[Docs APIM] Add Gateway API docs

[DDH13]

Related to https://github.com/wso2-enterprise/wso2-apim-internal/issues/14922

Update the k8s docs to explain how to use Gateway API

Summary by CodeRabbit

• Documentation
  • Default Kubernetes deployment guidance now uses Gateway API (Envoy Gateway) for traffic routing; NGINX Ingress is deprecated as an alternative.
  • Added explicit routing-controller installation and a minimal quickstart that creates a deployment namespace and applies sample Gateway resources before chart install.
  • Introduced TLS certificate configuration applicable to both routing options and backend TLS verification guidance.
  • Updated hostname/DNS and console URL examples to Gateway API conventions.
  • Bumped chart/documentation references to 4.7.x.

[coderabbitai]

Walkthrough

Rewrote Kubernetes deployment docs to make Gateway API (Envoy Gateway) the default routing controller across multiple deployment patterns. Changes add an explicit routing-controller install step, namespace scoping, TLS/backend TLS policy guidance, Gateway/GatewayClass examples, hostname variable updates, and Gateway-based external IP lookup.

Changes

Cohort / File(s)	Summary
Gateway API Migration (patterns 0–6) en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-0-all-in-one.md, en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-1-all-in-one-ha.md, en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-2-all-in-one-gw.md, en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-3-acp-tm-gw.md, en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-4-acp-tm-gw-km.md, en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-5-all-in-one-gw-km.md, en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-6-all-in-one-is-as-km.md	Replaced Ingress-first flow with Gateway API–first flow: added Envoy Gateway install step (recommended), created/used apim namespace, applied sample Gateway/GatewayClass manifests, added TLS certificate and backend CA ConfigMap guidance, introduced Helm gatewayAPI/values snippets, marked NGINX Ingress as deprecated, updated host/URL variables and external IP lookup to use Gateway resources, and bumped chart docs from 4.6.x → 4.7.x.
Helm / repo version updates en/.spelling, en/docs/install-and-setup/install/installation-options.md, en/docs/install-and-setup/setup/kubernetes-deployment/openshift/openshift-deployment-overview.md	Updated references from 4.6.x to 4.7.x for Helm chart value files and docs links; adjusted spelling wordlist entry accordingly. Minor command/value URL updates.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 I hopped through YAML, keen and merry,
Swapped old ingress trails for Gateway Ferry,
Envoy hums softly, secrets tucked tight,
Namespaces set, routes shining bright,
A tiny rabbit cheers the docs tonight. 🥕✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description is minimal and does not follow the provided template. While it correctly references a related issue and describes the general update, it lacks required sections such as Purpose, Goals, Approach, User stories, Release notes, and Documentation.	Expand the description to include Purpose, Goals, Approach, and other relevant template sections to provide comprehensive context for reviewers.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title '[Docs APIM] Add Gateway API docs' directly aligns with the main objective of the PR, which is to add and update Kubernetes documentation to explain how to use Gateway API across all deployment patterns.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 7

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (5)

en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-1-all-in-one-ha.md (1)

134-164: ⚠️ Potential issue | 🟠 Major

Minimal HA commands should install into apim namespace.

Line 137 creates apim, but the install commands at Lines 160 and 163 do not set --namespace apim. This can place APIM instances in default while Gateway objects are in apim.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-1-all-in-one-ha.md`
around lines 134 - 164, The helm install commands for the API Manager (apim-1
and apim-2) are missing the target namespace, so although you create the apim
namespace with kubectl create namespace apim and apply the Gateway to -n apim,
the APIM Helm releases may install into default; update the two helm install
invocations (apim-1 and apim-2) to include the namespace flag (e.g., -n apim or
--namespace apim) so both releases are deployed into the apim namespace
alongside the Gateway resources.

en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-3-acp-tm-gw.md (1)

183-223: ⚠️ Potential issue | 🟠 Major

Minimal deployment commands should include the namespace explicitly.

This flow creates apim (Line 186) and applies Gateway resources there (Line 209), but Helm installs at Lines 216/219/222 do not set --namespace apim. That can cause cross-namespace misconfiguration.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-3-acp-tm-gw.md`
around lines 183 - 223, The Helm install commands for apim-acp (helm install
apim-acp wso2/wso2am-acp), apim-tm (helm install apim-tm wso2/wso2am-tm), and
apim-gw (helm install apim-gw wso2/wso2am-universal-gw) must explicitly target
the apim namespace to match the earlier kubectl create namespace apim and the
Gateway resources applied to that namespace; update each helm install invocation
to include the namespace flag (e.g., --namespace apim or -n apim) so all
components are deployed into the apim namespace and avoid cross-namespace
misconfiguration.

en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-4-acp-tm-gw-km.md (1)

182-228: ⚠️ Potential issue | 🟠 Major

Install commands should use the same namespace introduced by the setup.

Line 185 creates apim and Line 208 applies Gateway resources there, but Lines 218/221/224/227 do not specify --namespace apim. This can break the documented path due to namespace drift.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-4-acp-tm-gw-km.md`
around lines 182 - 228, The helm install commands for apim-acp (apim-acp),
apim-km (apim-km), apim-tm (apim-tm) and apim-gw (apim-gw) are missing the
target namespace; update each helm install call to include the same namespace
used earlier (apim) by adding --namespace apim (or -n apim) so the releases and
their resources are created in the apim namespace and match the earlier kubectl
create namespace and kubectl apply -n apim steps.

en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-6-all-in-one-is-as-km.md (1)

143-185: ⚠️ Potential issue | 🟠 Major

Minimal install commands should target the namespace created earlier.

Line 146 creates apim, but the helm install is and helm install apim commands do not set --namespace apim. This can split resources between namespaces and make the quick-start unreliable.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-6-all-in-one-is-as-km.md`
around lines 143 - 185, The Helm installs for Identity Server and API Manager
are missing the target namespace created earlier; update the `helm install is`
command (referenced as "helm install is wso2/identity-server --version next -f
default_values.yaml") and the `helm install apim` command (referenced as "helm
install apim wso2/wso2am-all-in-one --version 4.7.0-1 -f ...") to include the
namespace flag (either `--namespace apim` or `-n apim`) so both releases are
deployed into the `apim` namespace created by `kubectl create namespace apim`;
no change needed for the Envoy Gateway install which deliberately uses `-n
envoy-gateway-system`.

en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-2-all-in-one-gw.md (1)

161-198: ⚠️ Potential issue | 🟠 Major

Commands should target the namespace created in this flow.

Line 164 creates apim, but Lines 194 and 197 install charts without --namespace apim. That can break the quick-start by splitting resources across namespaces.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-2-all-in-one-gw.md`
around lines 161 - 198, The helm install commands for the API Manager charts
("helm install apim wso2/wso2am-all-in-one" and "helm install apim-gw
wso2/wso2am-universal-gw") are missing the target namespace and will deploy into
the default namespace; update those commands to include the namespace flag
(either --namespace apim or -n apim) so both charts are installed into the apim
namespace created earlier (optionally add --create-namespace if you want helm to
create it).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In
`@en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-0-all-in-one.md`:
- Around line 74-100: The Helm install command for the API Manager (the line
containing "helm install apim wso2/wso2am-all-in-one --version 4.7.0-1 -f ...")
is missing the namespace flag; update that helm install invocation to include
"--namespace apim" (or "-n apim") so the release is installed into the same
"apim" namespace created by "kubectl create namespace apim" and used by the
Gateway apply step, ensuring all resources live in the same namespace and
routing works as documented.

In
`@en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-1-all-in-one-ha.md`:
- Line 175: The docs reference the WSO2 Helm Chart Repository using branch
"4.7.x" while other example URLs/defaults still use "4.6.x"; make them
consistent by updating the minimal-install URLs and any default values to use
the same branch (preferably "4.7.x") or change the repository link to "4.6.x" if
you intend to keep that version—specifically update the link text "WSO2 Helm
Chart Repository" and all occurrences of "4.6.x" in the minimal install
URLs/defaults so the branch/version is uniform across the section.

In
`@en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-2-all-in-one-gw.md`:
- Line 209: The guide mixes branch references (the link text "WSO2 Helm Chart
Repository" currently points to 4.7.x while other "minimal default-values" URLs
still point to 4.6.x); update all branch/version mentions and hyperlinks in the
document to use a single consistent branch (choose 4.7.x) so every reference
(the repository link, any "minimal default-values" URLs, and any inline version
strings like "4.6.x") are replaced to "4.7.x" ensuring consistency throughout
the am-pattern-2-all-in-one-gw.md content.
- Around line 686-688: The fenced code block containing the hosts line
"<EXTERNAL-IP> <kubernetes.gatewayAPI.management.hostname>
<kubernetes.gatewayAPI.gateway.hostname> <kubernetes.gatewayAPI.websub.hostname>
<kubernetes.gatewayAPI.websocket.hostname>" is missing a language tag; update
the triple-backtick fence to include "yaml" (i.e., replace ``` with ```yaml) so
the snippet is marked as YAML for proper linting and rendering.

In
`@en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-5-all-in-one-gw-km.md`:
- Around line 216-232: Update the three helm -f URLs so they point to the 4.7
branch instead of 4.6.x: replace references to
"https://raw.githubusercontent.com/wso2/helm-apim/4.6.x/docs/am-pattern-5-all-in-one_GW_KM/default_values.yaml",
"default_km_values.yaml", and "default_gw_values.yaml" with the corresponding
"https://raw.githubusercontent.com/wso2/helm-apim/4.7.x/..." URLs used in this
document so the helm install commands for apim, km, and gw pull matching 4.7.x
default values.
- Around line 182-232: The helm install commands for the control plane, key
manager and gateway are not targeting the apim namespace; update the three helm
install invocations (the ones starting with "helm install apim
wso2/wso2am-all-in-one", "helm install km wso2/wso2am-acp" and "helm install gw
wso2/wso2am-universal-gw") to include the namespace flag (e.g., --namespace apim
or -n apim) so those releases are created in the apim namespace (or add
--create-namespace with --namespace if you prefer creating it during install).

In
`@en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-6-all-in-one-is-as-km.md`:
- Around line 512-514: The /etc/hosts example omits the IS hostname referenced
later as <kubernetes.ingress.is.hostname>, causing unresolved host errors;
update the hosts mapping line to include <kubernetes.ingress.is.hostname>
alongside the existing <kubernetes.gatewayAPI.*> entries (or alternatively
change the later IS access URL to use one of the gatewayAPI hostnames), ensuring
references to <kubernetes.ingress.is.hostname> in the guide (access URLs) match
the hosts example.

---

Outside diff comments:
In
`@en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-1-all-in-one-ha.md`:
- Around line 134-164: The helm install commands for the API Manager (apim-1 and
apim-2) are missing the target namespace, so although you create the apim
namespace with kubectl create namespace apim and apply the Gateway to -n apim,
the APIM Helm releases may install into default; update the two helm install
invocations (apim-1 and apim-2) to include the namespace flag (e.g., -n apim or
--namespace apim) so both releases are deployed into the apim namespace
alongside the Gateway resources.

In
`@en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-2-all-in-one-gw.md`:
- Around line 161-198: The helm install commands for the API Manager charts
("helm install apim wso2/wso2am-all-in-one" and "helm install apim-gw
wso2/wso2am-universal-gw") are missing the target namespace and will deploy into
the default namespace; update those commands to include the namespace flag
(either --namespace apim or -n apim) so both charts are installed into the apim
namespace created earlier (optionally add --create-namespace if you want helm to
create it).

In
`@en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-3-acp-tm-gw.md`:
- Around line 183-223: The Helm install commands for apim-acp (helm install
apim-acp wso2/wso2am-acp), apim-tm (helm install apim-tm wso2/wso2am-tm), and
apim-gw (helm install apim-gw wso2/wso2am-universal-gw) must explicitly target
the apim namespace to match the earlier kubectl create namespace apim and the
Gateway resources applied to that namespace; update each helm install invocation
to include the namespace flag (e.g., --namespace apim or -n apim) so all
components are deployed into the apim namespace and avoid cross-namespace
misconfiguration.

In
`@en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-4-acp-tm-gw-km.md`:
- Around line 182-228: The helm install commands for apim-acp (apim-acp),
apim-km (apim-km), apim-tm (apim-tm) and apim-gw (apim-gw) are missing the
target namespace; update each helm install call to include the same namespace
used earlier (apim) by adding --namespace apim (or -n apim) so the releases and
their resources are created in the apim namespace and match the earlier kubectl
create namespace and kubectl apply -n apim steps.

In
`@en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-6-all-in-one-is-as-km.md`:
- Around line 143-185: The Helm installs for Identity Server and API Manager are
missing the target namespace created earlier; update the `helm install is`
command (referenced as "helm install is wso2/identity-server --version next -f
default_values.yaml") and the `helm install apim` command (referenced as "helm
install apim wso2/wso2am-all-in-one --version 4.7.0-1 -f ...") to include the
namespace flag (either `--namespace apim` or `-n apim`) so both releases are
deployed into the `apim` namespace created by `kubectl create namespace apim`;
no change needed for the Envoy Gateway install which deliberately uses `-n
envoy-gateway-system`.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 000871c3-4529-4958-a9ba-665da94a2bf4

📥 Commits

Reviewing files that changed from the base of the PR and between 028eebf and 102acbf.

📒 Files selected for processing (7)

• en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-0-all-in-one.md
• en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-1-all-in-one-ha.md
• en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-2-all-in-one-gw.md
• en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-3-acp-tm-gw.md
• en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-4-acp-tm-gw-km.md
• en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-5-all-in-one-gw-km.md
• en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-6-all-in-one-is-as-km.md

[coderabbitai]

♻️ Duplicate comments (1)

en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-6-all-in-one-is-as-km.md (1)

512-514: ⚠️ Potential issue | 🟠 Major

Include the IS hostname in the /etc/hosts example to match the access URL.

Line 526 uses <kubernetes.gatewayAPI.is.hostname>, but the hosts mapping sample omits it. In local/evaluation setups without DNS, this causes host resolution failures for the IS console.

Suggested doc fix

-<EXTERNAL-IP> <kubernetes.gatewayAPI.management.hostname> <kubernetes.gatewayAPI.gateway.hostname> <kubernetes.gatewayAPI.websub.hostname> <kubernetes.gatewayAPI.websocket.hostname>
+<EXTERNAL-IP> <kubernetes.gatewayAPI.management.hostname> <kubernetes.gatewayAPI.gateway.hostname> <kubernetes.gatewayAPI.websub.hostname> <kubernetes.gatewayAPI.websocket.hostname> <kubernetes.gatewayAPI.is.hostname>

Also applies to: 526-526

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-6-all-in-one-is-as-km.md`
around lines 512 - 514, The /etc/hosts example is missing the IS hostname used
by the access URL; update the hosts mapping line that lists hostnames (currently
showing <kubernetes.gatewayAPI.management.hostname>
<kubernetes.gatewayAPI.gateway.hostname> <kubernetes.gatewayAPI.websub.hostname>
<kubernetes.gatewayAPI.websocket.hostname>) to also include
<kubernetes.gatewayAPI.is.hostname> so the IS console resolves locally; ensure
the example line and any mentions of <kubernetes.gatewayAPI.is.hostname> are
consistent.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In
`@en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-6-all-in-one-is-as-km.md`:
- Around line 512-514: The /etc/hosts example is missing the IS hostname used by
the access URL; update the hosts mapping line that lists hostnames (currently
showing <kubernetes.gatewayAPI.management.hostname>
<kubernetes.gatewayAPI.gateway.hostname> <kubernetes.gatewayAPI.websub.hostname>
<kubernetes.gatewayAPI.websocket.hostname>) to also include
<kubernetes.gatewayAPI.is.hostname> so the IS console resolves locally; ensure
the example line and any mentions of <kubernetes.gatewayAPI.is.hostname> are
consistent.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 636e6283-319e-43f8-90bb-eacd37fb94ea

📥 Commits

Reviewing files that changed from the base of the PR and between 102acbf and 7fd2307.

📒 Files selected for processing (10)

• en/.spelling
• en/docs/install-and-setup/install/installation-options.md
• en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-0-all-in-one.md
• en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-1-all-in-one-ha.md
• en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-2-all-in-one-gw.md
• en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-3-acp-tm-gw.md
• en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-4-acp-tm-gw-km.md
• en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-5-all-in-one-gw-km.md
• en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-6-all-in-one-is-as-km.md
• en/docs/install-and-setup/setup/kubernetes-deployment/openshift/openshift-deployment-overview.md

✅ Files skipped from review due to trivial changes (3)

• en/docs/install-and-setup/setup/kubernetes-deployment/openshift/openshift-deployment-overview.md
• en/.spelling
• en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-1-all-in-one-ha.md