Adding a tls certification

Skip to first unread message

Jan 7, 2022, 5:22:57 AMJan 7
to Knative Users

I deployed knative using operator with Istio and I updated gateway's spec to add a cert. for tls connection like following:

$ kubectl edit gateway knative-ingress-gateway --namespace knative-serving

istio: ingressgateway
- hosts:
- '*'
name: http
number: 80
protocol: HTTP
- hosts:
name: https
number: 443
protocol: HTTPS
credentialName: my-tls
mode: SIMPLE

It woked fine for a while but https requests to services returned error. I found out that the spec was rolled back to default.
How can I keep my updated spec permanently?


Vincent S Hou

Jan 7, 2022, 4:39:01 PMJan 7
Hi Youngwoo,
I admit that this is one of the tops questions users ask about using operator.
It is true that operator cr cannot directly configure the istio gateway, which is available in net-istio.yaml.
In general, there are two ways to resolve it for now:
1. Using a custom gateway instead of changing the default one. Plz check here:  (I personally recommend this one to resolve your issue)
2. You can leverage the custom manifests to add your configuration of the gateway. The resource in the spec.additionalManifests will overwrite. This custom manifests can in theory import any resource into the cluster. Go with this one unless you really have no alternatives.
Feel free to reach out for further questions. Thank you.
Best wishes.
Vincent Hou (侯胜博)

Senior Software Engineer, Lead of Knative & Tekton Operation Work Groups

Notes ID: Vincent S Hou/Raleigh/IBM, E-mail:,
Phone: +1(919)254-7182
Address: 4205 S Miami Blvd (Cornwallis Drive), Durham, NC 27703, United States
You received this message because you are subscribed to the Google Groups "Knative Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
To view this discussion on the web visit

Reply all
Reply to author
0 new messages