Security-Guard monitoring quickstart

This tutorial shows how you can use Security-Guard to protect a deployed Knative Service.

Before you begin

Before starting the tutorial, make sure to install Security-Guard

Creating and deploying a service

Tip

The following commands create a helloworld-go sample Service while activating and configuring the Security-Guard extension for this Service. You can modify these commands, including changing the Security-Guard configuration for your service using either the kn CLI or changing the service yaml based on this example.

Create a sample securedService:

Apply YAMLkn services CLIkn func CLI

  1. Create a YAML file using the following example:

    1. apiVersion: serving.knative.dev/v1
    2. kind: Service
    3. metadata:
    4.   name: helloworld-go
    5.   namespace: default
    6. spec:
    7.   template:
    8.     metadata:
    9.         annotations:
    10.           features.knative.dev/queueproxy-podinfo: enabled
    11.           qpoption.knative.dev/guard-activate: enable
    12.     spec:
    13.       containers:
    14.         - image: ghcr.io/knative/helloworld-go:latest
    15.           env:
    16.             - name: TARGET
    17.               value: "Secured World"

  2. Apply the YAML file by running the command:

    1. kubectl apply -f <filename>.yaml

    Where <filename> is the name of the file you created in the previous step.

Creating a service using CLI

  1. kn service create helloworld-go \
  2.     --image ghcr.io/knative/helloworld-go:latest \
  3.     --env "TARGET=Secured World" \
  4.     --annotation features.knative.dev/queueproxy-podinfo=enabled \
  5.     --annotation qpoption.knative.dev/guard-activate=enable

Creating a function using CLI.

Add the following deploy.annotations to your func.yaml file located in your project dir”

  1. deploy:
  2.   annotations:
  3.     features.knative.dev/queueproxy-podinfo: enabled
  4.     qpoption.knative.dev/guard-activate: enable

Deploy as you would deploy any other function

  1. kn func deploy

After the Service has been created, Guard starts monitoring the Service Pods and all Events sent to the Service.

Continue to Security-Guard alert example to test your installation

See the Using Security-Guard section to learn about managing the security of the service

Cleanup

To remove the deployed service use:

Apply YAMLkn CLI

Delete using the YAML file used to create the service by running the command:

  1. kubectl delete -f <filename>.yaml

Where <filename> is the name of the file you created in the previous step.

  1. kn service delete helloworld-go

To remove the Guardian of the deployed service use:

  1. ```bash
  2. kubectl delete guardians.guard.security.knative.dev helloworld-go
  3. ```