Security-Guard monitoring quickstart¶
This tutorial shows how you can use Security-Guard to protect a deployed Knative Service.
Before you begin¶
Before starting the tutorial, make sure to install Security-Guard
Creating and deploying a service¶
The following commands create a
helloworld-go sample Service while activating and configuring the Security-Guard extension for this Service. You can modify these commands, including changing the Security-Guard configuration for your service using either the
kn CLI or changing the service yaml based on this example.
Create a sample securedService:
Create a YAML file using the following example:
apiVersion: serving.knative.dev/v1 kind: Service metadata: name: helloworld-go namespace: default spec: template: metadata: annotations: features.knative.dev/queueproxy-podinfo: enabled qpoption.knative.dev/guard-activate: enable spec: containers: - image: ghcr.io/knative/helloworld-go:latest env: - name: TARGET value: "Secured World"
Apply the YAML file by running the command:
kubectl apply -f <filename>.yaml
<filename>is the name of the file you created in the previous step.
Creating a service using CLI
kn service create helloworld-go \ --image ghcr.io/knative/helloworld-go:latest \ --env "TARGET=Secured World" \ --annotation features.knative.dev/queueproxy-podinfo=enabled \ --annotation qpoption.knative.dev/guard-activate=enable
Creating a function using CLI.
Add the following
deploy.annotations to your
func.yaml file located in your project dir"
deploy: annotations: features.knative.dev/queueproxy-podinfo: enabled qpoption.knative.dev/guard-activate: enable
Deploy as you would deploy any other function
kn func deploy
After the Service has been created, Guard starts monitoring the Service Pods and all Events sent to the Service.
Continue to Security-Guard alert example to test your installation
See the Using Security-Guard section to learn about managing the security of the service
To remove the deployed service use:
Delete using the YAML file used to create the service by running the command:
kubectl delete -f <filename>.yaml
<filename> is the name of the file you created in the previous step.
kn service delete helloworld-go
To remove the Guardian of the deployed service use:
```bash kubectl delete guardians.guard.security.knative.dev helloworld-go ```