How can I configure Dedicated Gateway per Knative Service

[AyushChothe]

In what area(s)?

/area API
/area autoscale
/area networking

Question

Is there a way to configure a dedicated Gateway per Knative Service, instead of using a single shared Gateway for all services?

What I want

I want to specify the Gateway name via an annotation on the Knative Service, so each service can be routed through its own Gateway.

This would let me apply per-service policies, such as:

• firewall rules
• rate limiting
• access logs
• security policies

---

Desired request flow

Option 1: Shared gateway → Dedicated per-service gateway → Knative

1. The main/shared gateway receives the incoming request.

2. The request is forwarded to a dedicated gateway for that Knative Service.

3. The dedicated gateway applies per-service policies (firewall, rate limiting, etc.).

4. The request is forwarded into the Knative data plane:

   • directly to the queue-proxy (if pods are running), or
   • to the Activator (if the service is scaled to zero)

Option 2: Dedicated per-service gateway as the entrypoint → Knative

1. The incoming request goes directly to the dedicated gateway for that Knative Service.

2. The dedicated gateway applies per-service policies (firewall, rate limiting, etc.).

3. The request is forwarded into the Knative data plane:

   • directly to the queue-proxy (if pods are running), or
   • to the Activator (if the service is scaled to zero)

[mehrdadbn9]

Hi, I'd like to work on this Dedicated Gateway per Knative Service configuration. The issue asks how to configure a dedicated gateway for individual services. Could a maintainer please assign it to me? Thank you!

[dprotaso]

so each service can be routed through its own Gateway.

What networking layer are you using? Because this seems like a bit much - for example every Gateway might spin up an external LB which would be prohibitively expensive with many Knative Services.

[AyushChothe]

I'm using Cilium and Envoy Gateway. I want to use Gateway API to configure middleware gateway. I can use the same IP for each middleware gateway. I think there is something called merged gateway if I'm not mistaken.

[AyushChothe]

Knative doesn't support multiple ports right now, but we could use a dedicated gateway to open more ports on the Service and route traffic to pods based on path prefixes.