add port 443 to the listener

knative-extensions · Jun 18, 2024 · cfa1c09 · cfa1c09
1 parent a6804cc
commit cfa1c09
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 0 deletions.
diff --git a/third_party/envoy-gateway/internal.yaml b/third_party/envoy-gateway/internal.yaml
@@ -43,3 +43,15 @@ spec:
     allowedRoutes:
       namespaces:
         from: All
+  # We've observed when adding and removing a listener on port 443 this
+  # causes the GKE LB to have downtime. By adding this tls listener
+  # we keep that LB port open.
+  - name: tls
+    port: 443
+    protocol: TLS
+    tls:
+      mode: Passthrough
+    allowedRoutes:
+      namespaces:
+        from: All
+
diff --git a/third_party/istio/300-gateway.yaml b/third_party/istio/300-gateway.yaml
@@ -29,3 +29,15 @@ spec:
     allowedRoutes:
       namespaces:
         from: All
+  # We've observed when adding and removing a listener on port 443 this
+  # causes the GKE LB to have downtime. By adding this tls listener
+  # we keep that LB port open.
+  - name: tls
+    port: 443
+    protocol: TLS
+    tls:
+      mode: Passthrough
+    allowedRoutes:
+      namespaces:
+        from: All
+