CRD fields for an ASM gateway - Alibaba Cloud Service Mesh

Service Mesh (ASM) provides a CustomResourceDefinition (CRD) API resource whose kind is IstioGateway and apiVersion is istio.alibabacloud.com/v1beta1. In addition, ASM provides a controller to manage the resource. The controller monitors the changes in the CRD and updates the Service, Deployment, and ServiceAccount of the Kubernetes cluster in which the controller runs. This topic describes the configuration examples and CRD fields for an ASM gateway.

Configuration examples

Prerequisites

A Container Service for Kubernetes (ACK) cluster is added to your ASM instance. For more information, see Add a cluster to an ASM instance.

Important

ASM gateways must be deployed in the istio-system namespace. This way, when you start an ASM gateway, the configurations of the ASM gateway can be obtained to ensure a successful startup. If the Istio version of your instance is 1.6 or later and you deploy an ASM gateway in another namespace, the ASM gateway cannot be started up due to a failure to obtain the gateway configurations.

Example 1: Create and manage an ingress gateway by using the Kubernetes API

Log on to the ASM console. In the left-side navigation pane, choose Service Mesh > Mesh Management.
On the Mesh Management page, click the name of the ASM instance. In the left-side navigation pane, choose ASM Gateways > Ingress Gateway.
On the Ingress Gateway page, click Create from YAML.

On the Create page, enter a name for the ingress gateway in the Name field, select istio-system from the Namespace drop-down list, configure the following fields in the YAML file, and then click Create.

For more information about CRD fields, see CRD fields.

Expand to view the YAML file

apiVersion: istio.alibabacloud.com/v1beta1
kind: IstioGateway
metadata:   
  name: "myexample-customingressgateway"  
  namespace: "istio-system"
spec:  
  clusterIds:
    - "${Actual cluster ID}"
    - "${Actual cluster ID}" # The ASM gateway can be deployed in multiple clusters. 
  cpu: 
    targetAverageUtilization: 80
  env:
    - name: "envname1"
      value: "envvalue1"
  externalTrafficPolicy: Local
  gatewayType: ingress
  podLabels:
    key1: value1
  ports:  
  - name: status-port    
    port: 15020    
    targetPort: 15020  
  - name: http2    
    port: 80    
    targetPort: 80  
  - name: https    
    port: 443    
    targetPort: 0  
  - name: tls    
    port: 15443    
    targetPort: 15443  
  replicaCount: 1  
  resources:
    limits:
      cpu: '2'
      memory: 2G
    requests:
      cpu: 200m
      memory: 256Mi
# - name: config-volume-lua
#  configMapName: lua-libs
#  mountPath: /var/lib/lua
# secretVolumes:
# - name: myexample-customingressgateway-certs
#   secretName: istio-myexample-customingressgateway-certs
#   mountPath: /etc/istio/myexample-customingressgateway-certs
  serviceType: LoadBalancer  
  serviceAnnotations:    
    service.beta.kubernetes.io/alicloud-loadbalancer-address-type: internet  
  serviceLabels:
    serviceLabelKey1: "serviceLabelValue1"
  podAnnotations:
    podAnnotationsKey1: "podAnnotationsValue1"
  rollingMaxSurge: "100%"
  rollingMaxUnavailable: "25%"
  overrides:
    cluster1Id:
      replicaCount: 1 
      resources:
        limits:
          cpu: '2'
          memory: 2G
        requests:
          cpu: 200m
          memory: 256Mi
      serviceAnnotations:    
        service.beta.kubernetes.io/alicloud-loadbalancer-address-type: internet
        service.beta.kubernetes.io/alibaba-cloud-loadbalancer-spec: "slb.s1.small"
    cluster2Id:
      replicaCount: 2
      resources:
        limits:
          cpu: '4'
          memory: 4G
        requests:
          cpu: 400m
          memory: 512Mi
      serviceAnnotations:    
        service.beta.kubernetes.io/alicloud-loadbalancer-address-type: internet
        service.beta.kubernetes.io/alibaba-cloud-loadbalancer-spec: "slb.s2.small"

Note

If you need to use Go Client for Kubernetes to manage the ingress gateway, see Go structs for an ASM gateway.

View the service information of the ingress gateway by performing the following steps:
1. Log on to the ACK console. In the left-side navigation pane, click Clusters.
2. On the Clusters page, find the cluster that you want to manage and click its name. In the left-side pane, choose Network > Services.
3. In the upper part of the Services page, select istio-system from the Namespace drop-down list.
4. In the list of services, click the name of the service of the desired ingress gateway to view its information.
View the pod information of the ingress gateway.
1. Log on to the ACK console. In the left-side navigation pane, click Clusters.
2. On the Clusters page, find the cluster that you want to manage and click its name. In the left-side pane, choose Workloads > Pods.
3. In the upper part of the Pods page, select istio-system from the Namespace drop-down list.
4. In the list of pods, find a pod of the ingress gateway and click the pod name to view the pod information.

Example 2: Create and manage an egress gateway by using the Kubernetes API

ASM provides the egress gateway service to route all outbound traffic in the mesh.

Log on to the ASM console. In the left-side navigation pane, choose Service Mesh > Mesh Management.
On the Mesh Management page, click the name of the ASM instance. In the left-side navigation pane, choose ASM Gateways > Egress Gateway.
On the Egress Gateway page, click Create from YAML.

On the Create page, enter a name for the egress gateway in the Name field, select istio-system from the Namespace drop-down list, configure the following fields in the YAML file, and then click Create.

For more information about CRD fields, see CRD fields.

Expand to view the YAML file

apiVersion: istio.alibabacloud.com/v1beta1
kind: IstioGateway
metadata:
  name: egressgateway
  namespace: istio-system
spec:
  autoCreateGatewayYaml: false
  clusterIds:
    - ${Actual cluster ID}
  disableContainerPortExposed: true
  dnsPolicy: ClusterFirst
  gatewayType: egress
  hostNetwork: false
  podLabels:
    security.istio.io/tlsMode: istio
  ports:
    - name: http-0
      port: 80
      protocol: HTTP
      targetPort: 80
    - name: https-1
      port: 443
      protocol: HTTPS
      targetPort: 443
  readinessProbe: {}
  replicaCount: 1
  resources:
    limits:
      cpu: '2'
      memory: 4G
    requests:
      cpu: 200m
      memory: 256Mi
  rollingMaxSurge: 25%
  rollingMaxUnavailable: 25%
  runAsRoot: true
  serviceType: ClusterIP

View the service information of the egress gateway by performing the following steps:
1. Log on to the ACK console. In the left-side navigation pane, click Clusters.
2. On the Clusters page, find the cluster that you want to manage and click its name. In the left-side pane, choose Network > Services.
3. In the upper part of the Services page, select istio-system from the Namespace drop-down list.
4. In the list of services, click the name of the service of the desired egress gateway to view its information.
View the pod information of the egress gateway.
1. Log on to the ACK console. In the left-side navigation pane, click Clusters.
2. On the Clusters page, find the cluster that you want to manage and click its name. In the left-side pane, choose Workloads > Pods.
3. In the upper part of the Pods page, select istio-system from the Namespace drop-down list.
4. In the list of pods, find a pod of the egress gateway and click the pod name to view the pod information.

CRD fields

Field	Description	Default value
metadata.name	The name of the ASM gateway. The generated Kubernetes Service and Deployment are both named istio-{Value of the metadata.name field}.	None
metadata.namespace	The namespace in which the ASM gateway is deployed. The generated Kubernetes Service and Deployment reside in this namespace. Important To ensure that the generated Kubernetes service and deployment are available in Istio 1.6 and later, the namespace must be istio-system.	istio-system
clusterIds	The IDs of the clusters in which you want to deploy the ASM gateway. The value is an array. The clusters must be managed in the current ASM instance.	None
env	The environment variables of the ASM gateway pod. The value is an array.	None
externalTrafficPolicy	Specifies whether the gateway routes inbound traffic to node-local or cluster-wide endpoints. Valid values: Cluster or Local. Note This field is available only for ingress gateways.	Cluster
ports	The ports and protocols that are defined for the ASM gateway pod. The value is an array. For example, `name: http2 port: 80 targetPort: 80 protocol: HTTP2` `name: https port: 443 targetPort: 443 protocol: HTTPS` Note In versions earlier than 1.9.7.107, the protocol field must be set to TCP.	None
gatewayType	The type of the ASM gateway. Valid values: ingress and egress. ingress: indicates an ingress gateway that routes all inbound traffic in the mesh. egress: indicates an egress gateway that routes all outbound traffic in the mesh.	ingress
replicaCount	The number of pod replicas.	1
configVolumes	The information about the ConfigMap volume that is mounted to the ASM gateway pod. Example: `- name: config-volume-lua configMapName: lua-libs mountPath: /var/lib/lua`	None
resources	The resource configurations of the ASM gateway pod.	limits: cpu: '2' memory: 2G requests: cpu: 200m memory: 256Mi
secretVolumes	The information about the secret volume that is mounted to the ASM gateway pod. Example: `- name: myexample-customingressgateway-certs secretName: istio-myexample-customingressgateway-certs mountPath: /etc/istio/myexample-customingressgateway-certs`	None
serviceType	The service type of the ASM gateway. Valid values: LoadBalancer, NodePort, and ClusterIP. For egress gateways, the value of this field is usually set to ClusterIP. Important If you use a registered cluster on the data plane and this field is set to LoadBalancer, make sure that the cluster supports LoadBalancer Services. Otherwise, ASM gateways may fail to be created.	LoadBalancer
loadBalancerClass	The loadBalancerClass of the ASM gateway. This field is valid only when the serviceType parameter is set to LoadBalancer. This field is supported by ASM instances of v1.18 or later. For more information, see Associate an NLB instance with an ingress gateway.	None
serviceAnnotations	The annotations of the ASM gateway. Example: `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-connection-drain: 'on' service.beta.kubernetes.io/alibaba-cloud-loadbalancer-connection-drain-timeout: '20'`. For more information about common annotations, see Add annotations to the YAML file of a Service to configure CLB instances. Note This field is available only for gateways whose serviceType is LoadBalancer. For egress gateways, this field is usually not configured.	None
serviceLabels	The labels of the ASM gateway.	None
podLabels	The labels of the ASM gateway pod.	None
podAnnotations	The annotations of the ASM gateway pod.	None
rollingMaxSurge	The maximum number of pods that are scheduled above the expected number of replicas during a rolling update. The value can be an absolute value or a percentage.	"100%"
rollingMaxUnavailable	The maximum number of pods that can be unavailable during a rolling update. The value can be an absolute value or a percentage.	"25%"
overrides	Configures distinct settings for specific clusters. This field is available when the clusterIds field specifies two or more clusters. You can use this field when you want to configure specific clusters with settings that are different from the preceding cluster settings. The value is of the MAP type that contains key-value pairs. Note key: a cluster ID that is specified in the `clusterIds` field. The following list describes some parameters that you can configure under the overrides field: serviceAnnotations podAnnotations resources replicaCount Horizontal Pod Autoscaling (HPA)-related configurations (supported in an ASM instance of version 1.16 or later) serviceType (supported in an ASM instance of version 1.16 or later)	None
kernel.enabled	Specifies whether to enable custom kernel fields.	false
kernel.parameters	The kernel fields. The following kernel fields are supported: net.core.somaxconn net.core.netdev_max_backlog net.ipv4.tcp_rmem net.ipv4.tcp_wmem net.ipv4.ip_local_port_range net.ipv4.tcp_fin_timeout net.ipv4.tcp_tw_timeout net.ipv4.tcp_tw_reuse net.ipv4.tcp_tw_recycle net.ipv4.tcp_timestamps net.ipv4.tcp_retries2 net.ipv4.tcp_slow_start_after_idle net.ipv4.tcp_max_orphans net.ipv4.tcp_max_syn_backlog net.ipv4.tcp_no_metrics_save net.ipv4.tcp_autocorking kernel.printk vm.swappiness Note Specific kernel fields that are supported by ASM may become invalid due to the kernel version of a host. If this situation occurs, the ASM gateway pod may report errors. You can run the `kubectl describe pod` command to view the errors that are reported by the ASM gateway pod. After you delete invalid fields, containers can start as expected. The values of all the kernel fields must be in the string format. YAML recognizes numbers as numeric values. Therefore, you must enclose each value in double quotation marks ("). Example: net.core.somaxconn: "65535".	None
compression.enabled	Specifies whether to enable the compression feature for an ingress gateway. Note compression-related fields are available only for ingress gateways.	false
compression.content_type	The types of data to be compressed, which are indicated by the Content-Type header. Examples: text/html application/json	None
compression.disable_on_etag_header	Specifies whether to disable the compression feature when an HTTP response includes the ETag header. If the field is set to true, the compression feature is disabled when the ETag header is included in an HTTP response. If the field is set to false, the compression feature is enabled when the ETag header is included in an HTTP response.	false
compression.min_content_length	The threshold at which compression is triggered. The field value indicates the size of the Content-Length header.	30
compression.remove_accept_encoding_header	Specifies whether to remove the Accept-Encoding header from an HTTP request that is sent by a client before an ingress gateway forwards the HTTP request to an upstream server. If the field is set to true, the Accept-Encoding header is removed from the HTTP request. If the field is set to false, the Accept-Encoding header is retained in the HTTP request.	false
compression.gzip	The compression format. Only the GZIP format is supported. If you want to enable the compression feature, this field is required. If the default values are used for all the other fields, you must leave this field empty. Example: `gzip: {}`.	None
compression.gzip.memory_level	The memory usage level of the zlib library. Valid values: 1 to 9. A larger value of this field results in a higher memory usage but a higher compression speed and a better compression quality.	5
compression.gzip.compression_level	The compression level that is used by the zlib library. Valid values: COMPRESSION_LEVEL_1 COMPRESSION_LEVEL_2 COMPRESSION_LEVEL_3 COMPRESSION_LEVEL_4 COMPRESSION_LEVEL_5 COMPRESSION_LEVEL_6 COMPRESSION_LEVEL_7 COMPRESSION_LEVEL_8 COMPRESSION_LEVEL_9 DEFAULT_COMPRESSION BEST_COMPRESSION BEST_SPEED Note BEST_COMPRESSION indicates the highest compression quality. BEST_SPEED indicates the highest compression speed. The following list describes some compression levels: COMPRESSION_LEVEL_1 is equivalent to BEST_SPEED, which features the fastest compression speed and a low compression ratio. COMPRESSION_LEVEL_9 is equivalent to BEST_COMPRESSION. The compression levels from 7 to 9 feature the highest compression ratio and a low compression speed. COMPRESSION_LEVEL_6 is equivalent to DEFAULT_COMPRESSION. The compression levels from 2 to 6 are medium compression levels which strike a balance between the compression ratio and speed.	DEFAULT_COMPRESSION
compression.gzip.compression_strategy	The compression policy that is used by the zlib library. Valid values: DEFAULT_STRATEGY FILTERED FIXED HUFFMAN_ONLY RLE Note DEFAULT_STRATEGY This compression policy is the default compression policy that uses the underlying default behavior and can produce satisfactory compression results in most cases. FILTERED This compression policy preferentially uses the filtering compression algorithm which is applicable to most scenarios where duplicate data exists. This compression policy can help achieve a higher compression ratio for text data and artificially generated data. HUFFMAN_ONLY This compression policy uses only Huffman coding for compression. No other algorithms are used. This compression policy is generally used to compress static data. Such compressed data can be decompressed more quickly. RLE The Run Length Encoding (RLE) algorithm is highly effective in compressing sequences of repetitive data, such as bitmap data. FIXED This compression policy uses the predefined coding tree to perform Huffman coding rather than coding trees that are dynamically generated based on specific data. This can achieve high-speed compression and decompression. However, the compression ratio is low.	DEFAULT_STRATEGY
compression.gzip.window_bits	The window size of the zlib library. Valid values: 9 to 15.	12
compression.gzip.chunk_size	The output buffer size of the zlib library.	4096
hostNetwork	Specifies whether to allow the ASM gateway pod to access the network namespace of the host. Valid values: true: The ASM gateway pod is allowed to use the network namespace of the host. false: The ASM gateway pod is not allowed to use the network namespace of the host.	false
dnsPolicy	The Domain Name System (DNS) policy that is configured for the ASM gateway pod. For more information about DNS policies, see DNS for Services and Pods.	ClusterFirst
cpu.targetAverageUtilization	The expected CPU utilization when HPA is enabled. Valid values: 1 to 100. If the memory usage exceeds this value, the number of pod replicas increases. If the memory usage is less than this value, the number of pod replicas decreases.	None
memory.targetAverageUtilization	The expected memory usage when HPA is enabled. Valid values: 1 to 100. If the memory usage exceeds this value, the number of pod replicas increases. If the memory usage is less than this value, the number of pod replicas decreases.	None
maxReplicas	The maximum number of pod replicas that can be scaled to by the HPA feature for the ASM gateway. The value of this field must be a positive integer.	None
minReplicas	The minimum number of pod replicas that can be scaled to by the HPA feature for the ASM gateway. The value is a positive integer. The minimum value is 1.	None
nodeSelector	Specifies the label of the node where the ASM gateway pod resides. You can customize the key and value. Example: `nodeSelector: key1: value1`	None
affinity	You can configure the node affinity to schedule the ASM gateway pod to a node. For more information, see Affinity and anti-affinity.	None
tolerations	You can configure tolerations for the ASM gateway pod to tolerate the taints on a node. For more information, see Taints and Tolerations.	None

Fields whose changes will cause a rolling restart of the ASM gateway

Changing the following fields will cause a rolling restart of the ASM gateway. Exercise caution when changing these fields.

env
ports (If the version of the ASM instance is earlier than 1.16, changing this field will cause the ASM gateway to restart in a rolling manner. If the version of the ASM instance is 1.16 or later, changing this field will not cause the ASM gateway to restart in a rolling manner.)
configVolumes
resources
secretVolumes
podLabels
podAnnotations
kernel.enabled
kernel.parameters
hostNetwork
dnsPolicy
nodeSelector (subject to scheduling)
affinity (subject to scheduling)
tolerations (subject to scheduling)

Go structs for a gateway

Expand to view the sample file

package v1beta1

import (
    corev1 "k8s.io/api/core/v1"
    metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

type GatewayType string
type ConfigState string

const (
    GatewayTypeIngress GatewayType = "ingress"
    GatewayTypeEgress  GatewayType = "egress"
)

// IstioGatewaySpec defines the desired state of Istio
// +k8s:openapi-gen=true
type IstioGatewaySpec struct {
    // +kubebuilder:validation:Enum=ingress;egress
    GatewayType                    GatewayType `json:"gatewayType,omitempty"`
    IstioGatewayBasicConfiguration `json:",inline"`
    ClusterIds                     []string                                  `json:"clusterIds,omitempty"`
    clusterId                      string                                    `json:"clusterId,omitempty"`
    Overrides                      map[string]IstioGatewayBasicConfiguration `json:"overrides,omitempty"`
}

type KernelParameters struct {
    NetCoreSoMaxConn             *string `json:"net.core.somaxconn,omitempty"`
    NetCoreNetdevMaxBacklog      *string `json:"net.core.netdev_max_backlog,omitempty"`
    NetIpv4TcpRMem               *string `json:"net.ipv4.tcp_rmem,omitempty"`
    NetIpv4TcpWMem               *string `json:"net.ipv4.tcp_wmem,omitempty"`
    NetIpv4IpLocalPortRange      *string `json:"net.ipv4.ip_local_port_range,omitempty"`
    NetIpv4TcpFinTimeout         *string `json:"net.ipv4.tcp_fin_timeout,omitempty"`
    NetIpv4TcpTwTimeout          *string `json:"net.ipv4.tcp_tw_timeout,omitempty"`
    NetIpv4TcpTwReuse            *string `json:"net.ipv4.tcp_tw_reuse,omitempty"`
    NetIpv4TcpTwRecycle          *string `json:"net.ipv4.tcp_tw_recycle,omitempty"`
    NetIpv4TcpTimestamps         *string `json:"net.ipv4.tcp_timestamps,omitempty"`
    NetIpv4TcpRetries2           *string `json:"net.ipv4.tcp_retries2,omitempty"`
    NetIpv4TcpSlowStartAfterIdle *string `json:"net.ipv4.tcp_slow_start_after_idle,omitempty"`
    NetIpv4TcpMaxOrphans         *string `json:"net.ipv4.tcp_max_orphans,omitempty"`
    NetIpv4TcpMaxSynBacklog      *string `json:"net.ipv4.tcp_max_syn_backlog,omitempty"`
    NetIpv4TcpNoMetricsSave      *string `json:"net.ipv4.tcp_no_metrics_save,omitempty"`
    NetIpv4TcpAutocorking        *string `json:"net.ipv4.tcp_autocorking,omitempty"`
    KernelPrintk                 *string `json:"kernel.printk,omitempty"`
    VmSwappiness                 *string `json:"vm.swappiness,omitempty"`
}

type KernelConfiguration struct {
    Enabled    *bool            `json:"enabled,omitempty"`
    Parameters KernelParameters `json:"parameters,omitempty"`
}

type GzipCompressorConfiguration struct {
    MemoryLevel         *uint32 `json:"memory_level,omitempty"`
    CompressionLevel    *string `json:"compression_level,omitempty"`
    CompressionStrategy *string `json:"compression_strategy,omitempty"`
    WindowBits          *uint32 `json:"window_bits,omitempty"`
    ChunkSize           *uint32 `json:"chunk_size,omitempty"`
}

type CompressorConfiguration struct {
    Enabled                    *bool                        `json:"enabled,omitempty"`
    MinContentLength           *uint32                      `json:"min_content_length,omitempty"`
    ContentType                *[]string                    `json:"content_type,omitempty"`
    DisableOnETagHeader        *bool                        `json:"disable_on_etag_header,omitempty"`
    RemoveAcceptEncodingHeader *bool                        `json:"remove_accept_encoding_header,omitempty"`
    Gzip                       *GzipCompressorConfiguration `json:"gzip,omitempty"`
}

type ReadinessProbeConfiguration struct {
    FailureThreshold int32 `json:"failureThreshold,omitempty"`
    PeriodSeconds    int32 `json:"periodSeconds,omitempty"`
    SuccessThreshold int32 `json:"successThreshold,omitempty"`
}

// +k8s:openapi-gen=true
type IstioGatewayBasicConfiguration struct {
    ReplicaCount     int32 `json:"replicaCount,omitempty"`
    AutoscaleEnabled bool  `json:"autoscaleEnabled,omitempty"`
    MinReplicas      int32 `json:"minReplicas,omitempty"`
    MaxReplicas      int32 `json:"maxReplicas,omitempty"`
    // +kubebuilder:validation:Enum=ClusterIP;NodePort;LoadBalancer
    ServiceType           corev1.ServiceType           `json:"serviceType,omitempty"`
    LoadBalancerIP        string                       `json:"loadBalancerIP,omitempty"`
    ExternalTrafficPolicy string                       `json:"externalTrafficPolicy,omitempty"`
    ServiceAnnotations    map[string]string            `json:"serviceAnnotations,omitempty"`
    PodAnnotations        map[string]string            `json:"podAnnotations,omitempty"`
    ServiceLabels         map[string]string            `json:"serviceLabels,omitempty"`
    PodLabels             map[string]string            `json:"podLabels,omitempty"`
    Resources             *corev1.ResourceRequirements `json:"resources,omitempty"`
    EnvVars               []corev1.EnvVar              `json:"env,omitempty"`
    Ports                 []corev1.ServicePort         `json:"ports,omitempty"`
    MeshExpansionPorts    []corev1.ServicePort         `json:"meshExpansionPorts,omitempty"`
    NodeSelector          map[string]string            `json:"nodeSelector,omitempty"`
    ApplicationPorts      string                       `json:"applicationPorts,omitempty"`
    RequestedNetworkView  string                       `json:"requestedNetworkView,omitempty"`
    Affinity              *corev1.Affinity             `json:"affinity,omitempty"`
    Tolerations           []corev1.Toleration          `json:"tolerations,omitempty"`
    SecretVolumes         []SecretVolume               `json:"secretVolumes,omitempty"`
    ConfigVolumes         []ConfigVolume               `json:"configVolumes,omitempty"`
    RollingMaxSurge       *string                      `json:"rollingMaxSurge,omitempty"`
    RollingMaxUnavailable *string                      `json:"rollingMaxUnavailable,omitempty"`
    CPU                   HpaCPU                       `json:"cpu,omitempty"`
    Memory                HpaMemory                    `json:"memory,omitempty"`
    Kernel                KernelConfiguration          `json:"kernel,omitempty"`
    Compressor            CompressorConfiguration      `json:"compression,omitempty"`
    RunAsRoot             *bool                        `json:"runAsRoot,omitempty"`
    Lifecycle             *corev1.Lifecycle            `json:"lifecycle,omitempty"`
    ReadinessProbe        ReadinessProbeConfiguration  `json:"readinessProbe,omitempty"`
    HostNetwork           *bool                        `json:"hostNetwork,omitempty"`
    DnsPolicy             corev1.DNSPolicy             `json:"dnsPolicy,omitempty"`
    AutoCreateGatewayYaml *bool                        `json:"autoCreateGatewayYaml,omitempty"`
}

type SecretVolume struct {
    Name       string `json:"name,omitempty"`
    SecretName string `json:"secretName,omitempty"`
    MountPath  string `json:"mountPath,omitempty"`
}

type ConfigVolume struct {
    Name          string `json:"name,omitempty"`
    ConfigMapName string `json:"configMapName,omitempty"`
    MountPath     string `json:"mountPath,omitempty"`
}

// +k8s:openapi-gen=true
type HpaCPU struct {
    TargetAverageUtilization *int32 `json:"targetAverageUtilization,omitempty"`
}

// +k8s:openapi-gen=true
type HpaMemory struct {
    TargetAverageUtilization *int32 `json:"targetAverageUtilization,omitempty"`
}

// +k8s:openapi-gen=true
type IstioGatewayStatus struct {
    // INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
    // Important: Run "operator-sdk generate k8s" to regenerate code after modifying this file
    // Add custom validation using kubebuilder tags: https://book.kubebuilder.io/beyond_basics/generating_crd.html
    Status                     ConfigState      `json:"Status,omitempty"`
    GatewayAddress             []string         `json:"GatewayAddress,omitempty"`
    ClusterIdGatewayAddressMap []GatewayAddress `json:"ClusterIdGatewayAddressMap,omitempty"`

    ErrorMessage string `json:"ErrorMessage,omitempty"`
}

// +k8s:openapi-gen=true
type GatewayAddress struct {
    IPAddress string `json:"ipAddress,omitempty"`
    ClusterId string `json:"clusterId,omitempty"`
}

// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

// IstioGateway is the Schema for the istiogateways API
// +k8s:openapi-gen=true
// +kubebuilder:subresource:status
type IstioGateway struct {
    metav1.TypeMeta   `json:",inline"`
    metav1.ObjectMeta `json:"metadata,omitempty"`

    Spec   IstioGatewaySpec   `json:"spec,omitempty"`
    Status IstioGatewayStatus `json:"status,omitempty"`
}

// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

// IstioGatewayList contains a list of IstioGateway
type IstioGatewayList struct {
    metav1.TypeMeta `json:",inline"`
    metav1.ListMeta `json:"metadata,omitempty"`
    Items           []IstioGateway `json:"items"`
}