Add instruction for custom istio gateway (#3802)

* Add instruction for custom istio gateway This patch adds the instruction to use custom Istio Gateway. Current doc has a similar instruction "customize Istio Gateway Service". This doc is very similar but for "customize Istio Gateway". * Fix format * Update docs/serving/setting-up-custom-ingress-gateway.md Co-authored-by: Samia Nneji <snneji@vmware.com> * Update docs/serving/setting-up-custom-ingress-gateway.md Co-authored-by: Samia Nneji <snneji@vmware.com> * Update docs/serving/setting-up-custom-ingress-gateway.md Co-authored-by: Samia Nneji <snneji@vmware.com> * Update docs/serving/setting-up-custom-ingress-gateway.md Co-authored-by: Samia Nneji <snneji@vmware.com> * Update docs/serving/setting-up-custom-ingress-gateway.md Co-authored-by: Samia Nneji <snneji@vmware.com> * Update docs/serving/setting-up-custom-ingress-gateway.md Co-authored-by: Samia Nneji <snneji@vmware.com> * Update docs/serving/setting-up-custom-ingress-gateway.md Co-authored-by: Samia Nneji <snneji@vmware.com> * Update docs/serving/setting-up-custom-ingress-gateway.md Co-authored-by: Samia Nneji <snneji@vmware.com> * Update docs/serving/setting-up-custom-ingress-gateway.md Co-authored-by: Samia Nneji <snneji@vmware.com> * use list format * Use add instead of replace Co-authored-by: Samia Nneji <snneji@vmware.com>
2021-07-07 23:02:18 +09:00 · 2021-07-07 23:02:18 +09:00 · be72eae9bb
parent 73fb07f1fd
commit be72eae9bb
1 changed files with 105 additions and 30 deletions
--- a/docs/serving/setting-up-custom-ingress-gateway.md
+++ b/docs/serving/setting-up-custom-ingress-gateway.md
@ -11,9 +11,11 @@ Knative uses a shared ingress Gateway to serve all incoming traffic within
 Knative service mesh, which is the `knative-ingress-gateway` Gateway under
 the `knative-serving` namespace. By default, we use Istio gateway service
 `istio-ingressgateway` under `istio-system` namespace as its underlying service.
-You can replace the service with that of your own as follows.
+You can replace the service and the gateway with that of your own as follows.

-## Step 1: Create Gateway Service and Deployment Instance
+## Replace the default `istio-ingressgateway` service
+
+### Step 1: Create the gateway service and deployment instance

 You'll need to create the gateway service and deployment instance to handle
 traffic first. Let's say you customized the default `istio-ingressgateway` to
@ -23,21 +25,6 @@ traffic first. Let's say you customized the default `istio-ingressgateway` to
 apiVersion: install.istio.io/v1alpha1
 kind: IstioOperator
 spec:
-  values:
-    global:
-      proxy:
-        autoInject: disabled
-      useMCP: false
-      # The third-party-jwt is not enabled on all k8s.
-      # See: https://istio.io/docs/ops/best-practices/security/#configure-third-party-service-account-tokens
-      jwtPolicy: first-party-jwt
-
-  addonComponents:
-    pilot:
-      enabled: true
-    prometheus:
-      enabled: false
-
  components:
    ingressGateways:
      - name: custom-ingressgateway
@ -47,7 +34,7 @@ spec:
          istio: custom-gateway
 ```

-## Step 2: Update Knative Gateway
+### Step 2: Update the Knative gateway

 Update gateway instance `knative-ingress-gateway` under `knative-serving`
 namespace:
@ -71,24 +58,112 @@ istio: custom-gateway
 If there is a change in service ports (compared with that of
 `istio-ingressgateway`), update the port info in the gateway accordingly.

-## Step 3: Update Gateway Configmap
+### Step 3: Update the gateway ConfigMap

-Update gateway configmap `config-istio` under `knative-serving`
+1. Update gateway configmap `config-istio` under `knative-serving`
 namespace:

-```bash
-kubectl edit configmap config-istio -n knative-serving
-```
+     ```bash
+     kubectl edit configmap config-istio -n knative-serving
+     ```

-Replace the `istio-ingressgateway.istio-system.svc.cluster.local` field with
+     This command opens your default text editor and allows you to edit the config-istio ConfigMap.
+
+     ```yaml
+     apiVersion: v1
+     data:
+       _example: |
+         ################################
+         #                              #
+         #    EXAMPLE CONFIGURATION     #
+         #                              #
+         ################################
+         # ...
+         gateway.knative-serving.knative-ingress-gateway: "istio-ingressgateway.istio-system.svc.cluster.local"
+     ```
+
+1. Edit the file to add the `gateway.knative-serving.knative-ingress-gateway: <ingress_name>.<ingress_namespace>.svc.cluster.local` field with
 the fully qualified url of your service.
-
-```
-gateway.knative-serving.knative-ingress-gateway: "istio-ingressgateway.istio-system.svc.cluster.local"
-```
-
 For the service above, it should be updated to:

+     ```yaml
+     apiVersion: v1
+     data:
+       gateway.knative-serving.knative-ingress-gateway: custom-ingressgateway.custom-ns.svc.cluster.local
+     kind: ConfigMap
+     [...]
+     ```
+
+## Replace the `knative-ingress-gateway` gateway
+
+We customized the gateway service so far, but we may also want to use our own gateway.
+We can replace the default gateway with our own gateway with following steps.
+
+### Step 1: Create the gateway
+
+Let's say you replace the default `knative-ingress-gateway` gateway with
+`knative-custom-gateway` in `custom-ns`.
+First, we create the `knative-custom-gateway` gateway.
+
 ```
-gateway.knative-serving.knative-ingress-gateway: custom-ingressgateway.custom-ns.svc.cluster.local
+cat <<EOF | kubectl apply -f -
+apiVersion: networking.istio.io/v1alpha3
+kind: Gateway
+metadata:
+  name: knative-custom-gateway
+  namespace: custom-ns
+spec:
+  selector:
+    istio: ingressgateway
+  servers:
+  - port:
+      number: 80
+      name: http
+      protocol: HTTP
+    hosts:
+    - "*"
+EOF
 ```
+
+!!! note
+    Replace the label selector `istio: ingressgateway` with the label of your service.
+
+### Step 2: Update the gateway ConfigMap
+
+1. Update gateway configmap `config-istio` under `knative-serving`
+namespace:
+
+     ```bash
+     kubectl edit configmap config-istio -n knative-serving
+     ```
+
+     This command opens your default text editor and allows you to edit the config-istio ConfigMap.
+
+     ```yaml
+     apiVersion: v1
+     data:
+       _example: |
+         ################################
+         #                              #
+         #    EXAMPLE CONFIGURATION     #
+         #                              #
+         ################################
+         # ...
+         gateway.knative-serving.knative-ingress-gateway: "istio-ingressgateway.istio-system.svc.cluster.local"
+     ```
+
+1. Edit the file to add the `gateway.<gateway-namespace>.<gateway-name>: istio-ingressgateway.istio-system.svc.cluster.local` field with
+the customized gateway.
+For the gateway above, it should be updated to:
+
+     ```yaml
+     apiVersion: v1
+     data:
+       gateway.custom-ns.knative-custom-gateway: "istio-ingressgateway.istio-system.svc.cluster.local"
+     kind: ConfigMap
+     [...]
+     ```
+
+The configuration format should be `gateway.<gateway-namespace>.<gateway-name>`.
+`<gateway-namespace>` is optional. When it is omitted, the system searches for
+the gateway in the serving system namespace `knative-serving`.