How to use Knative to serve a tls enabled service

[Chen Lin]

Hi all,

I have a few containerized services running on Kubernetes already.

Because they are for confidential computing, so all the services have already enabled TLS connection.

Now I try to use Knative to serve those services, but by default the route give me a http endpoint instead of https. Access the knative provided http endpoint or change to https will not work.

I don't want to use Knative TLS now ( all my keys are managed by the confidential container - Scone).

Is there a way to tell Knative my underline service is already tls enabled. Or it is impossible to do that.

Thanks and best regards

Chen 

[Kenjiro Nakayama]

Hi Chen,

Unfortunately it is not possible at this moment.

The TLS must be handled at the front end ingress such as Istio Gateway,
because activator and queue-proxy, they proxy the network traffic between
Ingress and your Knative app, do not support TLS passthrough.

Regards,
Kenjiro

--
You received this message because you are subscribed to the Google Groups "Knative Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to knative-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/knative-users/58ea9478-03cf-4b05-9ec6-45464bde7b11n%40googlegroups.com.

[Chen Lin]

Hi Kenjiro,

Thank you for the answer. It really helps.

Best regards

Chen

---

From: knativ...@googlegroups.com <knativ...@googlegroups.com> on behalf of Kenjiro Nakayama <knak...@redhat.com>
Sent: Thursday, October 15, 2020 10:27 PM
To: Chen Lin <cl...@slb.com>
Cc: Knative Users <knativ...@googlegroups.com>
Subject: [Ext] Re: How to use Knative to serve a tls enabled service

 

To view this discussion on the web visit https://groups.google.com/d/msgid/knative-users/CAMfvw4gQDLMfnp52pvRZbu0oUJuB_QSYfogvy38P48nrrXcROw%40mail.gmail.com.

Schlumberger-Private