How to use custom certificate with knative #740
Comments
|
I think this is related https://discuss.konghq.com/t/tcpingress-how-can-i-use-it/5908 |
|
I could fix it by using apiVersion: configuration.konghq.com/v1beta1
kind: TCPIngress
metadata:
name: kong
spec:
tls:
- hosts:
- "*.default.yourdomain.com"
secretName: my-tls-domainI'm still interested in how to display the complete ingress with kubectl. |
|
You can use regular Ingress to populate TLS in Kong. Or TCPIngress, which is what you did. Or you can use Knative's Ingress resource's TLS section as well. All should work. |
How to do it with Knative? I didn't create one.
Could you give me an example? As far I can see there is no knative ingress resource. Additionally, is there any example how to redirect HTTP to HTTP2 when using knative? Thanks! |
There is:
This is something for knative folks to answer. Please open a Github issue at github.com/knative/serving.
Is that even technically possible? As far as I know, the client decides which protocol to use, the server can advertise that it supports h1 and h2. I'm not very confident here and I could very well be wrong here. |
|
@hbagdi thanks. I tried to patch it with and use kind: KongIngress
apiVersion: configuration.konghq.com/v1
metadata:
name: https-only
route:
protocols:
- https
https_redirect_status_code: 302but it has no effect.
Sry for the confusion, I mean how can I create a redirect with Kong when using Knative? |
|
@hbagdi Besides that, patching the ingress resource is not supported because services are immutable https://knative.dev/docs/serving/services/creating-services/ after that, I could see the annotations but it still has no effect on Kong :( What I am doing wrong? |
|
You are running into two separate issues and let's keep the two issues separate. For TLS certificate, you need to ensure two things:
|
|
@ZhiminXiang is our TLS guru |
|
Knative Ingress is not manually configurable as it will be reconciled by Knative Route controller (i.e. your manual configuration will be reverted by Knative controller). If you want to manually configure TLS, you have to directly configure KongIngress (if KongIngress allows the manual configuration). Alternatively, you can also try Knative auto-tls feature which automatically provision your certificates and configure the Knative Ingress to terminate the TLS connection. |
@hbagdi this is contrary.
The proposed solution doesn't support my DNS provider. Besides that, I have an issue with extending the knative route with Kong's CRD. No CRD is applied. For example, the https redirect has no effect. |
|
I can't see any tests that verify the Knative integration as promised in https://konghq.com/blog/kong-for-kubernetes-0-8-released/ |
@StarpTech you can choose HTTP01 challenge which only requires you to manually configure your custom domain to map to the IP of ingress. |
HTTP01 doesn't support wildcard certs. |
|
Alright. In that case, please use the regular Kubernetes Ingress resource for TLS certificates. You can use DNS challenge as well for wildcard certs. |
|
@hbagdi the whole point of this issue is to use Kong CRD 😄 How can you provide full knative support when SSL isn't even supported? Did you test it? |
I'm losing you. I can't understand what you are trying to get at.
So, to track back, what is it that you want to do and does not work as your expectation? |
|
Closing this due to lack of activity. Please re-open if needed. |
Hi, I use Knative with Kong ingress controller and it works great but I can't find out how to use a custom wildcard certificate with my Knative services. I'm looking for a way to configure the ingress with Kong CRD's.
Therefore I can't find any documentation on how TLS is configured at all.
The text was updated successfully, but these errors were encountered: