12.3. Using custom domains for Knative services with Service Mesh

By default, Knative services have a fixed domain format:

 <application_name>-<namespace>.<openshift_cluster_domain>

You can customize the domain for your Knative service by configuring the service as a private service and creating the required Service Mesh resources.

Prerequisites

Install the OpenShift Serverless Operator and Knative Serving.
Install Red Hat OpenShift Service Mesh.
Complete the configuration steps in Using Service Mesh with OpenShift Serverless.
You can configure a custom domain for an existing Knative service, or create a new sample service. To create a new service, see Creating and managing serverless applications.

12.3.1. Setting cluster availability to `cluster-local`

By default, Knative services are published to a public IP address. Being published to a public IP address means that Knative services are public applications, and have a publicly accessible URL.

Publicly accessible URLs are accessible from outside of the cluster. However, developers may need to build back-end services that are only be accessible from inside the cluster, known as private services. Developers can label individual services in the cluster with the serving.knative.dev/visibility=cluster-local label to make them private.

Procedure

Set the visibility for your service by adding the serving.knative.dev/visibility=cluster-local label:
```
$ oc label ksvc <service_name> serving.knative.dev/visibility=cluster-local
```

Verification

Check that the URL for your service is now in the format http://<service_name>.<namespace>.svc.cluster.local, by entering the following command and reviewing the output:

$ oc get ksvc

Example output

NAME            URL                                                                         LATESTCREATED     LATESTREADY       READY   REASON
hello           http://hello.default.svc.cluster.local                                      hello-tx2g7       hello-tx2g7       True

12.3.2. Creating necessary Service Mesh resources

Procedure

Create an Istio gateway to accept traffic.

Create a YAML file, and copy the following YAML into it:

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: default-gateway
spec:
  selector:
    istio: ingressgateway
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "*"

Apply the YAML file:
```
$ oc apply -f <filename>
```

Create an Istio VirtualService object to rewrite the host header.

Create a YAML file, and copy the following YAML into it:

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: hello
spec:
  hosts:
  - custom-ksvc-domain.example.com
  gateways:
  - default-gateway
  http:
  - rewrite:
      authority: hello.default.svc 1
    route:
    - destination:
        host: hello.default.svc 2
        port:
          number: 80

1 2: Your Knative service in the format <service_name>.<namespace>.svc.

Apply the YAML file:
```
$ oc apply -f <filename>
```

Create an Istio ServiceEntry object. This is required for OpenShift Serverless because Kourier is outside of the service mesh.

Create a YAML file, and copy the following YAML into it:

apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
  name: hello.default.svc
spec:
  hosts:
  - hello.default.svc 1
  location: MESH_EXTERNAL
  endpoints:
  - address: kourier-internal.knative-serving-ingress.svc
  ports:
  - number: 80
    name: http
    protocol: HTTP
  resolution: DNS

1: Your Knative service in the format <service_name>.<namespace>.svc.

Apply the YAML file:
```
$ oc apply -f <filename>
```

Create an OpenShift Container Platform route that points to the VirtualService object.

Create a YAML file, and copy the following YAML into it:

apiVersion: route.openshift.io/v1
kind: Route
metadata:
  name: hello
  namespace: istio-system 1
spec:
  host: custom-ksvc-domain.example.com
  port:
    targetPort: 8080
  to:
    kind: Service
    name: istio-ingressgateway

1

The OpenShift Container Platform route must be created in the same namespace as the ServiceMeshControlPlane. In this example, the ServiceMeshControlPlane is deployed in the istio-system namespace.

Apply the YAML file:
```
$ oc apply -f <filename>
```

12.3.3. Accessing a service using your custom domain

Procedure

Access the custom domain by using the Host header in a curl request. For example:
```
$ curl -H "Host: custom-ksvc-domain.example.com" http://<ip_address>
```
where <ip_address> is the IP address that the OpenShift Container Platform ingress router is exposed to.
Example output
```
Hello OpenShift!
```

12.3.4. Additional resources

For more information about Red Hat OpenShift Service Mesh, see Understanding Red Hat OpenShift Service Mesh.

12.3. Using custom domains for Knative services with Service Mesh

12.3.1. Setting cluster availability to `cluster-local`

12.3.2. Creating necessary Service Mesh resources

12.3.3. Accessing a service using your custom domain

12.3.4. Additional resources

学习

尝试、购买和销售

社区

关于红帽文档

让开源更具包容性

關於紅帽

Red Hat legal and privacy links

Red Hat legal and privacy links

12.3. Using custom domains for Knative services with Service Mesh

12.3.1. Setting cluster availability to cluster-local

12.3.2. Creating necessary Service Mesh resources

12.3.3. Accessing a service using your custom domain

12.3.4. Additional resources

学习

尝试、购买和销售

社区

关于红帽文档

让开源更具包容性

關於紅帽

Red Hat legal and privacy links

Red Hat legal and privacy links

12.3.1. Setting cluster availability to `cluster-local`