We use analytics and cookies to understand site traffic. Information about your use of our site is shared with Google for that purpose. Learn more.
Setting up custom ingress gateway
Knative uses a shared ingress Gateway to serve all incoming traffic within
Knative service mesh, which is the knative-ingress-gateway Gateway under
the knative-serving namespace. By default, we use Istio gateway service
istio-ingressgateway under istio-system namespace as its underlying service.
You can replace the service with that of your own as follows.
Step 1: Create Gateway Service and Deployment Instance
You’ll need to create the gateway service and deployment instance to handle
traffic first. Let’s say you customized the default istio-ingressgateway to
custom-ingressgateway as follows.
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
values:
global:
proxy:
autoInject: disabled
useMCP: false
# The third-party-jwt is not enabled on all k8s.
# See: https://istio.io/docs/ops/best-practices/security/#configure-third-party-service-account-tokens
jwtPolicy: first-party-jwt
addonComponents:
pilot:
enabled: true
prometheus:
enabled: false
components:
ingressGateways:
- name: custom-ingressgateway
enabled: true
namespace: custom-ns
label:
istio: custom-gateway
Step 2: Update Knative Gateway
Update gateway instance knative-ingress-gateway under knative-serving
namespace:
kubectl edit gateway knative-ingress-gateway -n knative-serving
Replace the label selector with the label of your service:
istio: ingressgateway
For the service above, it should be updated to:
istio: custom-gateway
If there is a change in service ports (compared with that of
istio-ingressgateway), update the port info in the gateway accordingly.
Step 3: Update Gateway Configmap
Update gateway configmap config-istio under knative-serving
namespace:
kubectl edit configmap config-istio -n knative-serving
Replace the istio-ingressgateway.istio-system.svc.cluster.local field with
the fully qualified url of your service.
gateway.knative-serving.knative-ingress-gateway: "istio-ingressgateway.istio-system.svc.cluster.local"
For the service above, it should be updated to:
gateway.knative-serving.knative-ingress-gateway: custom-ingressgateway.custom-ns.svc.cluster.local
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.