Skip to content
This repository has been archived by the owner on Jun 24, 2020. It is now read-only.

The serving-operator incorrectly re-initialize knative-ingress-gateway configuration #160

Open
chunlongliang-ibm opened this issue Sep 5, 2019 · 6 comments
Open

The serving-operator incorrectly re-initialize knative-ingress-gateway configuration #160

chunlongliang-ibm opened this issue Sep 5, 2019 · 6 comments

Comments

@chunlongliang-ibm
Copy link

I edit the gateway yaml to enable TLS
kubectl edit gateway -n knative-serving knative-ingress-gateway -o yaml
by adding
tls:
mode: SIMPLE
privateKey: /etc/istio/ingressgateway-certs/tls.key
serverCertificate: /etc/istio/ingressgateway-certs/tls.crt

However, after sometime, the gateway configuration is reinitialized and my update is removed.

Steps to recreate the problem:

  1. Modify Gateway

oc edit gateway knative-ingress-gateway --namespace knative-serving

e.g.

BEFORE:

  • hosts:
    • '*'
      port:
      name: https

AFTER:

  • hosts:
    • 'test'
      port:
      name: https
  1. Restart one of serving pods

e.g.

oc delete pod -n knative-serving autoscaler-64c549bcf4-vnq6h

  1. Verify Gateway again

Modified Gateway is initialized (i.e., 'test' becomes "*" again).
@chunlongliang-ibm chunlongliang-ibm mentioned this issue Sep 5, 2019
Closed
@garron
Copy link
Contributor

garron commented Sep 5, 2019

In the case of overriding the selector on the Gateway, a means is provided as part of the KnativeServing custom resource spec. Would a similar capability be useful here? Or a means to indicate that the operator shouldn't alter the gateway?

It seems challenging to provide consistent/reliable behavior while supporting both manual overrides to the Gateway and overrides configured inside the KnativeServing resource.

@nak3 nak3 mentioned this issue Sep 6, 2019
Closed
@houshengbo
Copy link

@chunlongliang-ibm
Is this config platform-specific, or your personal customization of your cluster?

You have a discussion going on with platform-specific configurations at #122. There are multiple options as candidates to implement. Mutating webhook is one of them.

@chunlongliang-ibm
Copy link
Author

@houshengbo I deploy knative serving with serving-operator in openshift (OKD), and I also need TLS enabled (and I follow the instruction to modify gateway configuration in https://github.com/knative/docs/blob/master/docs/serving/using-a-tls-cert.md). I think it is OK for my use case if serving operator implementation has option to edit gateway configuration.

@houshengbo
Copy link

@chunlongliang-ibm I guess I found a better solution to the case of knative-ingress-gateway config.

As you can see here:
https://github.com/knative/serving-operator/blob/master/config/crds/serving_v1alpha1_knativeserving_crd.yaml#L54

knative-ingress-gateway is valid property in the CRD, so when you apply the CR, you can config your knative-ingress-gateway in the CR before applying it. Then knative-ingress-gateway will be propagated into your environment.

@jcrossley3 jcrossley3 mentioned this issue Dec 6, 2019
Merged
@ghost
Copy link

ghost commented Jan 20, 2020

It seems that we can config the "selector" but not "servers" config of knative-ingress-gateway.

@eqqe eqqe mentioned this issue Jan 20, 2020
Closed
@Fabian-K Fabian-K mentioned this issue Feb 18, 2020
Open
@aliok
Copy link
Member

aliok commented Mar 2, 2020

#302 might be the solution for this ticket.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add Servers section configuration for knative-ingress-gateway
4 participants
@aliok @garron @houshengbo @chunlongliang-ibm