Closed zetaab closed 10 months ago
zetaab
commented
10 months ago seems that this is hardcoded https://github.com/knative-extensions/net-kourier/blob/ae3d06f806e041907edf15002686d3b6597e1523/pkg/config/config.go#L62 ? Is there some blockers to make that editable? Could for instance https://github.com/knative-extensions/net-kourier/commit/811897cec623e54166b13c300424bf46f062a53f work?
zetaab
commented
10 months ago looks like working:
% curl http://knativetest.domain.com
Hello hello internal!
% curl http://knativetestext.domain.com
Hello hello external!
% host knativetest.domain.com
knativetest.domain.com has address 10.x.x.x
% host knativetestext.domain.com
knativetestext.domain.com has address 193.x.x.xhttps://gist.github.com/zetaab/b45dfada89e7fa82970d554b24fe4968
internal kourier: https://gist.github.com/zetaab/01afc94a2128bb7ca46d37b66e2edc96
external kourier: https://gist.github.com/zetaab/5348d4f7f3128494c9e27a1cf97bd438
ReToCode
commented
10 months ago Knative ingress classes are a bit different from K8s. You use this setting to select between using istio, contour or kourier. So there is really no need to override an ingress class in kourier. This is also why this is hardcoded. Knative uses the constant at various places to select the correct ingress solution to configure.
zetaab
commented
10 months ago @ReToCode but my use case is to support two different incoming loadbalancer networks. So basically it means that I can run kourier only to external or internal network not both. So I need to then use istio or contour to another network. For me this sounds interesting. Or is there way to support kourier from two different loadbalancer networks?
I do understand that it might be not needed public clouds like AWS. But it is needed like in OpenStack. We need two separated installations of envoyproxy(if we just add second loadbalancer to envoyproxy from another network, it means that external can access internal resources by modifying like host name). So basically it means that this variable needs to be modified.
zetaab
commented
10 months ago seems that knative itself cannot quite easily support multiple "ingress-class". So we cannot basically have 2 different networks in same cluster. The knative controller itself does not support that. We are forced then install 2 different kubernetes clusters, one for external and one for internal.
ReToCode
commented
10 months ago Exactly, this is not something that is supported right now. It might be possible in the future when we fully support gateway-api. But for now having either two different ingress providers (is a bit a hack) or having two clusters is your only option.
Please be aware, that even with having two net-kourier instances, you would still have a shared control-plane and a shared activator component. So at least activator would still be in request-path for both your "networks".
zetaab
commented
10 months ago yeah, well I will use 2 different clusters for now. Hopefully gateway-api support will come out soon.
I do have use-case that I would like to install two isolated kourier installations to same cluster. One kourier for internal network stuff and one kourier to external network stuff. It seems that its possible to define ingress class to knative service with
networking.knative.dev/ingress-class. However, is there somekind of way to define kourier which ingress class its going to listen? So basically I am trying to do something similar than in nginx https://kubernetes.github.io/ingress-nginx/user-guide/multiple-ingress/