Hi, Looking for clarity on running Ingress Gateway in Istio Ambient mode.

We are running the bookinfo app with k8s Gateway for exposing service externally

apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: bookinfo-gateway
spec:
  gatewayClassName: istio
  listeners:
  - name: http
    port: 80
    protocol: HTTP
    allowedRoutes:
      namespaces:
        from: Same
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: bookinfo
spec:
  parentRefs:
  - name: bookinfo-gateway
  rules:
  - matches:
    - path:
        type: Exact
        value: /productpage
    - path:
        type: PathPrefix
        value: /static
    - path:
        type: Exact
        value: /login
    - path:
        type: Exact
        value: /logout
    - path:
        type: PathPrefix
        value: /api/v1/products
    backendRefs:
    - name: productpage
      port: 9080

We are using a cross namespace waypoint and the namespace is configured with the below labels

Name:         demo-app
Labels:       istio.io/dataplane-mode=ambient
              istio.io/use-waypoint=waypoint
              istio.io/use-waypoint-namespace=istio-system
              kubernetes.io/metadata.name=demo-app
Annotations:  <none>
Status:       Active

However, I see that the Gateway service and pod have istio.io/dataplane-mode=none label which seems to be auto-added ? I tried removing this but it gets added back. I assume there is something reconciling it to some standard config. Is it possible to remove this label ?

Reading through some docs, I found the below (excerpt) at https://ambientmesh.io/docs/traffic/gateways/#gateways-and-waypoints

The default behavior of Istio is to send traffic that transits a gateway to the destination directly, even if that destination is enrolled in a waypoint. This is to avoid cases of double handling, for example, where rules for traffic splitting or fault injection could be applied twice

You can enable ingress waypoint routing on a service, such that traffic will be sent from the gateway to the configured waypoint, not to the destination service. To do this, set the label istio.io/ingress-use-waypoint=true on a service

Added the labels as per above, but I still don't see traffic to Gateway traversing the waypoint. I suspect this is due to the dataplane-node=none label.

Name:                     bookinfo-gateway-istio
Namespace:                demo-app
Labels:                   gateway.istio.io/managed=istio.io-gateway-controller
                          gateway.networking.k8s.io/gateway-name=bookinfo-gateway
                          istio.io/dataplane-mode=none
                          istio.io/ingress-use-waypoint=true
                          istio.io/use-waypoint-namespace=istio-system

Would like to know if Istio managed Kubernetes Gateway is supported with waypoint in ambient mode ? Basically, I would like to understand if traffic can traverse like below ?

bookinfo-gateway-istio ---> waypoint --> productpage