Configuring the ingress gateway¶
Knative uses a shared ingress Gateway to serve all incoming traffic within
Knative service mesh, which is the knative-ingress-gateway
Gateway under
the knative-serving
namespace. By default, we use Istio gateway service
istio-ingressgateway
under istio-system
namespace as its underlying service.
You can replace the service and the gateway with that of your own as follows.
Replace the default istio-ingressgateway
service¶
Step 1: Create the gateway service and deployment instance¶
You'll need to create the gateway service and deployment instance to handle
traffic first. Let's say you customized the default istio-ingressgateway
to
custom-ingressgateway
as follows.
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
components:
ingressGateways:
- name: custom-ingressgateway
enabled: true
namespace: custom-ns
label:
istio: custom-gateway
Step 2: Update the Knative gateway¶
Update gateway instance knative-ingress-gateway
under knative-serving
namespace:
kubectl edit gateway knative-ingress-gateway -n knative-serving
Replace the label selector with the label of your service:
istio: ingressgateway
For the example custom-ingressgateway
service mentioned earlier, it should be updated to:
istio: custom-gateway
If there is a change in service ports (compared with that of
istio-ingressgateway
), update the port info in the gateway accordingly.
Step 3: Update the gateway ConfigMap¶
-
Update gateway configmap
config-istio
underknative-serving
namespace:kubectl edit configmap config-istio -n knative-serving
This command opens your default text editor and allows you to edit the config-istio ConfigMap.
apiVersion: v1 data: _example: | ################################ # # # EXAMPLE CONFIGURATION # # # ################################ # ... external-gateways: | - name: knative-ingress-gateway namespace: knative-serving service: istio-ingressgateway.istio-system.svc.cluster.local
-
Edit the file to add the
external-gateways
field with the fully qualified url of your service. For the examplecustom-ingressgateway
service mentioned earlier, it should be updated to:apiVersion: v1 data: external-gateways: | - name: knative-ingress-gateway namespace: knative-serving service: custom-ingressgateway.custom-ns.svc.cluster.local kind: ConfigMap [...]
Replace the knative-ingress-gateway
gateway¶
We customized the gateway service so far, but we may also want to use our own gateway. We can replace the default gateway with our own gateway with following steps.
Step 1: Create the gateway¶
Let's say you replace the default knative-ingress-gateway
gateway with
knative-custom-gateway
in custom-ns
.
First, create the knative-custom-gateway
gateway:
-
Create a YAML file using the following template:
WhereapiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: name: knative-custom-gateway namespace: custom-ns spec: selector: istio: <service-label> servers: - port: number: 80 name: http protocol: HTTP hosts: - "*"
<service-label>
is a label to select your service, for example,ingressgateway
. -
Apply the YAML file by running the command:
Wherekubectl apply -f <filename>.yaml
<filename>
is the name of the file you created in the previous step.
Step 2: Update the gateway ConfigMap¶
-
Update gateway configmap
config-istio
underknative-serving
namespace:kubectl edit configmap config-istio -n knative-serving
This command opens your default text editor and allows you to edit the config-istio ConfigMap.
apiVersion: v1 data: _example: | ################################ # # # EXAMPLE CONFIGURATION # # # ################################ # ... external-gateways: | - name: knative-ingress-gateway namespace: knative-serving service: istio-ingressgateway.istio-system.svc.cluster.local
-
Edit the file to add the
external-gateways
field with the customized gateway. For the exampleknative-custom-gateway
mentioned earlier, it should be updated to:apiVersion: v1 data: external-gateways: | - name: knative-custom-gateway namespace: custom-ns service: istio-ingressgateway.istio-system.svc.cluster.local kind: ConfigMap [...]
The configuration format should be
external-gateways: |
- name: <gateway-name>
namespace: <gateway-namespace>
service: <fully-qualified-url-of-istio-ingress-service>