Create an ingress gateway

Procedure

1. Log on to the ASM console. In the left-side navigation pane, choose Service Mesh > Mesh Management.

2. On the Mesh Management page, click the name of the ASM instance. In the left-side navigation pane, choose ASM Gateways > Ingress Gateway.

3. On the Ingress Gateway page, click Create and configure the basic gateway settings.

   The gateway configuration items are described as follows. You can also click Create from YAML on the Ingress Gateway page to define an ingress gateway. For more information, see Use KubeAPI to manage an ingress gateway.

   Parameter	Description
   Name	A custom name for the gateway.
   Cluster	Select the cluster where the gateway will be deployed.
   Service Type	Supports LoadBalancer, ClusterIP, and NodePort. For more information about these types, see Service. Note If you select LoadBalancer for a registered cluster, the cluster must support Services of the LoadBalancer type. Otherwise, gateway creation will fail.
   CLB/NLB	This parameter is required only when Service Type is set to LoadBalancer. Supports Internet Access and Private Access.
   Create SLB Instance	This parameter is required only when Service Type is set to LoadBalancer. Create SLB Instance: If you select CLB, select a specification from the Select CLB Specifications drop-down list. If you select NLB, select the VSwitches for at least two zones from the Select Zones for NLB Instance drop-down list. Use Existing CLB Instance: Select a load balancer from the list of existing instances. Important We recommend assigning a dedicated load balancer to each Kubernetes Service. Sharing a load balancer across multiple Kubernetes Services introduces the following risks and limitations: Using an existing load balancer forcibly overwrites its listeners, which may make your applications inaccessible. You cannot reuse a load balancer that was automatically created by Kubernetes through a Service. You can only reuse load balancers that you created manually in the console or by calling an OpenAPI. Multiple Services that share the same load balancer cannot use the same frontend listening port. Otherwise, a port conflict occurs. When you reuse a load balancer, Kubernetes uses the listener and vServer group names as unique identifiers. Do not modify these names. Cross-cluster and cross-region load balancer reuse is not supported.
   Port Mapping	Configure the Protocol and Service Port. Note The console provides two commonly used Istio ports by default. You can modify them as needed.
   Resources Limits	Set the CPU and memory resource limits for the gateway pods.
   Gateway instances	Set the number of gateway replicas.

4. Optional: Click Advanced Options to configure more settings.

   Parameter	Description
   External Traffic Policy	Set the external traffic policy. Local: Traffic is routed only to pods on the local node. Cluster: Traffic can be forwarded to pods on other nodes in the cluster.
   HPA	Select HPA and then configure the following parameters: metrics: Set the Monitoring items and Threshold. The gateway scales out if the threshold is exceeded and scales in if the metric falls below the threshold. If you configure both CPU and memory thresholds, autoscaling is triggered when either threshold is crossed. Maximum replicas: The maximum number of replicas for scaling out. Minimum number of replicas: The minimum number of replicas for scaling in. Note This feature is available only in Enterprise and Ultimate editions.
   Rolling Upgrade	Select Rolling Upgrade and then configure the following parameters: Maximum number of unavailable instances: The maximum number of replicas that can be unavailable during a rolling update. Exceeding the desired number of instances: The maximum number of extra replicas allowed during a rolling update. For example, a value of 25% means the total number of replicas cannot exceed 125% of the desired count.
   TLS performance optimization	Select TLS performance optimization to accelerate TLS encryption and decryption. supported nodeaffinity: Select node labels to identify nodes suitable for this optimization. Poll Delay(ms): Set this parameter to reduce the latency of encryption and decryption operations. For more information, see Parameter description. Note This feature is available only in Enterprise and Ultimate editions.
   Deploy ASM Gateway replicas as widely as possible	When you set podAntiAffinity, Pods are preferentially deployed to different nodes.
   Custom Deployment Policy	You can customize the nodeSelector, tolerations, and affinity for the gateway. For detailed descriptions of these fields, see ASM gateway CRD description.
   SLB graceful offline	Select SLB graceful offline to ensure that active connections are not disrupted when a gateway pod is terminated. Connection timeout (seconds): When a gateway pod is removed from the load balancer, the load balancer waits for this timeout period before terminating existing connections. This allows the pod to finish processing active requests. The timeout should not exceed the pod's graceful shutdown period (default: 30 seconds). Note This feature is available only in Enterprise and Ultimate editions.

5. After you complete the configuration, click Create.

   Gateway creation is complete when its status changes to Running. The Service address field displays the IP address of the ingress gateway.