Adding a tls certification
14 views
Skip to first unread message
warw...@gmail.com
Jan 7, 2022, 5:22:57 AM1/7/22
to Knative Users
Hi,
(snip)
I deployed knative using operator with Istio and I updated gateway's spec to add a cert. for tls connection like following:
$ kubectl edit gateway knative-ingress-gateway --namespace knative-serving
spec:
selector:
istio: ingressgateway
servers:
- hosts:
- '*'
port:
name: http
number: 80
protocol: HTTP
- hosts:
- '*.mydomain.com'
port:
name: https
number: 443
protocol: HTTPS
tls:
credentialName: my-tls
mode: SIMPLE
It woked fine for a while but https requests to services returned error. I found out that the spec was rolled back to default.
How can I keep my updated spec permanently?
Thanks,
Youngwoo
Vincent S Hou
Jan 7, 2022, 4:39:01 PM1/7/22
to warw...@gmail.com, knativ...@googlegroups.com
Hi Youngwoo,
I admit that this is one of the tops questions users ask about using operator.
It is true that operator cr cannot directly configure the istio gateway, which is available in net-istio.yaml.
You can see the issue and discussion here: https://github.com/knative/operator/issues/505#issuecomment-805916910
In general, there are two ways to resolve it for now:
1. Using a custom gateway instead of changing the default one. Plz check here: https://knative.dev/docs/install/operator/configuring-serving-cr/#replace-the-knative-ingress-gateway-gateway (I personally recommend this one to resolve your issue)
2. You can leverage the custom manifests to add your configuration of the gateway. The resource in the spec.additionalManifests will overwrite. This custom manifests can in theory import any resource into the cluster. Go with this one unless you really have no alternatives.
Feel free to reach out for further questions. Thank you.
Best wishes.
Vincent Hou (侯胜博)
Senior Software Engineer, Lead of Knative & Tekton Operation Work Groups
Notes ID: Vincent S Hou/Raleigh/IBM, E-mail: sh...@us.ibm.com,
Phone: +1(919)254-7182
Address: 4205 S Miami Blvd (Cornwallis Drive), Durham, NC 27703, United States
Vincent Hou (侯胜博)
Senior Software Engineer, Lead of Knative & Tekton Operation Work Groups
Notes ID: Vincent S Hou/Raleigh/IBM, E-mail: sh...@us.ibm.com,
Phone: +1(919)254-7182
Address: 4205 S Miami Blvd (Cornwallis Drive), Durham, NC 27703, United States
--
You received this message because you are subscribed to the Google Groups "Knative Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to knative-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/knative-users/dc561757-4dc5-41f2-93db-407e44ea4ba5n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages