TLS (HTTPS) Termination
Knative’s default ingress controller does not let you configure HTTPS for your external-facing apps.
So by default, when you expose a Knative service, it's HTTP-only, and therefore insecure. But you have several options.
Knative currently does not support using your own TLS certificate/key pair to terminate public HTTPS traffic on the gateway1. This is simply because:
Not all Knative users use the default gateway (Istio), and there are other ingress controllers
In this case, you will have to configure your ingress controller directly with your own certificates. Most ingress controllers let you do that when you import your TLS cert/key pair to Kubernetes as Secret, however, you need to understand their implications and production-readiness.
Warning: Recommendations below are mostly hacky and may not be production ready.
Istio: You need to create a custom
VirtualService(as you can't overwrite the one generated by Knative controller) to do this.
Kourier: Supports TLS termination but not (yet) custom domain mappings.
Gloo: Normally supports TLS termination, however if you update the auto-created
VirtualServiceobject, the changes will be undone during sync.