Setting up custom ingress gateway

Knative uses a shared ingress Gateway to serve all incoming traffic within Knative service mesh, which is the knative-ingress-gateway Gateway under the knative-serving namespace. By default, we use Istio gateway service istio-ingressgateway under istio-system namespace as its underlying service. You can replace the service with that of your own as follows.

Step 1: Create Gateway Service and Deployment Instance

You’ll need to create the gateway service and deployment instance to handle traffic first. Let’s say you customized the default istio-ingressgateway to custom-ingressgateway as follows.

kind: IstioOperator
        autoInject: disabled
      useMCP: false
      # The third-party-jwt is not enabled on all k8s.
      # See:
      jwtPolicy: first-party-jwt

      enabled: true
      enabled: false

      - name: custom-ingressgateway
        enabled: true
        namespace: custom-ns
          istio: custom-gateway

Step 2: Update Knative Gateway

Update gateway instance knative-ingress-gateway under knative-serving namespace:

kubectl edit gateway knative-ingress-gateway -n knative-serving

Replace the label selector with the label of your service:

istio: ingressgateway

For the service above, it should be updated to:

istio: custom-gateway

If there is a change in service ports (compared with that of istio-ingressgateway), update the port info in the gateway accordingly.

Step 3: Update Gateway Configmap

Update gateway configmap config-istio under knative-serving namespace:

kubectl edit configmap config-istio -n knative-serving

Replace the istio-ingressgateway.istio-system.svc.cluster.local field with the fully qualified url of your service.

gateway.knative-serving.knative-ingress-gateway: "istio-ingressgateway.istio-system.svc.cluster.local"

For the service above, it should be updated to:

gateway.knative-serving.knative-ingress-gateway: custom-ingressgateway.custom-ns.svc.cluster.local