Add instructions to enable remote cluster gateways using Helm (#10200)

Fixes: #9397

content/en/docs/setup/install/external-controlplane/index.md

@@ -424,6 +424,9 @@ including gateways, if needed.
 
 1. Enable an ingress gateway on the remote cluster:
 
+    {{< tabset category-name="ingress-gateway-install-type" >}}
+    {{< tab name="IstioOperator" category-value="iop" >}}
+
     {{< text bash >}}
     $ cat <<EOF > istio-ingressgateway.yaml
     apiVersion: install.istio.io/v1alpha1
@@ -443,8 +446,29 @@ including gateways, if needed.
     $ istioctl install -f istio-ingressgateway.yaml --context="${CTX_REMOTE_CLUSTER}"
     {{< /text >}}
 
+    {{< /tab >}}
+
+    {{< tab name="Helm" category-value="helm" >}}
+
+    {{< text bash >}}
+    $ cat <<EOF > values.yaml
+    gateways:
+        istio-ingressgateway:
+          # Enable gateway injection
+          injectionTemplate: gateway
+          name: istio-ingressgateway
+    EOF
+    $ helm install istio-ingress manifests/charts/gateways/istio-ingress  -f values.yaml -n external-istiod --kube-context="${CTX_REMOTE_CLUSTER}"
+    {{< /text >}}
+
+    {{< /tab >}}
+    {{< /tabset >}}
+
 1. Enable an egress gateway, or other gateways, on the remote cluster (optional):
 
+    {{< tabset category-name="egress-gateway-install-type" >}}
+    {{< tab name="IstioOperator" category-value="iop" >}}
+
     {{< text bash >}}
     $ cat <<EOF > istio-egressgateway.yaml
     apiVersion: install.istio.io/v1alpha1
@@ -464,6 +488,24 @@ including gateways, if needed.
     $ istioctl install -f istio-egressgateway.yaml --context="${CTX_REMOTE_CLUSTER}"
     {{< /text >}}
 
+    {{< /tab >}}
+
+    {{< tab name="Helm" category-value="helm" >}}
+
+    {{< text bash >}}
+    $ cat <<EOF > values.yaml
+    gateways:
+        istio-egressgateway:
+          # Enable gateway injection
+          injectionTemplate: gateway
+          name: istio-egressgateway
+    EOF
+    $ helm install istio-egress manifests/charts/gateways/istio-egress  -f values.yaml -n external-istiod --kube-context="${CTX_REMOTE_CLUSTER}"
+    {{< /text >}}
+
+    {{< /tab >}}
+    {{< /tabset >}}
+
 1. Confirm that the Istio ingress gateway is running:
 
     {{< text bash >}}

content/en/docs/setup/install/external-controlplane/snips.sh

@@ -318,6 +318,17 @@ istioctl install -f istio-ingressgateway.yaml --context="${CTX_REMOTE_CLUSTER}"
 }
 
 snip_enable_gateways_2() {
+cat <<EOF > values.yaml
+gateways:
+    istio-ingressgateway:
+      # Enable gateway injection
+      injectionTemplate: gateway
+      name: istio-ingressgateway
+EOF
+helm install istio-ingress manifests/charts/gateways/istio-ingress  -f values.yaml -n external-istiod --kube-context="${CTX_REMOTE_CLUSTER}"
+}
+
+snip_enable_gateways_3() {
 cat <<EOF > istio-egressgateway.yaml
 apiVersion: install.istio.io/v1alpha1
 kind: IstioOperator
@@ -336,30 +347,41 @@ EOF
 istioctl install -f istio-egressgateway.yaml --context="${CTX_REMOTE_CLUSTER}"
 }
 
-snip_enable_gateways_3() {
+snip_enable_gateways_4() {
+cat <<EOF > values.yaml
+gateways:
+    istio-egressgateway:
+      # Enable gateway injection
+      injectionTemplate: gateway
+      name: istio-egressgateway
+EOF
+helm install istio-egress manifests/charts/gateways/istio-egress  -f values.yaml -n external-istiod --kube-context="${CTX_REMOTE_CLUSTER}"
+}
+
+snip_enable_gateways_5() {
 kubectl get pod -l app=istio-ingressgateway -n external-istiod --context="${CTX_REMOTE_CLUSTER}"
 }
 
-! read -r -d '' snip_enable_gateways_3_out <<\ENDSNIP
+! read -r -d '' snip_enable_gateways_5_out <<\ENDSNIP
 NAME                                    READY   STATUS    RESTARTS   AGE
 istio-ingressgateway-7bcd5c6bbd-kmtl4   1/1     Running   0          8m4s
 ENDSNIP
 
-snip_enable_gateways_4() {
+snip_enable_gateways_6() {
 kubectl apply -f samples/helloworld/helloworld-gateway.yaml -n sample --context="${CTX_REMOTE_CLUSTER}"
 }
 
-snip_enable_gateways_5() {
+snip_enable_gateways_7() {
 export INGRESS_HOST=$(kubectl -n external-istiod --context="${CTX_REMOTE_CLUSTER}" get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
 export INGRESS_PORT=$(kubectl -n external-istiod --context="${CTX_REMOTE_CLUSTER}" get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].port}')
 export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT
 }
 
-snip_enable_gateways_6() {
+snip_enable_gateways_8() {
 curl -s "http://${GATEWAY_URL}/hello"
 }
 
-! read -r -d '' snip_enable_gateways_6_out <<\ENDSNIP
+! read -r -d '' snip_enable_gateways_8_out <<\ENDSNIP
 Hello version: v1, instance: helloworld-v1-776f57d5f6-s7zfc
 ENDSNIP
 

content/en/docs/setup/install/external-controlplane/test.sh

@@ -21,6 +21,11 @@ set -e
 set -u
 set -o pipefail
 
+kubectl_get_egress_gateway_for_remote_cluster() {
+  response=$(kubectl get pod -l app=istio-egressgateway -n external-istiod --context="${CTX_REMOTE_CLUSTER}" -o jsonpath="{.items[*].status.phase}")
+  echo "$response"
+}
+
 # Override some snip functions to configure the istiod gateway using TLS passthrough in the test environemnt.
 
 snip_get_external_istiod_iop_modified() {
@@ -104,16 +109,20 @@ _verify_contains snip_deploy_a_sample_application_4 "Hello version: v1"
 echo y | snip_enable_gateways_1
 #echo y | snip_enable_gateways_2
 
-_verify_like snip_enable_gateways_3 "$snip_enable_gateways_3_out"
-
 snip_enable_gateways_4
 
+_verify_same kubectl_get_egress_gateway_for_remote_cluster "Running" 
+
+_verify_like snip_enable_gateways_5 "$snip_enable_gateways_5_out"
+
+snip_enable_gateways_6
+
 export GATEWAY_URL=$(kubectl \
     --context="${CTX_REMOTE_CLUSTER}" \
     -n external-istiod get svc istio-ingressgateway \
     -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
 
-_verify_contains snip_enable_gateways_6 "Hello version: v1"
+_verify_contains snip_enable_gateways_8 "Hello version: v1"
 
 # Adding clusters to the mesh.