Assigning a static IP address for Knative on Kubernetes Engine

If you are running Knative on Google Kubernetes Engine and want to use a custom domain with your apps, you need to configure a static IP address to ensure that your custom domain mapping doesn’t break.

Knative configures an Istio Gateway CRD named knative-ingress-gateway under the knative-serving namespace to serve all incoming traffic within the Knative service mesh. The IP address to access the gateway is the external IP address of the “istio-ingressgateway” service under the istio-system namespace. Therefore, in order to set a static IP for the gateway you must to set the external IP address of the istio-ingressgateway service to a static IP.

If you have configured a custom ingress gateway, replace istio-ingressgateway with the name of your gateway service in the steps below.

Step 1: Reserve a static IP address

You can reserve a regional static IP address using the Google Cloud SDK or the Google Cloud Platform console.

Using the Google Cloud SDK:

  1. Enter the following command, replacing IP_NAME and REGION with appropriate values. For example, select the us-west1 region if you deployed your cluster to the us-west1-c zone:

    gcloud beta compute addresses create IP_NAME --region=REGION

    For example:

    gcloud beta compute addresses create knative-ip --region=us-west1
  2. Enter the following command to get the newly created static IP address:

    gcloud beta compute addresses list

In the GCP console:

  1. Enter a name for your static address.
  2. For IP version, choose IPv4.
  3. For Type, choose Regional.
  4. From the Region drop-down, choose the region where your Knative cluster is running.

    For example, select the us-west1 region if you deployed your cluster to the us-west1-c zone.

  5. Leave the Attached To field set to None since we’ll attach the IP address through a config-map later.

  6. Copy the External Address of the static IP you created.

Step 2: Update the external IP of istio-ingressgateway service

Run following command to configure the external IP of the istio-ingressgateway service to the static IP that you reserved:

# In Knative 0.2.x and prior versions, the `knative-ingressgateway` service was used instead of `istio-ingressgateway`.
INGRESSGATEWAY=knative-ingressgateway

# The use of `knative-ingressgateway` is deprecated in Knative v0.3.x.
# Use `istio-ingressgateway` instead, since `knative-ingressgateway`
# will be removed in Knative v0.4.
if kubectl get configmap config-istio -n knative-serving &> /dev/null; then
    INGRESSGATEWAY=istio-ingressgateway
fi

kubectl patch svc $INGRESSGATEWAY --namespace istio-system --patch '{"spec": { "loadBalancerIP": "<your-reserved-static-ip>" }}'

Step 3: Verify the static IP address of istio-ingressgateway service

Run the following command to ensure that the external IP of the ingressgateway service has been updated:

kubectl get svc $INGRESSGATEWAY --namespace istio-system

The output should show the assigned static IP address under the EXTERNAL-IP column:

NAME                     TYPE           CLUSTER-IP      EXTERNAL-IP     PORT(S)                                      AGE
xxxxxxx-ingressgateway   LoadBalancer   12.34.567.890   98.765.43.210   80:32380/TCP,443:32390/TCP,32400:32400/TCP   5m

Note: Updating the external IP address can take several minutes.


Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License.

Last modified 01.01.0001