diff --git a/content/en/docs/reference/commands/install-cni/index.html b/content/en/docs/reference/commands/install-cni/index.html
index 9e662241a2..6b9c003c7f 100644
--- a/content/en/docs/reference/commands/install-cni/index.html
+++ b/content/en/docs/reference/commands/install-cni/index.html
@@ -750,12 +750,6 @@ These environment variables affect the behavior of the install-cni
If enabled, envoy will send builtin lables(e.g. node_name) via OTel sink. |
-ENABLE_SELECTOR_BASED_K8S_GATEWAY_POLICY |
-Boolean |
-true |
-If disabled, Gateway API gateways will ignore workloadSelector policies, onlyapplying policies that select the gateway with a targetRef. |
-
-
ENABLE_TLS_ON_SIDECAR_INGRESS |
Boolean |
false |
diff --git a/content/en/docs/reference/commands/istioctl/index.html b/content/en/docs/reference/commands/istioctl/index.html
index c6c18d8240..af320f03f0 100644
--- a/content/en/docs/reference/commands/istioctl/index.html
+++ b/content/en/docs/reference/commands/istioctl/index.html
@@ -6658,12 +6658,6 @@ These environment variables affect the behavior of the istioctl com
If enabled, readiness probes will keep the connection from pilot-agent to the application alive. This mirrors older Istio versions' behaviors, but not kubelet's. |
-ENABLE_SELECTOR_BASED_K8S_GATEWAY_POLICY |
-Boolean |
-true |
-If disabled, Gateway API gateways will ignore workloadSelector policies, onlyapplying policies that select the gateway with a targetRef. |
-
-
ENABLE_TLS_ON_SIDECAR_INGRESS |
Boolean |
false |
diff --git a/content/en/docs/reference/commands/operator/index.html b/content/en/docs/reference/commands/operator/index.html
index 5b88746417..7c0f1a02dc 100644
--- a/content/en/docs/reference/commands/operator/index.html
+++ b/content/en/docs/reference/commands/operator/index.html
@@ -431,12 +431,6 @@ These environment variables affect the behavior of the operator com
If enabled, readiness probes will keep the connection from pilot-agent to the application alive. This mirrors older Istio versions' behaviors, but not kubelet's. |
-ENABLE_SELECTOR_BASED_K8S_GATEWAY_POLICY |
-Boolean |
-true |
-If disabled, Gateway API gateways will ignore workloadSelector policies, onlyapplying policies that select the gateway with a targetRef. |
-
-
ENABLE_TLS_ON_SIDECAR_INGRESS |
Boolean |
false |
diff --git a/content/en/docs/reference/commands/pilot-agent/index.html b/content/en/docs/reference/commands/pilot-agent/index.html
index 563aec08d4..b5ed2a3505 100644
--- a/content/en/docs/reference/commands/pilot-agent/index.html
+++ b/content/en/docs/reference/commands/pilot-agent/index.html
@@ -1184,12 +1184,6 @@ These environment variables affect the behavior of the pilot-agent
If enabled, readiness probes will keep the connection from pilot-agent to the application alive. This mirrors older Istio versions' behaviors, but not kubelet's. |
-ENABLE_SELECTOR_BASED_K8S_GATEWAY_POLICY |
-Boolean |
-true |
-If disabled, Gateway API gateways will ignore workloadSelector policies, onlyapplying policies that select the gateway with a targetRef. |
-
-
ENABLE_TLS_ON_SIDECAR_INGRESS |
Boolean |
false |
diff --git a/content/en/docs/reference/commands/pilot-discovery/index.html b/content/en/docs/reference/commands/pilot-discovery/index.html
index eb353db4a5..1fd7181d61 100644
--- a/content/en/docs/reference/commands/pilot-discovery/index.html
+++ b/content/en/docs/reference/commands/pilot-discovery/index.html
@@ -587,12 +587,6 @@ These environment variables affect the behavior of the pilot-discoveryIf enabled, readiness probes will keep the connection from pilot-agent to the application alive. This mirrors older Istio versions' behaviors, but not kubelet's.
-ENABLE_SELECTOR_BASED_K8S_GATEWAY_POLICY |
-Boolean |
-true |
-If disabled, Gateway API gateways will ignore workloadSelector policies, onlyapplying policies that select the gateway with a targetRef. |
-
-
ENABLE_TLS_ON_SIDECAR_INGRESS |
Boolean |
false |
diff --git a/content/zh/docs/reference/commands/install-cni/index.html b/content/zh/docs/reference/commands/install-cni/index.html
index 9e662241a2..6b9c003c7f 100644
--- a/content/zh/docs/reference/commands/install-cni/index.html
+++ b/content/zh/docs/reference/commands/install-cni/index.html
@@ -750,12 +750,6 @@ These environment variables affect the behavior of the install-cni
If enabled, envoy will send builtin lables(e.g. node_name) via OTel sink. |
-ENABLE_SELECTOR_BASED_K8S_GATEWAY_POLICY |
-Boolean |
-true |
-If disabled, Gateway API gateways will ignore workloadSelector policies, onlyapplying policies that select the gateway with a targetRef. |
-
-
ENABLE_TLS_ON_SIDECAR_INGRESS |
Boolean |
false |
diff --git a/content/zh/docs/reference/commands/istioctl/index.html b/content/zh/docs/reference/commands/istioctl/index.html
index c6c18d8240..af320f03f0 100644
--- a/content/zh/docs/reference/commands/istioctl/index.html
+++ b/content/zh/docs/reference/commands/istioctl/index.html
@@ -6658,12 +6658,6 @@ These environment variables affect the behavior of the istioctl com
If enabled, readiness probes will keep the connection from pilot-agent to the application alive. This mirrors older Istio versions' behaviors, but not kubelet's. |
-ENABLE_SELECTOR_BASED_K8S_GATEWAY_POLICY |
-Boolean |
-true |
-If disabled, Gateway API gateways will ignore workloadSelector policies, onlyapplying policies that select the gateway with a targetRef. |
-
-
ENABLE_TLS_ON_SIDECAR_INGRESS |
Boolean |
false |
diff --git a/content/zh/docs/reference/commands/operator/index.html b/content/zh/docs/reference/commands/operator/index.html
index 5b88746417..7c0f1a02dc 100644
--- a/content/zh/docs/reference/commands/operator/index.html
+++ b/content/zh/docs/reference/commands/operator/index.html
@@ -431,12 +431,6 @@ These environment variables affect the behavior of the operator com
If enabled, readiness probes will keep the connection from pilot-agent to the application alive. This mirrors older Istio versions' behaviors, but not kubelet's. |
-ENABLE_SELECTOR_BASED_K8S_GATEWAY_POLICY |
-Boolean |
-true |
-If disabled, Gateway API gateways will ignore workloadSelector policies, onlyapplying policies that select the gateway with a targetRef. |
-
-
ENABLE_TLS_ON_SIDECAR_INGRESS |
Boolean |
false |
diff --git a/content/zh/docs/reference/commands/pilot-agent/index.html b/content/zh/docs/reference/commands/pilot-agent/index.html
index 563aec08d4..b5ed2a3505 100644
--- a/content/zh/docs/reference/commands/pilot-agent/index.html
+++ b/content/zh/docs/reference/commands/pilot-agent/index.html
@@ -1184,12 +1184,6 @@ These environment variables affect the behavior of the pilot-agent
If enabled, readiness probes will keep the connection from pilot-agent to the application alive. This mirrors older Istio versions' behaviors, but not kubelet's. |
-ENABLE_SELECTOR_BASED_K8S_GATEWAY_POLICY |
-Boolean |
-true |
-If disabled, Gateway API gateways will ignore workloadSelector policies, onlyapplying policies that select the gateway with a targetRef. |
-
-
ENABLE_TLS_ON_SIDECAR_INGRESS |
Boolean |
false |
diff --git a/content/zh/docs/reference/commands/pilot-discovery/index.html b/content/zh/docs/reference/commands/pilot-discovery/index.html
index eb353db4a5..1fd7181d61 100644
--- a/content/zh/docs/reference/commands/pilot-discovery/index.html
+++ b/content/zh/docs/reference/commands/pilot-discovery/index.html
@@ -587,12 +587,6 @@ These environment variables affect the behavior of the pilot-discoveryIf enabled, readiness probes will keep the connection from pilot-agent to the application alive. This mirrors older Istio versions' behaviors, but not kubelet's.
-ENABLE_SELECTOR_BASED_K8S_GATEWAY_POLICY |
-Boolean |
-true |
-If disabled, Gateway API gateways will ignore workloadSelector policies, onlyapplying policies that select the gateway with a targetRef. |
-
-
ENABLE_TLS_ON_SIDECAR_INGRESS |
Boolean |
false |
diff --git a/data/analysis.yaml b/data/analysis.yaml
index b7155da45a..d8dd74db64 100644
--- a/data/analysis.yaml
+++ b/data/analysis.yaml
@@ -50,17 +50,7 @@ messages:
- name: podName
type: string
- - name: "GatewayPortNotOnWorkload"
- code: IST0104
- level: Warning
- description: "Unhandled gateway port"
- template: "The gateway refers to a port that is not exposed on the workload (pod selector %s; port %d)"
- args:
- - name: selector
- type: string
- - name: port
- type: int
-
+ # IST0104 RETIRED
# IST0105 RETIRED
- name: "SchemaValidationError"
@@ -589,6 +579,7 @@ messages:
type: "[]string"
- name: namespace
type: string
+
- name: "InvalidGatewayCredential"
code: IST0161
level: Error
@@ -599,3 +590,14 @@ messages:
type: string
- name: gatewayNamespace
type: string
+
+ - name: "GatewayPortNotDefinedOnService"
+ code: IST0162
+ level: Warning
+ description: "Gateway port not exposed by service"
+ template: "The gateway is listening on a target port (port %d) that is not defined in the Service associated with its workload instances (Pod selector %s). If you need to access the gateway port through the gateway Service, it will not be available."
+ args:
+ - name: port
+ type: int
+ - name: selector
+ type: string