From cfa1c09a74a343084e007ae5b5e44af294a063fd Mon Sep 17 00:00:00 2001
From: dprotaso <dprotaso@gmail.com>
Date: Tue, 18 Jun 2024 13:22:18 -0400
Subject: [PATCH] add port 443 to the listener

---
 third_party/envoy-gateway/internal.yaml | 12 ++++++++++++
 third_party/istio/300-gateway.yaml      | 12 ++++++++++++
 2 files changed, 24 insertions(+)

diff --git a/third_party/envoy-gateway/internal.yaml b/third_party/envoy-gateway/internal.yaml
index c786c94d6..5fe070207 100644
--- a/third_party/envoy-gateway/internal.yaml
+++ b/third_party/envoy-gateway/internal.yaml
@@ -43,3 +43,15 @@ spec:
     allowedRoutes:
       namespaces:
         from: All
+  # We've observed when adding and removing a listener on port 443 this
+  # causes the GKE LB to have downtime. By adding this tls listener
+  # we keep that LB port open.
+  - name: tls
+    port: 443
+    protocol: TLS
+    tls:
+      mode: Passthrough
+    allowedRoutes:
+      namespaces:
+        from: All
+
diff --git a/third_party/istio/300-gateway.yaml b/third_party/istio/300-gateway.yaml
index bfc9d7326..8c716ea31 100644
--- a/third_party/istio/300-gateway.yaml
+++ b/third_party/istio/300-gateway.yaml
@@ -29,3 +29,15 @@ spec:
     allowedRoutes:
       namespaces:
         from: All
+  # We've observed when adding and removing a listener on port 443 this
+  # causes the GKE LB to have downtime. By adding this tls listener
+  # we keep that LB port open.
+  - name: tls
+    port: 443
+    protocol: TLS
+    tls:
+      mode: Passthrough
+    allowedRoutes:
+      namespaces:
+        from: All
+