Skip to content

fix(devbox-bundled): drop leftover istio refs so k3s applies the knative manifest #7334

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
pingsutw wants to merge 3 commits into
base: main
Choose a base branch
from
Open

fix(devbox-bundled): drop leftover istio refs so k3s applies the knative manifest #7334

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
e760bc9
fix(devbox-bundled): remove leftover istio refs from knative manifests
pingsutw May 1, 2026
dbb7ffb
nit
pingsutw May 1, 2026
ec49393
Merge branch 'main' into fix-devbox-istio-leftover
pingsutw Jun 27, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
48 changes: 47 additions & 1 deletion docker/devbox-bundled/kustomize/complete/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,52 @@ patches:
name: net-istio-controller
namespace: knative-serving
$patch: delete
- patch: |-
apiVersion: v1
kind: ConfigMap
metadata:
name: config-istio
namespace: knative-serving

@pingsutw pingsutw Jun 27, 2026

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Failed to start the devbox sometimes if I don't remove this. It's safe to remove anyway since we never use it

data:
local-gateway.knative-serving.knative-local-gateway: kourier-internal.kourier-system.svc.cluster.local
- patch: |-
apiVersion: v1
kind: Service
metadata:
name: knative-local-gateway
namespace: istio-system
$patch: delete
- patch: |-
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: knative-local-gateway
namespace: knative-serving
$patch: delete
- patch: |-
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: knative-ingress-gateway
namespace: knative-serving
$patch: delete
Comment thread
pingsutw marked this conversation as resolved.
# net-istio also renders two PeerAuthentication CRs (security.istio.io); the
# istio CRDs aren't installed in this kourier devbox, so without these deletes
# k3s fails the whole flyte.yaml addon and the cluster never goes ready.
- patch: |-
apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication
metadata:
name: net-istio-webhook
namespace: knative-serving
$patch: delete
- patch: |-
apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication
metadata:
name: webhook
namespace: knative-serving
$patch: delete
- target:
kind: Pod
name: rustfs-test-connection
Expand Down Expand Up @@ -127,4 +173,4 @@ patches:
readOnlyRootFilesystem: true
volumeMounts:
- mountPath: /data
name: data
name: data
48 changes: 47 additions & 1 deletion docker/devbox-bundled/kustomize/dev/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,52 @@ patches:
name: net-istio-controller
namespace: knative-serving
$patch: delete
- patch: |-
apiVersion: v1
kind: ConfigMap
metadata:
name: config-istio
namespace: knative-serving
data:
local-gateway.knative-serving.knative-local-gateway: kourier-internal.kourier-system.svc.cluster.local
- patch: |-
apiVersion: v1
kind: Service
metadata:
name: knative-local-gateway
namespace: istio-system
$patch: delete
- patch: |-
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: knative-local-gateway
namespace: knative-serving
$patch: delete
- patch: |-
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: knative-ingress-gateway
namespace: knative-serving
$patch: delete
Comment thread
pingsutw marked this conversation as resolved.
# net-istio also renders two PeerAuthentication CRs (security.istio.io); the
# istio CRDs aren't installed in this kourier devbox, so without these deletes
# k3s fails the whole flyte.yaml addon and the cluster never goes ready.
- patch: |-
Comment on lines +113 to +116
apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication
metadata:
name: net-istio-webhook
namespace: knative-serving
$patch: delete
- patch: |-
apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication
metadata:
name: webhook
namespace: knative-serving
$patch: delete
- target:
kind: Pod
name: rustfs-test-connection
Expand Down Expand Up @@ -117,4 +163,4 @@ patches:
readOnlyRootFilesystem: true
volumeMounts:
- mountPath: /data
name: data
name: data
103 changes: 1 addition & 102 deletions docker/devbox-bundled/manifests/complete.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7997,7 +7997,7 @@ metadata:
---
apiVersion: v1
data:
local-gateway.knative-serving.knative-local-gateway: knative-local-gateway.istio-system.svc.cluster.local
local-gateway.knative-serving.knative-local-gateway: kourier-internal.kourier-system.svc.cluster.local
kind: ConfigMap
metadata:
labels:
Expand Down Expand Up @@ -8296,29 +8296,6 @@ spec:
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: net-istio
app.kubernetes.io/name: knative-serving
app.kubernetes.io/version: 1.18.1
experimental.istio.io/disable-gateway-port-translation: "true"
networking.knative.dev/ingress-provider: istio
name: knative-local-gateway
namespace: istio-system
spec:
ports:
- name: http2
port: 80
targetPort: 8081
- name: https
port: 443
targetPort: 8444
selector:
istio: ingressgateway
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
labels:
app: activator
Expand Down Expand Up @@ -9434,48 +9411,6 @@ spec:
- data-plane.knative.dev
secretName: routing-serving-certs
---
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
labels:
app.kubernetes.io/component: net-istio
app.kubernetes.io/name: knative-serving
app.kubernetes.io/version: 1.18.1
networking.knative.dev/ingress-provider: istio
name: knative-ingress-gateway
namespace: knative-serving
spec:
selector:
istio: ingressgateway
servers:
- hosts:
- '*'
port:
name: http
number: 80
protocol: HTTP
---
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
labels:
app.kubernetes.io/component: net-istio
app.kubernetes.io/name: knative-serving
app.kubernetes.io/version: 1.18.1
networking.knative.dev/ingress-provider: istio
name: knative-local-gateway
namespace: knative-serving
spec:
selector:
istio: ingressgateway
servers:
- hosts:
- '*'
port:
name: http
number: 8081
protocol: HTTP
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
Expand Down Expand Up @@ -9582,42 +9517,6 @@ spec:
path: /
pathType: Prefix
---
apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication
metadata:
labels:
app.kubernetes.io/component: net-istio
app.kubernetes.io/name: knative-serving
app.kubernetes.io/version: 1.18.1
networking.knative.dev/ingress-provider: istio
name: net-istio-webhook
namespace: knative-serving
spec:
portLevelMtls:
"8443":
mode: PERMISSIVE
selector:
matchLabels:
app: net-istio-webhook
---
apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication
metadata:
labels:
app.kubernetes.io/component: net-istio
app.kubernetes.io/name: knative-serving
app.kubernetes.io/version: 1.18.1
networking.knative.dev/ingress-provider: istio
name: webhook
namespace: knative-serving
spec:
portLevelMtls:
"8443":
mode: PERMISSIVE
selector:
matchLabels:
app: webhook
---
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
Expand Down
103 changes: 1 addition & 102 deletions docker/devbox-bundled/manifests/dev.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7678,7 +7678,7 @@ metadata:
---
apiVersion: v1
data:
local-gateway.knative-serving.knative-local-gateway: knative-local-gateway.istio-system.svc.cluster.local
local-gateway.knative-serving.knative-local-gateway: kourier-internal.kourier-system.svc.cluster.local
kind: ConfigMap
metadata:
labels:
Expand Down Expand Up @@ -7930,29 +7930,6 @@ spec:
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: net-istio
app.kubernetes.io/name: knative-serving
app.kubernetes.io/version: 1.18.1
experimental.istio.io/disable-gateway-port-translation: "true"
networking.knative.dev/ingress-provider: istio
name: knative-local-gateway
namespace: istio-system
spec:
ports:
- name: http2
port: 80
targetPort: 8081
- name: https
port: 443
targetPort: 8444
selector:
istio: ingressgateway
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
labels:
app: activator
Expand Down Expand Up @@ -8924,48 +8901,6 @@ spec:
- data-plane.knative.dev
secretName: routing-serving-certs
---
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
labels:
app.kubernetes.io/component: net-istio
app.kubernetes.io/name: knative-serving
app.kubernetes.io/version: 1.18.1
networking.knative.dev/ingress-provider: istio
name: knative-ingress-gateway
namespace: knative-serving
spec:
selector:
istio: ingressgateway
servers:
- hosts:
- '*'
port:
name: http
number: 80
protocol: HTTP
---
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
labels:
app.kubernetes.io/component: net-istio
app.kubernetes.io/name: knative-serving
app.kubernetes.io/version: 1.18.1
networking.knative.dev/ingress-provider: istio
name: knative-local-gateway
namespace: knative-serving
spec:
selector:
istio: ingressgateway
servers:
- hosts:
- '*'
port:
name: http
number: 8081
protocol: HTTP
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
Expand Down Expand Up @@ -9049,42 +8984,6 @@ spec:
path: /
pathType: Prefix
---
apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication
metadata:
labels:
app.kubernetes.io/component: net-istio
app.kubernetes.io/name: knative-serving
app.kubernetes.io/version: 1.18.1
networking.knative.dev/ingress-provider: istio
name: net-istio-webhook
namespace: knative-serving
spec:
portLevelMtls:
"8443":
mode: PERMISSIVE
selector:
matchLabels:
app: net-istio-webhook
---
apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication
metadata:
labels:
app.kubernetes.io/component: net-istio
app.kubernetes.io/name: knative-serving
app.kubernetes.io/version: 1.18.1
networking.knative.dev/ingress-provider: istio
name: webhook
namespace: knative-serving
spec:
portLevelMtls:
"8443":
mode: PERMISSIVE
selector:
matchLabels:
app: webhook
---
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
Expand Down
Loading