How can I configure Dedicated Gateway per Knative Service #16394
Description
In what area(s)?
/area API
/area autoscale
/area networking
Question
Is there a way to configure a dedicated Gateway per Knative Service, instead of using a single shared Gateway for all services?
What I want
I want to specify the Gateway name via an annotation on the Knative Service, so each service can be routed through its own Gateway.
This would let me apply per-service policies, such as:
- firewall rules
- rate limiting
- access logs
- security policies
Desired request flow
Option 1: Shared gateway → Dedicated per-service gateway → Knative
-
The main/shared gateway receives the incoming request.
-
The request is forwarded to a dedicated gateway for that Knative Service.
-
The dedicated gateway applies per-service policies (firewall, rate limiting, etc.).
-
The request is forwarded into the Knative data plane:
- directly to the queue-proxy (if pods are running), or
- to the Activator (if the service is scaled to zero)
Option 2: Dedicated per-service gateway as the entrypoint → Knative
-
The incoming request goes directly to the dedicated gateway for that Knative Service.
-
The dedicated gateway applies per-service policies (firewall, rate limiting, etc.).
-
The request is forwarded into the Knative data plane:
- directly to the queue-proxy (if pods are running), or
- to the Activator (if the service is scaled to zero)