Setting up custom ingress gateway

Knative uses a shared ingress Gateway to serve all incoming traffic within Knative service mesh, which is the knative-ingress-gateway Gateway under the knative-serving namespace. By default, we use Istio gateway service istio-ingressgateway under istio-system namespace as its underlying service. You can replace the service and the gateway with that of your own as follows.

Replace the default istio-ingressgateway service

Step 1: Create the gateway service and deployment instance

You’ll need to create the gateway service and deployment instance to handle traffic first. Let’s say you customized the default istio-ingressgateway to custom-ingressgateway as follows.

  1. apiVersion: install.istio.io/v1alpha1
  2. kind: IstioOperator
  3. spec:
  4. components:
  5. ingressGateways:
  6. - name: custom-ingressgateway
  7. enabled: true
  8. namespace: custom-ns
  9. label:
  10. istio: custom-gateway

Step 2: Update the Knative gateway

Update gateway instance knative-ingress-gateway under knative-serving namespace:

  1. kubectl edit gateway knative-ingress-gateway -n knative-serving

Replace the label selector with the label of your service:

  1. istio: ingressgateway

For the service above, it should be updated to:

  1. istio: custom-gateway

If there is a change in service ports (compared with that of istio-ingressgateway), update the port info in the gateway accordingly.

Step 3: Update the gateway ConfigMap

  1. Update gateway configmap config-istio under knative-serving namespace:

    1. kubectl edit configmap config-istio -n knative-serving

    This command opens your default text editor and allows you to edit the config-istio ConfigMap.

    1. apiVersion: v1
    2. data:
    3. _example: |
    4. ################################
    5. # #
    6. # EXAMPLE CONFIGURATION #
    7. # #
    8. ################################
    9. # ...
    10. gateway.knative-serving.knative-ingress-gateway: "istio-ingressgateway.istio-system.svc.cluster.local"
  2. Edit the file to add the gateway.knative-serving.knative-ingress-gateway: <ingress_name>.<ingress_namespace>.svc.cluster.local field with the fully qualified url of your service. For the service above, it should be updated to:

    1. apiVersion: v1
    2. data:
    3. gateway.knative-serving.knative-ingress-gateway: custom-ingressgateway.custom-ns.svc.cluster.local
    4. kind: ConfigMap
    5. [...]

Replace the knative-ingress-gateway gateway

We customized the gateway service so far, but we may also want to use our own gateway. We can replace the default gateway with our own gateway with following steps.

Step 1: Create the gateway

Let’s say you replace the default knative-ingress-gateway gateway with knative-custom-gateway in custom-ns. First, we create the knative-custom-gateway gateway.

  1. cat <<EOF | kubectl apply -f -
  2. apiVersion: networking.istio.io/v1alpha3
  3. kind: Gateway
  4. metadata:
  5. name: knative-custom-gateway
  6. namespace: custom-ns
  7. spec:
  8. selector:
  9. istio: ingressgateway
  10. servers:
  11. - port:
  12. number: 80
  13. name: http
  14. protocol: HTTP
  15. hosts:
  16. - "*"
  17. EOF

Note

Replace the label selector istio: ingressgateway with the label of your service.

Step 2: Update the gateway ConfigMap

  1. Update gateway configmap config-istio under knative-serving namespace:

    1. kubectl edit configmap config-istio -n knative-serving

    This command opens your default text editor and allows you to edit the config-istio ConfigMap.

    1. apiVersion: v1
    2. data:
    3. _example: |
    4. ################################
    5. # #
    6. # EXAMPLE CONFIGURATION #
    7. # #
    8. ################################
    9. # ...
    10. gateway.knative-serving.knative-ingress-gateway: "istio-ingressgateway.istio-system.svc.cluster.local"
  2. Edit the file to add the gateway.<gateway-namespace>.<gateway-name>: istio-ingressgateway.istio-system.svc.cluster.local field with the customized gateway. For the gateway above, it should be updated to:

    1. apiVersion: v1
    2. data:
    3. gateway.custom-ns.knative-custom-gateway: "istio-ingressgateway.istio-system.svc.cluster.local"
    4. kind: ConfigMap
    5. [...]

The configuration format should be gateway.<gateway-namespace>.<gateway-name>. <gateway-namespace> is optional. When it is omitted, the system searches for the gateway in the serving system namespace knative-serving.