Knative: Operator’s Handbook

Ingress Gateway

Knative requires an load balancer that understands Layer 7 traffic protocols like HTTP and gRPC.

All traffic to Knative Services go through this load balancer (even internal pod-to-pod requests).

This load balancer is used to:

By default, Knative uses Istio as the ingress gateway, which is an Envoy-based load balancer/proxy. However, you can use a custom ingress controller.

Exploring Istio ingress gateway

For example, the Kubernetes Service for a cluster-local Knative app point to the ingress gateway:

$ kubectl get svc
NAME                TYPE           CLUSTER-IP   EXTERNAL-IP
hello               ExternalName   none         cluster-local-gateway.gke-system.svc.cluster.local

You can find Istio ingress objects in istio-system namespace (or on GKE, gke-system namespace), one that is external-facing, and one for cluster-local requests:

$ kubectl get svc -n gke-system
NAME                    TYPE           CLUSTER-IP    EXTERNAL-IP
cluster-local-gateway   ClusterIP      10.4.12.131   none
istio-ingress           LoadBalancer   10.4.10.33    35.239.55.104

  1. instead of TCP-connection based load balancing Kubernetes provides ↩︎