knative
/
docs
mirror of https://github.com/knative/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Guard script fix - for 1.9 (#5394) 

* identation and order fix

Signed-off-by: David Hadas <david.hadas@gmail.com>

* identation and order fix

Signed-off-by: David Hadas <david.hadas@gmail.com>

Signed-off-by: David Hadas <david.hadas@gmail.com>
This commit is contained in:
David Hadas 2023-01-26 15:46:40 +02:00 committed by GitHub
parent 98b4e656e4
commit 76d16efee9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 36 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
docs/serving/app-security/security-guard-install.md
View File

@ -164,10 +164,33 @@ It is recommended to secure the communication between queue-proxy with the `guar
Example script to install Security-Guard with TLS and Serving with Kourier using the Knative Operator. Example script to install Security-Guard with TLS and Serving with Kourier using the Knative Operator.
``` ```
kubectl apply --filename - <<EOF
apiVersion: v1
kind: Namespace
metadata:
name: knative-serving
---
apiVersion: operator.knative.dev/v1beta1
kind: KnativeServing
metadata:
name: knative-serving
namespace: knative-serving
EOF
echo "Waiting for secret to be created (CTRL-C to exit)"
while [[ -z $PEM ]]
do
echo -n "."
sleep 1
DOC=`kubectl get secret -n knative-serving knative-serving-certs -o json 2> /dev/null`
PEM=`echo $DOC | jq -r '.data."ca-cert.pem"'`
done
echo " Secret found!"
echo "Copy the certificate to file" echo "Copy the certificate to file"
ROOTCA="$(mktemp)" ROOTCA="$(mktemp)"
FILENAME=`basename $ROOTCA` FILENAME=`basename $ROOTCA`
kubectl get secret -n knative-serving knative-serving-certs -o json| jq -r '.data."ca-cert.pem"' | base64 -d > $ROOTCA echo $PEM | base64 -d > $ROOTCA
echo "Create a temporary config-deployment configmap with the certificate" echo "Create a temporary config-deployment configmap with the certificate"
CERT=`kubectl create cm config-deployment --from-file $ROOTCA -o json --dry-run=client |jq .data.\"$FILENAME\"` CERT=`kubectl create cm config-deployment --from-file $ROOTCA -o json --dry-run=client |jq .data.\"$FILENAME\"`
@ -176,33 +199,28 @@ It is recommended to secure the communication between queue-proxy with the `guar
rm $ROOTCA rm $ROOTCA
kubectl apply --filename - <<EOF kubectl apply --filename - <<EOF
apiVersion: v1
kind: Namespace
metadata:
name: knative-serving
---
apiVersion: operator.knative.dev/v1beta1 apiVersion: operator.knative.dev/v1beta1
kind: KnativeServing kind: KnativeServing
metadata: metadata:
name: knative-serving name: knative-serving
namespace: knative-serving namespace: knative-serving
spec: spec:
deployments: deployments:
- name: guard-service - name: guard-service
env: env:
- container: guard-service - container: guard-service
envVars: envVars:
- name: GUARD_SERVICE_TLS - name: GUARD_SERVICE_TLS
value: "true" value: "true"
- name: GUARD_SERVICE_AUTH - name: GUARD_SERVICE_AUTH
value: "true" value: "true"
security: security:
securityGuard: securityGuard:
enabled: true enabled: true
ingress: ingress:
kourier: kourier:
enabled: true enabled: true
config: config:
network: network:
ingress.class: "kourier.ingress.networking.knative.dev" ingress.class: "kourier.ingress.networking.knative.dev"
deployment: deployment: