All Products
Search
Document Center

Alibaba Cloud Service Mesh:CRD fields for an ASM gateway

Last Updated:Jul 10, 2024

Service Mesh (ASM) provides a CustomResourceDefinition (CRD) API resource whose kind is IstioGateway and apiVersion is istio.alibabacloud.com/v1beta1. In addition, ASM provides a controller to manage the resource. The controller monitors the changes in the CRD and updates the Service, Deployment, and ServiceAccount of the Kubernetes cluster in which the controller runs. This topic describes the configuration examples and CRD fields for an ASM gateway.

Configuration examples

Prerequisites

A Container Service for Kubernetes (ACK) cluster is added to your ASM instance. For more information, see Add a cluster to an ASM instance.

Important

ASM gateways must be deployed in the istio-system namespace. This way, when you start an ASM gateway, the configurations of the ASM gateway can be obtained to ensure a successful startup. If the Istio version of your instance is 1.6 or later and you deploy an ASM gateway in another namespace, the ASM gateway cannot be started up due to a failure to obtain the gateway configurations.

Example 1: Create and manage an ingress gateway by using the Kubernetes API

  1. Log on to the ASM console. In the left-side navigation pane, choose Service Mesh > Mesh Management.

  2. On the Mesh Management page, click the name of the ASM instance. In the left-side navigation pane, choose ASM Gateways > Ingress Gateway.

  3. On the Ingress Gateway page, click Create from YAML.

  4. On the Create page, enter a name for the ingress gateway in the Name field, select istio-system from the Namespace drop-down list, configure the following fields in the YAML file, and then click Create.

    For more information about CRD fields, see CRD fields.

    Expand to view the YAML file

    apiVersion: istio.alibabacloud.com/v1beta1
    kind: IstioGateway
    metadata:   
      name: "myexample-customingressgateway"  
      namespace: "istio-system"
    spec:  
      clusterIds:
        - "${Actual cluster ID}"
        - "${Actual cluster ID}" # The ASM gateway can be deployed in multiple clusters. 
      cpu: 
        targetAverageUtilization: 80
      env:
        - name: "envname1"
          value: "envvalue1"
      externalTrafficPolicy: Local
      gatewayType: ingress
      podLabels:
        key1: value1
      ports:  
      - name: status-port    
        port: 15020    
        targetPort: 15020  
      - name: http2    
        port: 80    
        targetPort: 80  
      - name: https    
        port: 443    
        targetPort: 0  
      - name: tls    
        port: 15443    
        targetPort: 15443  
      replicaCount: 1  
      resources:
        limits:
          cpu: '2'
          memory: 2G
        requests:
          cpu: 200m
          memory: 256Mi
    # - name: config-volume-lua
    #  configMapName: lua-libs
    #  mountPath: /var/lib/lua
    # secretVolumes:
    # - name: myexample-customingressgateway-certs
    #   secretName: istio-myexample-customingressgateway-certs
    #   mountPath: /etc/istio/myexample-customingressgateway-certs
      serviceType: LoadBalancer  
      serviceAnnotations:    
        service.beta.kubernetes.io/alicloud-loadbalancer-address-type: internet  
      serviceLabels:
        serviceLabelKey1: "serviceLabelValue1"
      podAnnotations:
        podAnnotationsKey1: "podAnnotationsValue1"
      rollingMaxSurge: "100%"
      rollingMaxUnavailable: "25%"
      overrides:
        cluster1Id:
          replicaCount: 1 
          resources:
            limits:
              cpu: '2'
              memory: 2G
            requests:
              cpu: 200m
              memory: 256Mi
          serviceAnnotations:    
            service.beta.kubernetes.io/alicloud-loadbalancer-address-type: internet
            service.beta.kubernetes.io/alibaba-cloud-loadbalancer-spec: "slb.s1.small"
        cluster2Id:
          replicaCount: 2
          resources:
            limits:
              cpu: '4'
              memory: 4G
            requests:
              cpu: 400m
              memory: 512Mi
          serviceAnnotations:    
            service.beta.kubernetes.io/alicloud-loadbalancer-address-type: internet
            service.beta.kubernetes.io/alibaba-cloud-loadbalancer-spec: "slb.s2.small"

    Note

    If you need to use Go Client for Kubernetes to manage the ingress gateway, see Go structs for an ASM gateway.

  5. View the service information of the ingress gateway by performing the following steps:

    1. Log on to the ACK console. In the left-side navigation pane, click Clusters.

    2. On the Clusters page, find the cluster that you want to manage and click its name. In the left-side pane, choose Network > Services.

    3. In the upper part of the Services page, select istio-system from the Namespace drop-down list.

    4. In the list of services, click the name of the service of the desired ingress gateway to view its information.

  6. View the pod information of the ingress gateway.

    1. Log on to the ACK console. In the left-side navigation pane, click Clusters.

    2. On the Clusters page, find the cluster that you want to manage and click its name. In the left-side pane, choose Workloads > Pods.

    3. In the upper part of the Pods page, select istio-system from the Namespace drop-down list.

    4. In the list of pods, find a pod of the ingress gateway and click the pod name to view the pod information.

Example 2: Create and manage an egress gateway by using the Kubernetes API

ASM provides the egress gateway service to route all outbound traffic in the mesh.

  1. Log on to the ASM console. In the left-side navigation pane, choose Service Mesh > Mesh Management.

  2. On the Mesh Management page, click the name of the ASM instance. In the left-side navigation pane, choose ASM Gateways > Egress Gateway.

  3. On the Egress Gateway page, click Create from YAML.

  4. On the Create page, enter a name for the egress gateway in the Name field, select istio-system from the Namespace drop-down list, configure the following fields in the YAML file, and then click Create.

    For more information about CRD fields, see CRD fields.

    Expand to view the YAML file

    apiVersion: istio.alibabacloud.com/v1beta1
    kind: IstioGateway
    metadata:
      name: egressgateway
      namespace: istio-system
    spec:
      autoCreateGatewayYaml: false
      clusterIds:
        - ${Actual cluster ID}
      disableContainerPortExposed: true
      dnsPolicy: ClusterFirst
      gatewayType: egress
      hostNetwork: false
      podLabels:
        security.istio.io/tlsMode: istio
      ports:
        - name: http-0
          port: 80
          protocol: HTTP
          targetPort: 80
        - name: https-1
          port: 443
          protocol: HTTPS
          targetPort: 443
      readinessProbe: {}
      replicaCount: 1
      resources:
        limits:
          cpu: '2'
          memory: 4G
        requests:
          cpu: 200m
          memory: 256Mi
      rollingMaxSurge: 25%
      rollingMaxUnavailable: 25%
      runAsRoot: true
      serviceType: ClusterIP
  5. View the service information of the egress gateway by performing the following steps:

    1. Log on to the ACK console. In the left-side navigation pane, click Clusters.

    2. On the Clusters page, find the cluster that you want to manage and click its name. In the left-side pane, choose Network > Services.

    3. In the upper part of the Services page, select istio-system from the Namespace drop-down list.

    4. In the list of services, click the name of the service of the desired egress gateway to view its information.

  6. View the pod information of the egress gateway.

    1. Log on to the ACK console. In the left-side navigation pane, click Clusters.

    2. On the Clusters page, find the cluster that you want to manage and click its name. In the left-side pane, choose Workloads > Pods.

    3. In the upper part of the Pods page, select istio-system from the Namespace drop-down list.

    4. In the list of pods, find a pod of the egress gateway and click the pod name to view the pod information.

CRD fields

Field

Description

Default value

metadata.name

The name of the ASM gateway. The generated Kubernetes Service and Deployment are both named istio-{Value of the metadata.name field}.

None

metadata.namespace

The namespace in which the ASM gateway is deployed. The generated Kubernetes Service and Deployment reside in this namespace.

Important

To ensure that the generated Kubernetes service and deployment are available in Istio 1.6 and later, the namespace must be istio-system.

istio-system

clusterIds

The IDs of the clusters in which you want to deploy the ASM gateway. The value is an array. The clusters must be managed in the current ASM instance.

None

env

The environment variables of the ASM gateway pod. The value is an array.

None

externalTrafficPolicy

Specifies whether the gateway routes inbound traffic to node-local or cluster-wide endpoints. Valid values: Cluster or Local.

Note

This field is available only for ingress gateways.

Cluster

ports

The ports and protocols that are defined for the ASM gateway pod. The value is an array. For example,

  • name: http2 port: 80 targetPort: 80 protocol: HTTP2

  • name: https port: 443 targetPort: 443 protocol: HTTPS

Note

In versions earlier than 1.9.7.107, the protocol field must be set to TCP.

None

gatewayType

The type of the ASM gateway. Valid values: ingress and egress.

  • ingress: indicates an ingress gateway that routes all inbound traffic in the mesh.

  • egress: indicates an egress gateway that routes all outbound traffic in the mesh.

ingress

replicaCount

The number of pod replicas.

1

configVolumes

The information about the ConfigMap volume that is mounted to the ASM gateway pod. Example:

- name: config-volume-lua
  configMapName: lua-libs
  mountPath: /var/lib/lua

None

resources

The resource configurations of the ASM gateway pod.

  • limits:

    • cpu: '2'

    • memory: 2G

  • requests:

    • cpu: 200m

    • memory: 256Mi

secretVolumes

The information about the secret volume that is mounted to the ASM gateway pod. Example:

- name: myexample-customingressgateway-certs
  secretName: istio-myexample-customingressgateway-certs
  mountPath: /etc/istio/myexample-customingressgateway-certs

None

serviceType

The service type of the ASM gateway. Valid values: LoadBalancer, NodePort, and ClusterIP. For egress gateways, the value of this field is usually set to ClusterIP.

Important

If you use a registered cluster on the data plane and this field is set to LoadBalancer, make sure that the cluster supports LoadBalancer Services. Otherwise, ASM gateways may fail to be created.

LoadBalancer

loadBalancerClass

The loadBalancerClass of the ASM gateway. This field is valid only when the serviceType parameter is set to LoadBalancer. This field is supported by ASM instances of v1.18 or later. For more information, see Associate an NLB instance with an ingress gateway.

None

serviceAnnotations

The annotations of the ASM gateway. Example: service.beta.kubernetes.io/alibaba-cloud-loadbalancer-connection-drain: 'on' service.beta.kubernetes.io/alibaba-cloud-loadbalancer-connection-drain-timeout: '20'. For more information about common annotations, see Add annotations to the YAML file of a Service to configure CLB instances.

Note

This field is available only for gateways whose serviceType is LoadBalancer. For egress gateways, this field is usually not configured.

None

serviceLabels

The labels of the ASM gateway.

None

podLabels

The labels of the ASM gateway pod.

None

podAnnotations

The annotations of the ASM gateway pod.

None

rollingMaxSurge

The maximum number of pods that are scheduled above the expected number of replicas during a rolling update. The value can be an absolute value or a percentage.

"100%"

rollingMaxUnavailable

The maximum number of pods that can be unavailable during a rolling update. The value can be an absolute value or a percentage.

"25%"

overrides

Configures distinct settings for specific clusters. This field is available when the clusterIds field specifies two or more clusters. You can use this field when you want to configure specific clusters with settings that are different from the preceding cluster settings. The value is of the MAP type that contains key-value pairs.

Note
  • key: a cluster ID that is specified in the clusterIds field.

  • The following list describes some parameters that you can configure under the overrides field:

    • serviceAnnotations

    • podAnnotations

    • resources

    • replicaCount

    • Horizontal Pod Autoscaling (HPA)-related configurations (supported in an ASM instance of version 1.16 or later)

    • serviceType (supported in an ASM instance of version 1.16 or later)

None

kernel.enabled

Specifies whether to enable custom kernel fields.

false

kernel.parameters

The kernel fields. The following kernel fields are supported:

  • net.core.somaxconn

  • net.core.netdev_max_backlog

  • net.ipv4.tcp_rmem

  • net.ipv4.tcp_wmem

  • net.ipv4.ip_local_port_range

  • net.ipv4.tcp_fin_timeout

  • net.ipv4.tcp_tw_timeout

  • net.ipv4.tcp_tw_reuse

  • net.ipv4.tcp_tw_recycle

  • net.ipv4.tcp_timestamps

  • net.ipv4.tcp_retries2

  • net.ipv4.tcp_slow_start_after_idle

  • net.ipv4.tcp_max_orphans

  • net.ipv4.tcp_max_syn_backlog

  • net.ipv4.tcp_no_metrics_save

  • net.ipv4.tcp_autocorking

  • kernel.printk

  • vm.swappiness

Note

Specific kernel fields that are supported by ASM may become invalid due to the kernel version of a host. If this situation occurs, the ASM gateway pod may report errors.

You can run the kubectl describe pod command to view the errors that are reported by the ASM gateway pod. After you delete invalid fields, containers can start as expected.

The values of all the kernel fields must be in the string format. YAML recognizes numbers as numeric values. Therefore, you must enclose each value in double quotation marks ("). Example: net.core.somaxconn: "65535".

None

compression.enabled

Specifies whether to enable the compression feature for an ingress gateway.

Note

compression-related fields are available only for ingress gateways.

false

compression.content_type

The types of data to be compressed, which are indicated by the Content-Type header. Examples:

  • text/html

  • application/json

None

compression.disable_on_etag_header

  • Specifies whether to disable the compression feature when an HTTP response includes the ETag header. If the field is set to true, the compression feature is disabled when the ETag header is included in an HTTP response.

  • If the field is set to false, the compression feature is enabled when the ETag header is included in an HTTP response.

false

compression.min_content_length

The threshold at which compression is triggered. The field value indicates the size of the Content-Length header.

30

compression.remove_accept_encoding_header

  • Specifies whether to remove the Accept-Encoding header from an HTTP request that is sent by a client before an ingress gateway forwards the HTTP request to an upstream server. If the field is set to true, the Accept-Encoding header is removed from the HTTP request.

  • If the field is set to false, the Accept-Encoding header is retained in the HTTP request.

false

compression.gzip

The compression format. Only the GZIP format is supported. If you want to enable the compression feature, this field is required. If the default values are used for all the other fields, you must leave this field empty. Example: gzip: {}.

None

compression.gzip.memory_level

The memory usage level of the zlib library. Valid values: 1 to 9. A larger value of this field results in a higher memory usage but a higher compression speed and a better compression quality.

5

compression.gzip.compression_level

The compression level that is used by the zlib library. Valid values:

  • COMPRESSION_LEVEL_1

  • COMPRESSION_LEVEL_2

  • COMPRESSION_LEVEL_3

  • COMPRESSION_LEVEL_4

  • COMPRESSION_LEVEL_5

  • COMPRESSION_LEVEL_6

  • COMPRESSION_LEVEL_7

  • COMPRESSION_LEVEL_8

  • COMPRESSION_LEVEL_9

  • DEFAULT_COMPRESSION

  • BEST_COMPRESSION

  • BEST_SPEED

Note

BEST_COMPRESSION indicates the highest compression quality. BEST_SPEED indicates the highest compression speed. The following list describes some compression levels:

  • COMPRESSION_LEVEL_1 is equivalent to BEST_SPEED, which features the fastest compression speed and a low compression ratio.

  • COMPRESSION_LEVEL_9 is equivalent to BEST_COMPRESSION. The compression levels from 7 to 9 feature the highest compression ratio and a low compression speed.

  • COMPRESSION_LEVEL_6 is equivalent to DEFAULT_COMPRESSION. The compression levels from 2 to 6 are medium compression levels which strike a balance between the compression ratio and speed.

DEFAULT_COMPRESSION

compression.gzip.compression_strategy

The compression policy that is used by the zlib library. Valid values:

  • DEFAULT_STRATEGY

  • FILTERED

  • FIXED

  • HUFFMAN_ONLY

  • RLE

Note

DEFAULT_STRATEGY 

This compression policy is the default compression policy that uses the underlying default behavior and can produce satisfactory compression results in most cases.

FILTERED 

This compression policy preferentially uses the filtering compression algorithm which is applicable to most scenarios where duplicate data exists. This compression policy can help achieve a higher compression ratio for text data and artificially generated data.

HUFFMAN_ONLY 

This compression policy uses only Huffman coding for compression. No other algorithms are used. This compression policy is generally used to compress static data. Such compressed data can be decompressed more quickly.

RLE 

The Run Length Encoding (RLE) algorithm is highly effective in compressing sequences of repetitive data, such as bitmap data.

FIXED 

This compression policy uses the predefined coding tree to perform Huffman coding rather than coding trees that are dynamically generated based on specific data. This can achieve high-speed compression and decompression. However, the compression ratio is low.

DEFAULT_STRATEGY

compression.gzip.window_bits

The window size of the zlib library. Valid values: 9 to 15.

12

compression.gzip.chunk_size

The output buffer size of the zlib library.

4096

hostNetwork

Specifies whether to allow the ASM gateway pod to access the network namespace of the host. Valid values:

  • true: The ASM gateway pod is allowed to use the network namespace of the host.

  • false: The ASM gateway pod is not allowed to use the network namespace of the host.

false

dnsPolicy

The Domain Name System (DNS) policy that is configured for the ASM gateway pod. For more information about DNS policies, see DNS for Services and Pods.

ClusterFirst

cpu.targetAverageUtilization

The expected CPU utilization when HPA is enabled. Valid values: 1 to 100. If the memory usage exceeds this value, the number of pod replicas increases. If the memory usage is less than this value, the number of pod replicas decreases.

None

memory.targetAverageUtilization

The expected memory usage when HPA is enabled. Valid values: 1 to 100. If the memory usage exceeds this value, the number of pod replicas increases. If the memory usage is less than this value, the number of pod replicas decreases.

None

maxReplicas

The maximum number of pod replicas that can be scaled to by the HPA feature for the ASM gateway. The value of this field must be a positive integer.

None

minReplicas

The minimum number of pod replicas that can be scaled to by the HPA feature for the ASM gateway. The value is a positive integer. The minimum value is 1.

None

nodeSelector

Specifies the label of the node where the ASM gateway pod resides. You can customize the key and value. Example:

nodeSelector:
  key1: value1

None

affinity

You can configure the node affinity to schedule the ASM gateway pod to a node. For more information, see Affinity and anti-affinity.

None

tolerations

You can configure tolerations for the ASM gateway pod to tolerate the taints on a node. For more information, see Taints and Tolerations.

None

Fields whose changes will cause a rolling restart of the ASM gateway

Changing the following fields will cause a rolling restart of the ASM gateway. Exercise caution when changing these fields.

  • env

  • ports (If the version of the ASM instance is earlier than 1.16, changing this field will cause the ASM gateway to restart in a rolling manner. If the version of the ASM instance is 1.16 or later, changing this field will not cause the ASM gateway to restart in a rolling manner.)

  • configVolumes

  • resources

  • secretVolumes

  • podLabels

  • podAnnotations

  • kernel.enabled

  • kernel.parameters

  • hostNetwork

  • dnsPolicy

  • nodeSelector (subject to scheduling)

  • affinity (subject to scheduling)

  • tolerations (subject to scheduling)

Go structs for a gateway

Expand to view the sample file

package v1beta1

import (
    corev1 "k8s.io/api/core/v1"
    metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

type GatewayType string
type ConfigState string

const (
    GatewayTypeIngress GatewayType = "ingress"
    GatewayTypeEgress  GatewayType = "egress"
)

// IstioGatewaySpec defines the desired state of Istio
// +k8s:openapi-gen=true
type IstioGatewaySpec struct {
    // +kubebuilder:validation:Enum=ingress;egress
    GatewayType                    GatewayType `json:"gatewayType,omitempty"`
    IstioGatewayBasicConfiguration `json:",inline"`
    ClusterIds                     []string                                  `json:"clusterIds,omitempty"`
    clusterId                      string                                    `json:"clusterId,omitempty"`
    Overrides                      map[string]IstioGatewayBasicConfiguration `json:"overrides,omitempty"`
}

type KernelParameters struct {
    NetCoreSoMaxConn             *string `json:"net.core.somaxconn,omitempty"`
    NetCoreNetdevMaxBacklog      *string `json:"net.core.netdev_max_backlog,omitempty"`
    NetIpv4TcpRMem               *string `json:"net.ipv4.tcp_rmem,omitempty"`
    NetIpv4TcpWMem               *string `json:"net.ipv4.tcp_wmem,omitempty"`
    NetIpv4IpLocalPortRange      *string `json:"net.ipv4.ip_local_port_range,omitempty"`
    NetIpv4TcpFinTimeout         *string `json:"net.ipv4.tcp_fin_timeout,omitempty"`
    NetIpv4TcpTwTimeout          *string `json:"net.ipv4.tcp_tw_timeout,omitempty"`
    NetIpv4TcpTwReuse            *string `json:"net.ipv4.tcp_tw_reuse,omitempty"`
    NetIpv4TcpTwRecycle          *string `json:"net.ipv4.tcp_tw_recycle,omitempty"`
    NetIpv4TcpTimestamps         *string `json:"net.ipv4.tcp_timestamps,omitempty"`
    NetIpv4TcpRetries2           *string `json:"net.ipv4.tcp_retries2,omitempty"`
    NetIpv4TcpSlowStartAfterIdle *string `json:"net.ipv4.tcp_slow_start_after_idle,omitempty"`
    NetIpv4TcpMaxOrphans         *string `json:"net.ipv4.tcp_max_orphans,omitempty"`
    NetIpv4TcpMaxSynBacklog      *string `json:"net.ipv4.tcp_max_syn_backlog,omitempty"`
    NetIpv4TcpNoMetricsSave      *string `json:"net.ipv4.tcp_no_metrics_save,omitempty"`
    NetIpv4TcpAutocorking        *string `json:"net.ipv4.tcp_autocorking,omitempty"`
    KernelPrintk                 *string `json:"kernel.printk,omitempty"`
    VmSwappiness                 *string `json:"vm.swappiness,omitempty"`
}

type KernelConfiguration struct {
    Enabled    *bool            `json:"enabled,omitempty"`
    Parameters KernelParameters `json:"parameters,omitempty"`
}

type GzipCompressorConfiguration struct {
    MemoryLevel         *uint32 `json:"memory_level,omitempty"`
    CompressionLevel    *string `json:"compression_level,omitempty"`
    CompressionStrategy *string `json:"compression_strategy,omitempty"`
    WindowBits          *uint32 `json:"window_bits,omitempty"`
    ChunkSize           *uint32 `json:"chunk_size,omitempty"`
}

type CompressorConfiguration struct {
    Enabled                    *bool                        `json:"enabled,omitempty"`
    MinContentLength           *uint32                      `json:"min_content_length,omitempty"`
    ContentType                *[]string                    `json:"content_type,omitempty"`
    DisableOnETagHeader        *bool                        `json:"disable_on_etag_header,omitempty"`
    RemoveAcceptEncodingHeader *bool                        `json:"remove_accept_encoding_header,omitempty"`
    Gzip                       *GzipCompressorConfiguration `json:"gzip,omitempty"`
}

type ReadinessProbeConfiguration struct {
    FailureThreshold int32 `json:"failureThreshold,omitempty"`
    PeriodSeconds    int32 `json:"periodSeconds,omitempty"`
    SuccessThreshold int32 `json:"successThreshold,omitempty"`
}

// +k8s:openapi-gen=true
type IstioGatewayBasicConfiguration struct {
    ReplicaCount     int32 `json:"replicaCount,omitempty"`
    AutoscaleEnabled bool  `json:"autoscaleEnabled,omitempty"`
    MinReplicas      int32 `json:"minReplicas,omitempty"`
    MaxReplicas      int32 `json:"maxReplicas,omitempty"`
    // +kubebuilder:validation:Enum=ClusterIP;NodePort;LoadBalancer
    ServiceType           corev1.ServiceType           `json:"serviceType,omitempty"`
    LoadBalancerIP        string                       `json:"loadBalancerIP,omitempty"`
    ExternalTrafficPolicy string                       `json:"externalTrafficPolicy,omitempty"`
    ServiceAnnotations    map[string]string            `json:"serviceAnnotations,omitempty"`
    PodAnnotations        map[string]string            `json:"podAnnotations,omitempty"`
    ServiceLabels         map[string]string            `json:"serviceLabels,omitempty"`
    PodLabels             map[string]string            `json:"podLabels,omitempty"`
    Resources             *corev1.ResourceRequirements `json:"resources,omitempty"`
    EnvVars               []corev1.EnvVar              `json:"env,omitempty"`
    Ports                 []corev1.ServicePort         `json:"ports,omitempty"`
    MeshExpansionPorts    []corev1.ServicePort         `json:"meshExpansionPorts,omitempty"`
    NodeSelector          map[string]string            `json:"nodeSelector,omitempty"`
    ApplicationPorts      string                       `json:"applicationPorts,omitempty"`
    RequestedNetworkView  string                       `json:"requestedNetworkView,omitempty"`
    Affinity              *corev1.Affinity             `json:"affinity,omitempty"`
    Tolerations           []corev1.Toleration          `json:"tolerations,omitempty"`
    SecretVolumes         []SecretVolume               `json:"secretVolumes,omitempty"`
    ConfigVolumes         []ConfigVolume               `json:"configVolumes,omitempty"`
    RollingMaxSurge       *string                      `json:"rollingMaxSurge,omitempty"`
    RollingMaxUnavailable *string                      `json:"rollingMaxUnavailable,omitempty"`
    CPU                   HpaCPU                       `json:"cpu,omitempty"`
    Memory                HpaMemory                    `json:"memory,omitempty"`
    Kernel                KernelConfiguration          `json:"kernel,omitempty"`
    Compressor            CompressorConfiguration      `json:"compression,omitempty"`
    RunAsRoot             *bool                        `json:"runAsRoot,omitempty"`
    Lifecycle             *corev1.Lifecycle            `json:"lifecycle,omitempty"`
    ReadinessProbe        ReadinessProbeConfiguration  `json:"readinessProbe,omitempty"`
    HostNetwork           *bool                        `json:"hostNetwork,omitempty"`
    DnsPolicy             corev1.DNSPolicy             `json:"dnsPolicy,omitempty"`
    AutoCreateGatewayYaml *bool                        `json:"autoCreateGatewayYaml,omitempty"`
}

type SecretVolume struct {
    Name       string `json:"name,omitempty"`
    SecretName string `json:"secretName,omitempty"`
    MountPath  string `json:"mountPath,omitempty"`
}

type ConfigVolume struct {
    Name          string `json:"name,omitempty"`
    ConfigMapName string `json:"configMapName,omitempty"`
    MountPath     string `json:"mountPath,omitempty"`
}

// +k8s:openapi-gen=true
type HpaCPU struct {
    TargetAverageUtilization *int32 `json:"targetAverageUtilization,omitempty"`
}

// +k8s:openapi-gen=true
type HpaMemory struct {
    TargetAverageUtilization *int32 `json:"targetAverageUtilization,omitempty"`
}

// +k8s:openapi-gen=true
type IstioGatewayStatus struct {
    // INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
    // Important: Run "operator-sdk generate k8s" to regenerate code after modifying this file
    // Add custom validation using kubebuilder tags: https://book.kubebuilder.io/beyond_basics/generating_crd.html
    Status                     ConfigState      `json:"Status,omitempty"`
    GatewayAddress             []string         `json:"GatewayAddress,omitempty"`
    ClusterIdGatewayAddressMap []GatewayAddress `json:"ClusterIdGatewayAddressMap,omitempty"`

    ErrorMessage string `json:"ErrorMessage,omitempty"`
}

// +k8s:openapi-gen=true
type GatewayAddress struct {
    IPAddress string `json:"ipAddress,omitempty"`
    ClusterId string `json:"clusterId,omitempty"`
}

// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

// IstioGateway is the Schema for the istiogateways API
// +k8s:openapi-gen=true
// +kubebuilder:subresource:status
type IstioGateway struct {
    metav1.TypeMeta   `json:",inline"`
    metav1.ObjectMeta `json:"metadata,omitempty"`

    Spec   IstioGatewaySpec   `json:"spec,omitempty"`
    Status IstioGatewayStatus `json:"status,omitempty"`
}

// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

// IstioGatewayList contains a list of IstioGateway
type IstioGatewayList struct {
    metav1.TypeMeta `json:",inline"`
    metav1.ListMeta `json:"metadata,omitempty"`
    Items           []IstioGateway `json:"items"`
}