Open braunsonm opened 5 months ago
This issue is stale because it has been open for 90 days with no
activity. It will automatically close after 30 more days of
inactivity. Reopen the issue with /reopen
. Mark the issue as
fresh by adding the comment /remove-lifecycle stale
.
/remove-lifecycle stale
cc @ReToCode may have more to add here.
I don't think we support that combination. Knative will create dynamic gateways for configuration with TLS for istio. I don't think you can mix that with a static custom Gateway. IMHO, If you want need to do that, you must not use the Knative TLS features but handle this on your custom gateway on your own.
/area networking
What version of Knative?
1.12.3
Expected Behavior
Enabling this option with a custom Istio gateway should simply keep the
custom-namespace.custom-gateway
in theVirtualService
so that requests coming in on 443 will match.Actual Behavior
When enabling
network.http-protocol=Redirected
, Knative Serving will create a customGateway
for every service to sethttpRedirect
. This way requests are immediately redirected to port 443. The problem is when this setting is enabled it replaces the custom Istio ingress gateway with the app-specific ingress gateway that is only configured with port 80, and not the custom gateway that may have been configured with TLS certificates.This means all requests to your app after the redirect will 404.
Steps to Reproduce the Problem
http-protocol=Redirected