Configuring the ingress gateway

Knative uses a shared ingress Gateway to serve all incoming traffic within Knative service mesh, which is the knative-ingress-gateway Gateway under the knative-serving namespace. By default, we use Istio gateway service istio-ingressgateway under istio-system namespace as its underlying service. You can replace the service and the gateway with that of your own as follows.

Replace the default istio-ingressgateway service

Step 1: Create the gateway service and deployment instance

You’ll need to create the gateway service and deployment instance to handle traffic first. Let’s say you customized the default istio-ingressgateway to custom-ingressgateway as follows.

  1. apiVersion: install.istio.io/v1alpha1
  2. kind: IstioOperator
  3. spec:
  4. components:
  5. ingressGateways:
  6. - name: custom-ingressgateway
  7. enabled: true
  8. namespace: custom-ns
  9. label:
  10. istio: custom-gateway

Step 2: Update the Knative gateway

Update gateway instance knative-ingress-gateway under knative-serving namespace:

  1. kubectl edit gateway knative-ingress-gateway -n knative-serving

Replace the label selector with the label of your service:

  1. istio: ingressgateway

For the example custom-ingressgateway service mentioned earlier, it should be updated to:

  1. istio: custom-gateway

If there is a change in service ports (compared with that of istio-ingressgateway), update the port info in the gateway accordingly.

Step 3: Update the gateway ConfigMap

  1. Update gateway configmap config-istio under knative-serving namespace:

    1. kubectl edit configmap config-istio -n knative-serving

    This command opens your default text editor and allows you to edit the config-istio ConfigMap.

    1. apiVersion: v1
    2. data:
    3. _example: |
    4. ################################
    5. # #
    6. # EXAMPLE CONFIGURATION #
    7. # #
    8. ################################
    9. # ...
    10. external-gateways: |
    11. - name: knative-ingress-gateway
    12. namespace: knative-serving
    13. service: istio-ingressgateway.istio-system.svc.cluster.local
  2. Edit the file to add the external-gateways field with the fully qualified url of your service. For the example custom-ingressgateway service mentioned earlier, it should be updated to:

    1. apiVersion: v1
    2. data:
    3. external-gateways: |
    4. - name: knative-ingress-gateway
    5. namespace: knative-serving
    6. service: custom-ingressgateway.custom-ns.svc.cluster.local
    7. kind: ConfigMap
    8. [...]

Replace the knative-ingress-gateway gateway

We customized the gateway service so far, but we may also want to use our own gateway. We can replace the default gateway with our own gateway with following steps.

Step 1: Create the gateway

Let’s say you replace the default knative-ingress-gateway gateway with knative-custom-gateway in custom-ns. First, create the knative-custom-gateway gateway:

  1. Create a YAML file using the following template:

    1. apiVersion: networking.istio.io/v1alpha3
    2. kind: Gateway
    3. metadata:
    4. name: knative-custom-gateway
    5. namespace: custom-ns
    6. spec:
    7. selector:
    8. istio: <service-label>
    9. servers:
    10. - port:
    11. number: 80
    12. name: http
    13. protocol: HTTP
    14. hosts:
    15. - "*"

    Where <service-label> is a label to select your service, for example, ingressgateway.

  2. Apply the YAML file by running the command:

    1. kubectl apply -f <filename>.yaml

    Where <filename> is the name of the file you created in the previous step.

Step 2: Update the gateway ConfigMap

  1. Update gateway configmap config-istio under knative-serving namespace:

    1. kubectl edit configmap config-istio -n knative-serving

    This command opens your default text editor and allows you to edit the config-istio ConfigMap.

    1. apiVersion: v1
    2. data:
    3. _example: |
    4. ################################
    5. # #
    6. # EXAMPLE CONFIGURATION #
    7. # #
    8. ################################
    9. # ...
    10. external-gateways: |
    11. - name: knative-ingress-gateway
    12. namespace: knative-serving
    13. service: istio-ingressgateway.istio-system.svc.cluster.local
  2. Edit the file to add the external-gateways field with the customized gateway. For the example knative-custom-gateway mentioned earlier, it should be updated to:

    1. apiVersion: v1
    2. data:
    3. external-gateways: |
    4. - name: knative-custom-gateway
    5. namespace: custom-ns
    6. service: istio-ingressgateway.istio-system.svc.cluster.local
    7. kind: ConfigMap
    8. [...]

The configuration format should be

  1. external-gateways: |
  2. - name: <gateway-name>
  3. namespace: <gateway-namespace>
  4. service: <fully-qualified-url-of-istio-ingress-service>