我的书签
添加书签
移除书签Security-Guard monitoring quickstart
This tutorial shows how you can use Security-Guard to protect a deployed Knative Service.
Before you begin
Before starting the tutorial, make sure to install Security-Guard
Creating and deploying a service
Tip
The following commands create a helloworld-go sample Service while activating and configuring the Security-Guard extension for this Service. You can modify these commands, including changing the Security-Guard configuration for your service using either the kn CLI or changing the service yaml based on this example.
Create a sample securedService:
Apply YAMLkn CLI
Create a YAML file using the following example:
apiVersion: serving.knative.dev/v1kind: Servicemetadata:name: helloworld-gonamespace: defaultspec:template:metadata:annotations:features.knative.dev/queueproxy-podinfo: enabledqpoption.knative.dev/guard-activate: enablespec:containers:- image: gcr.io/knative-samples/helloworld-goenv:- name: TARGETvalue: "Secured World"
Apply the YAML file by running the command:
kubectl apply -f <filename>.yaml
Where
<filename>is the name of the file you created in the previous step.
kn service create helloworld-go \--image gcr.io/knative-samples/helloworld-go \--env "TARGET=Secured World" \--annotation features.knative.dev/queueproxy-podinfo=enabled \--annotation qpoption.knative.dev/guard-activate=enable
After the Service has been created, Guard starts monitoring the Service Pods and all Events sent to the Service.
Continue to Security-Guard alert example to test your installation
See the Using Security-Guard section to learn about managing the security of the service
Cleanup
To remove the deployed service use:
Apply YAMLkn CLI
Delete using the YAML file used to create the service by running the command:
kubectl delete -f <filename>.yaml
Where <filename> is the name of the file you created in the previous step.
kn service delete helloworld-go
To remove the Guardian of the deployed service use:
```bashkubectl delete guardians.guard.security.knative.dev helloworld-go```
