Adding a tls certification

6 views
Skip to first unread message

warw...@gmail.com

unread,
Jan 7, 2022, 5:22:57 AMJan 7
to Knative Users
Hi,

I deployed knative using operator with Istio and I updated gateway's spec to add a cert. for tls connection like following:

$ kubectl edit gateway knative-ingress-gateway --namespace knative-serving

(snip)
spec:
selector:
istio: ingressgateway
servers:
- hosts:
- '*'
port:
name: http
number: 80
protocol: HTTP
- hosts:
port:
name: https
number: 443
protocol: HTTPS
tls:
credentialName: my-tls
mode: SIMPLE

It woked fine for a while but https requests to services returned error. I found out that the spec was rolled back to default.
How can I keep my updated spec permanently?

Thanks,
Youngwoo

Vincent S Hou

unread,
Jan 7, 2022, 4:39:01 PMJan 7
to warw...@gmail.com, knativ...@googlegroups.com
Hi Youngwoo,
 
I admit that this is one of the tops questions users ask about using operator.
It is true that operator cr cannot directly configure the istio gateway, which is available in net-istio.yaml.
 
 
In general, there are two ways to resolve it for now:
1. Using a custom gateway instead of changing the default one. Plz check here: https://knative.dev/docs/install/operator/configuring-serving-cr/#replace-the-knative-ingress-gateway-gateway  (I personally recommend this one to resolve your issue)
 
2. You can leverage the custom manifests to add your configuration of the gateway. The resource in the spec.additionalManifests will overwrite. This custom manifests can in theory import any resource into the cluster. Go with this one unless you really have no alternatives.
 
Feel free to reach out for further questions. Thank you.
 
Best wishes.
Vincent Hou (侯胜博)

Senior Software Engineer, Lead of Knative & Tekton Operation Work Groups

Notes ID: Vincent S Hou/Raleigh/IBM, E-mail: sh...@us.ibm.com,
Phone: +1(919)254-7182
Address: 4205 S Miami Blvd (Cornwallis Drive), Durham, NC 27703, United States
 
 
--
You received this message because you are subscribed to the Google Groups "Knative Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to knative-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/knative-users/dc561757-4dc5-41f2-93db-407e44ea4ba5n%40googlegroups.com.
 


Reply all
Reply to author
Forward
0 new messages