Guard script fix - for 1.9 (#5394)

* identation and order fix Signed-off-by: David Hadas <david.hadas@gmail.com> * identation and order fix Signed-off-by: David Hadas <david.hadas@gmail.com> Signed-off-by: David Hadas <david.hadas@gmail.com>
2023-01-26 15:46:40 +02:00 · 2023-01-26 15:46:40 +02:00 · 76d16efee9
parent 98b4e656e4
commit 76d16efee9
1 changed files with 36 additions and 18 deletions
--- a/docs/serving/app-security/security-guard-install.md
+++ b/docs/serving/app-security/security-guard-install.md
@ -164,10 +164,33 @@ It is recommended to secure the communication between queue-proxy with the `guar
    Example script to install Security-Guard with TLS and Serving with Kourier using the Knative Operator.

    ```
+    kubectl apply --filename - <<EOF
+    apiVersion: v1
+    kind: Namespace
+    metadata:
+      name: knative-serving
+    ---
+    apiVersion: operator.knative.dev/v1beta1
+    kind: KnativeServing
+    metadata:
+      name: knative-serving
+      namespace: knative-serving
+    EOF
+
+    echo "Waiting for secret to be created (CTRL-C to exit)"
+    while [[ -z $PEM ]]
+    do
+      echo -n "."
+      sleep 1
+      DOC=`kubectl get secret -n knative-serving knative-serving-certs -o json 2> /dev/null`
+      PEM=`echo $DOC | jq -r '.data."ca-cert.pem"'`
+    done
+    echo " Secret found!"
+
    echo "Copy the certificate to file"
    ROOTCA="$(mktemp)"
    FILENAME=`basename $ROOTCA`
-    kubectl get secret -n knative-serving knative-serving-certs -o json| jq -r '.data."ca-cert.pem"' | base64 -d >  $ROOTCA
+    echo $PEM | base64 -d >  $ROOTCA

    echo "Create a temporary config-deployment configmap with the certificate"
    CERT=`kubectl create cm config-deployment --from-file $ROOTCA -o json --dry-run=client |jq .data.\"$FILENAME\"`
@ -176,33 +199,28 @@ It is recommended to secure the communication between queue-proxy with the `guar
    rm $ROOTCA

    kubectl apply --filename - <<EOF
-    apiVersion: v1
-    kind: Namespace
-    metadata:
-    name: knative-serving
-    ---
    apiVersion: operator.knative.dev/v1beta1
    kind: KnativeServing
    metadata:
-    name: knative-serving
-    namespace: knative-serving
+      name: knative-serving
+      namespace: knative-serving
    spec:
-    deployments:
-    - name: guard-service
+      deployments:
+      - name: guard-service
        env:
        - container: guard-service
-        envVars:
-        - name: GUARD_SERVICE_TLS
+          envVars:
+          - name: GUARD_SERVICE_TLS
            value: "true"
-        - name: GUARD_SERVICE_AUTH
+          - name: GUARD_SERVICE_AUTH
            value: "true"
-    security:
+      security:
        securityGuard:
-        enabled: true
-    ingress:
+          enabled: true
+      ingress:
        kourier:
-        enabled: true
-    config:
+          enabled: true
+      config:
        network:
          ingress.class: "kourier.ingress.networking.knative.dev"
        deployment: