernel.enabled
kernel.parameters
hostNetwork
dnsPolicy
nodeSelector	Subject to pod scheduling constraints.
affinity	Subject to pod scheduling constraints.
tolerations	Subject to pod scheduling constraints.

Go struct definitions

Use the following Go type definitions to manage IstioGateway resources programmatically with a Go client for Kubernetes.

Expand to view Go structs

package v1beta1

import (
    corev1 "k8s.io/api/core/v1"
    metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

type GatewayType string
type ConfigState string

const (
    GatewayTypeIngress GatewayType = "ingress"
    GatewayTypeEgress  GatewayType = "egress"
)

// IstioGatewaySpec defines the desired state of Istio
// +k8s:openapi-gen=true
type IstioGatewaySpec struct {
    // +kubebuilder:validation:Enum=ingress;egress
    GatewayType                    GatewayType `json:"gatewayType,omitempty"`
    IstioGatewayBasicConfiguration `json:",inline"`
    ClusterIds                     []string                                  `json:"clusterIds,omitempty"`
    clusterId                      string                                    `json:"clusterId,omitempty"`
    Overrides                      map[string]IstioGatewayBasicConfiguration `json:"overrides,omitempty"`
}

type KernelParameters struct {
    NetCoreSoMaxConn             *string `json:"net.core.somaxconn,omitempty"`
    NetCoreNetdevMaxBacklog      *string `json:"net.core.netdev_max_backlog,omitempty"`
    NetIpv4TcpRMem               *string `json:"net.ipv4.tcp_rmem,omitempty"`
    NetIpv4TcpWMem               *string `json:"net.ipv4.tcp_wmem,omitempty"`
    NetIpv4IpLocalPortRange      *string `json:"net.ipv4.ip_local_port_range,omitempty"`
    NetIpv4TcpFinTimeout         *string `json:"net.ipv4.tcp_fin_timeout,omitempty"`
    NetIpv4TcpTwTimeout          *string `json:"net.ipv4.tcp_tw_timeout,omitempty"`
    NetIpv4TcpTwReuse            *string `json:"net.ipv4.tcp_tw_reuse,omitempty"`
    NetIpv4TcpTwRecycle          *string `json:"net.ipv4.tcp_tw_recycle,omitempty"`
    NetIpv4TcpTimestamps         *string `json:"net.ipv4.tcp_timestamps,omitempty"`
    NetIpv4TcpRetries2           *string `json:"net.ipv4.tcp_retries2,omitempty"`
    NetIpv4TcpSlowStartAfterIdle *string `json:"net.ipv4.tcp_slow_start_after_idle,omitempty"`
    NetIpv4TcpMaxOrphans         *string `json:"net.ipv4.tcp_max_orphans,omitempty"`
    NetIpv4TcpMaxSynBacklog      *string `json:"net.ipv4.tcp_max_syn_backlog,omitempty"`
    NetIpv4TcpNoMetricsSave      *string `json:"net.ipv4.tcp_no_metrics_save,omitempty"`
    NetIpv4TcpAutocorking        *string `json:"net.ipv4.tcp_autocorking,omitempty"`
    KernelPrintk                 *string `json:"kernel.printk,omitempty"`
    VmSwappiness                 *string `json:"vm.swappiness,omitempty"`
}

type KernelConfiguration struct {
    Enabled    *bool            `json:"enabled,omitempty"`
    Parameters KernelParameters `json:"parameters,omitempty"`
}

type GzipCompressorConfiguration struct {
    MemoryLevel         *uint32 `json:"memory_level,omitempty"`
    CompressionLevel    *string `json:"compression_level,omitempty"`
    CompressionStrategy *string `json:"compression_strategy,omitempty"`
    WindowBits          *uint32 `json:"window_bits,omitempty"`
    ChunkSize           *uint32 `json:"chunk_size,omitempty"`
}

type CompressorConfiguration struct {
    Enabled                    *bool                        `json:"enabled,omitempty"`
    MinContentLength           *uint32                      `json:"min_content_length,omitempty"`
    ContentType                *[]string                    `json:"content_type,omitempty"`
    DisableOnETagHeader        *bool                        `json:"disable_on_etag_header,omitempty"`
    RemoveAcceptEncodingHeader *bool                        `json:"remove_accept_encoding_header,omitempty"`
    Gzip                       *GzipCompressorConfiguration `json:"gzip,omitempty"`
}

type ReadinessProbeConfiguration struct {
    FailureThreshold int32 `json:"failureThreshold,omitempty"`
    PeriodSeconds    int32 `json:"periodSeconds,omitempty"`
    SuccessThreshold int32 `json:"successThreshold,omitempty"`
}

// +k8s:openapi-gen=true
type IstioGatewayBasicConfiguration struct {
    ReplicaCount     int32 `json:"replicaCount,omitempty"`
    AutoscaleEnabled bool  `json:"autoscaleEnabled,omitempty"`
    MinReplicas      int32 `json:"minReplicas,omitempty"`
    MaxReplicas      int32 `json:"maxReplicas,omitempty"`
    // +kubebuilder:validation:Enum=ClusterIP;NodePort;LoadBalancer
    ServiceType           corev1.ServiceType           `json:"serviceType,omitempty"`
    LoadBalancerIP        string                       `json:"loadBalancerIP,omitempty"`
    ExternalTrafficPolicy string                       `json:"externalTrafficPolicy,omitempty"`
    ServiceAnnotations    map[string]string            `json:"serviceAnnotations,omitempty"`
    PodAnnotations        map[string]string            `json:"podAnnotations,omitempty"`
    ServiceLabels         map[string]string            `json:"serviceLabels,omitempty"`
    PodLabels             map[string]string            `json:"podLabels,omitempty"`
    Resources             *corev1.ResourceRequirements `json:"resources,omitempty"`
    EnvVars               []corev1.EnvVar              `json:"env,omitempty"`
    Ports                 []corev1.ServicePort         `json:"ports,omitempty"`
    MeshExpansionPorts    []corev1.ServicePort         `json:"meshExpansionPorts,omitempty"`
    NodeSelector          map[string]string            `json:"nodeSelector,omitempty"`
    ApplicationPorts      string                       `json:"applicationPorts,omitempty"`
    RequestedNetworkView  string                       `json:"requestedNetworkView,omitempty"`
    Affinity              *corev1.Affinity             `json:"affinity,omitempty"`
    Tolerations           []corev1.Toleration          `json:"tolerations,omitempty"`
    SecretVolumes         []SecretVolume               `json:"secretVolumes,omitempty"`
    ConfigVolumes         []ConfigVolume               `json:"configVolumes,omitempty"`
    RollingMaxSurge       *string                      `json:"rollingMaxSurge,omitempty"`
    RollingMaxUnavailable *string                      `json:"rollingMaxUnavailable,omitempty"`
    CPU                   HpaCPU                       `json:"cpu,omitempty"`
    Memory                HpaMemory                    `json:"memory,omitempty"`
    Kernel                KernelConfiguration          `json:"kernel,omitempty"`
    Compressor            CompressorConfiguration      `json:"compression,omitempty"`
    RunAsRoot             *bool                        `json:"runAsRoot,omitempty"`
    Lifecycle             *corev1.Lifecycle            `json:"lifecycle,omitempty"`
    ReadinessProbe        ReadinessProbeConfiguration  `json:"readinessProbe,omitempty"`
    HostNetwork           *bool                        `json:"hostNetwork,omitempty"`
    DnsPolicy             corev1.DNSPolicy             `json:"dnsPolicy,omitempty"`
    AutoCreateGatewayYaml *bool                        `json:"autoCreateGatewayYaml,omitempty"`
}

type SecretVolume struct {
    Name       string `json:"name,omitempty"`
    SecretName string `json:"secretName,omitempty"`
    MountPath  string `json:"mountPath,omitempty"`
}

type ConfigVolume struct {
    Name          string `json:"name,omitempty"`
    ConfigMapName string `json:"configMapName,omitempty"`
    MountPath     string `json:"mountPath,omitempty"`
}

// +k8s:openapi-gen=true
type HpaCPU struct {
    TargetAverageUtilization *int32 `json:"targetAverageUtilization,omitempty"`
}

// +k8s:openapi-gen=true
type HpaMemory struct {
    TargetAverageUtilization *int32 `json:"targetAverageUtilization,omitempty"`
}

// +k8s:openapi-gen=true
type IstioGatewayStatus struct {
    Status                     ConfigState      `json:"Status,omitempty"`
    GatewayAddress             []string         `json:"GatewayAddress,omitempty"`
    ClusterIdGatewayAddressMap []GatewayAddress `json:"ClusterIdGatewayAddressMap,omitempty"`
    ErrorMessage string `json:"ErrorMessage,omitempty"`
}

// +k8s:openapi-gen=true
type GatewayAddress struct {
    IPAddress string `json:"ipAddress,omitempty"`
    ClusterId string `json:"clusterId,omitempty"`
}

// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// IstioGateway is the Schema for the istiogateways API
// +k8s:openapi-gen=true
// +kubebuilder:subresource:status
type IstioGateway struct {
    metav1.TypeMeta   `json:",inline"`
    metav1.ObjectMeta `json:"metadata,omitempty"`

    Spec   IstioGatewaySpec   `json:"spec,omitempty"`
    Status IstioGatewayStatus `json:"status,omitempty"`
}

// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// IstioGatewayList contains a list of IstioGateway
type IstioGatewayList struct {
    metav1.TypeMeta `json:",inline"`
    metav1.ListMeta `json:"metadata,omitempty"`
    Items           []IstioGateway `json:"items"`
}