Security-Guard monitoring quickstart¶
This tutorial shows how you can use Security-Guard to protect a deployed Knative Service.
Before you begin¶
Before starting the tutorial, make sure to install Security-Guard
Creating and deploying a service¶
Tip
The following commands create a helloworld-go sample Service while activating and configuring the Security-Guard extension for this Service. You can modify these commands, including changing the Security-Guard configuration for your service using either the kn CLI or changing the service yaml based on this example.
Create a sample securedService:
-
Create a YAML file using the following example:
apiVersion: serving.knative.dev/v1 kind: Service metadata: name: helloworld-go namespace: default spec: template: metadata: annotations: features.knative.dev/queueproxy-podinfo: enabled qpoption.knative.dev/guard-activate: enable spec: containers: - image: gcr.io/knative-samples/helloworld-go env: - name: TARGET value: "Secured World" -
Apply the YAML file by running the command:
kubectl apply -f <filename>.yamlWhere
<filename>is the name of the file you created in the previous step.
kn service create helloworld-go \
--image gcr.io/knative-samples/helloworld-go \
--env "TARGET=Secured World" \
--annotation features.knative.dev/queueproxy-podinfo=enabled \
--annotation qpoption.knative.dev/guard-activate=enable
After the Service has been created, Guard starts monitoring the Service Pods and all Events sent to the Service.
Continue to Security-Guard alert example to test your installation
See the Using Security-Guard section to learn about managing the security of the service
Cleanup¶
To remove the deployed service use:
Delete using the YAML file used to create the service by running the command:
kubectl delete -f <filename>.yaml
Where <filename> is the name of the file you created in the previous step.
kn service delete helloworld-go
To remove the Guardian of the deployed service use:
```bash
kubectl delete guardians.guard.security.knative.dev helloworld-go
```