Skip to content

Security-Guard monitoring quickstart

This tutorial shows how you can use Security-Guard to protect a deployed Knative Service.

Before you begin

Before starting the tutorial, make sure to install Security-Guard

Creating and deploying a service

Tip

The following commands create a helloworld-go sample Service while activating and configuring the Security-Guard extension for this Service. You can modify these commands, including changing the Security-Guard configuration for your service using either the kn CLI or changing the service yaml based on this example.

Create a sample securedService:

  1. Create a YAML file using the following example:

    apiVersion: serving.knative.dev/v1
kind: Service
metadata:
  name: helloworld-go
  namespace: default
spec:
  template:
    metadata:
        annotations:
          features.knative.dev/queueproxy-podinfo: enabled
          qpoption.knative.dev/guard-activate: enable
    spec:
      containers:
        - image: ghcr.io/knative/helloworld-go:latest
          env:
            - name: TARGET
              value: "Secured World"

  2. Apply the YAML file by running the command:

    kubectl apply -f <filename>.yaml

    Where <filename> is the name of the file you created in the previous step.

Creating a service using CLI

kn service create helloworld-go \
    --image ghcr.io/knative/helloworld-go:latest \
    --env "TARGET=Secured World" \
    --annotation features.knative.dev/queueproxy-podinfo=enabled \
    --annotation qpoption.knative.dev/guard-activate=enable

Creating a function using CLI.

Add the following deploy.annotations to your func.yaml file located in your project dir"

deploy:
  annotations:
    features.knative.dev/queueproxy-podinfo: enabled
    qpoption.knative.dev/guard-activate: enable

Deploy as you would deploy any other function

kn func deploy

After the Service has been created, Guard starts monitoring the Service Pods and all Events sent to the Service.

Continue to Security-Guard alert example to test your installation

See the Using Security-Guard section to learn about managing the security of the service

Cleanup

To remove the deployed service use:

Delete using the YAML file used to create the service by running the command:

kubectl delete -f <filename>.yaml

Where <filename> is the name of the file you created in the previous step.

kn service delete helloworld-go

To remove the Guardian of the deployed service use:

```bash
kubectl delete guardians.guard.security.knative.dev helloworld-go
```

We use analytics and cookies to understand site traffic. Information about your use of our site is shared with Google for that purpose. Learn more.

× OK