From 0d57fe140ef7be4fe0e0ac9295df4df9f3790431 Mon Sep 17 00:00:00 2001
From: dprotaso <dprotaso@gmail.com>
Date: Tue, 18 Jun 2024 13:22:18 -0400
Subject: [PATCH] add port 443 to the listener

---
 third_party/envoy-gateway/external.yaml | 11 +++++++++++
 third_party/istio/300-gateway.yaml      | 11 +++++++++++
 2 files changed, 22 insertions(+)

diff --git a/third_party/envoy-gateway/external.yaml b/third_party/envoy-gateway/external.yaml
index 9f6d5b863..12c5cd716 100644
--- a/third_party/envoy-gateway/external.yaml
+++ b/third_party/envoy-gateway/external.yaml
@@ -42,3 +42,14 @@ spec:
     allowedRoutes:
       namespaces:
         from: All
+  # We've observed when adding and removing a listener on port 443 this
+  # causes the GKE LB to have downtime. By adding this tls listener
+  # we keep that LB port open.
+  - name: tls
+    port: 443
+    protocol: TLS
+    tls:
+      mode: Passthrough
+    allowedRoutes:
+      namespaces:
+        from: All
diff --git a/third_party/istio/300-gateway.yaml b/third_party/istio/300-gateway.yaml
index bfc9d7326..6d0885ef6 100644
--- a/third_party/istio/300-gateway.yaml
+++ b/third_party/istio/300-gateway.yaml
@@ -29,3 +29,14 @@ spec:
     allowedRoutes:
       namespaces:
         from: All
+  # We've observed when adding and removing a listener on port 443 this
+  # causes the GKE LB to have downtime. By adding this tls listener
+  # we keep that LB port open.
+  - name: tls
+    port: 443
+    protocol: TLS
+    tls:
+      mode: Passthrough
+    allowedRoutes:
+      namespaces:
+        from: All