1. Enable the feature gate: oc patch featuregates/cluster --type=merge --patch='{"spec":{"featureSet":"CustomNoUpgrade","customNoUpgrade":{"enabled":["GatewayAPI"]}}}' oc get crds | grep -e gateway.networking.k8s.io -e maistra.io 2. Give the Ingress Operator cluster-admin permission: oc adm policy add-cluster-role-to-user cluster-admin -z ingress-operator -n openshift-ingress-operator 3. Get a pre-release build of OSSM 2.4 (see https://raw.githubusercontent.com/gcs278/istio-gateway-api-demo/master/install-ossm-daily-build.sh) sh install-ossm-daily-build.sh 4. Patch the clusterserviceversion to use a development build of Envoy oc -n openshift-operators patch csv/servicemeshoperator.v2.4.0 --type=json --patch='[{"op":"replace","path":"/spec/install/spec/deployments/0/spec/template/metadata/annotations/olm.relatedImage.v2_4.proxyv2","value":"quay.io/maistra-dev/proxyv2-ubi8:2.4-latest"}]' 5. Create a gatewayclass: oc create -f -<<'EOF' apiVersion: gateway.networking.k8s.io/v1beta1 kind: GatewayClass metadata: name: openshift-default spec: controllerName: openshift.io/gateway-controller EOF 6. Create a wildcard certificate and secret: base_domain="$(oc get dnses.config/cluster -o jsonpath='{.spec.baseDomain}')" gwapi_domain="gwapi.${base_domain}" mkdir /tmp/gwapi openssl req -x509 -newkey rsa:4096 -sha256 -days 365 -keyout /tmp/gwapi/ca.key -out /tmp/gwapi/ca.crt -nodes -subj '/C=US/ST=NC/L=Chocowinity/O=OS3/OU=Eng/CN=gwapi-ca' && openssl req -newkey rsa:4096 -nodes -sha256 -keyout /tmp/gwapi/wildcard.key -out /tmp/gwapi/wildcard.csr -subj "/C=US/ST=NC/L=Chocowinity/O=OS3/OU=Eng/CN=*.$gwapi_domain" && openssl x509 -req -days 365 -in /tmp/gwapi/wildcard.csr -signkey /tmp/gwapi/wildcard.key -CA /tmp/gwapi/ca.crt -CAcreateserial -CAkey /tmp/gwapi/ca.key -out /tmp/gwapi/wildcard.crt oc -n openshift-ingress create secret tls gwapi-wildcard --cert=/tmp/gwapi/wildcard.crt --key=/tmp/gwapi/wildcard.key 7. Create a gateway: oc create -f - <