From a583172c014c9344f745bfa1f1520366da14ee09 Mon Sep 17 00:00:00 2001 From: David Hadas Date: Fri, 3 Mar 2023 22:29:30 +0200 Subject: [PATCH] Guard functions (#5448) * Documenting guard support for functions * Documenting guard support for functions * Documenting guard support for functions * per namespace setup with guard Signed-off-by: David Hadas * per namespace setup with guard Signed-off-by: David Hadas --------- Signed-off-by: David Hadas --- docs/serving/app-security/security-guard-install.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/docs/serving/app-security/security-guard-install.md b/docs/serving/app-security/security-guard-install.md index 2b2705d76..89da336c6 100644 --- a/docs/serving/app-security/security-guard-install.md +++ b/docs/serving/app-security/security-guard-install.md @@ -91,8 +91,18 @@ To start this tutorial, after installing Knative Serving, run the following proc network: ingress.class: "kourier.ingress.networking.knative.dev" EOF + + kubectl apply -f https://raw.githubusercontent.com/knative-sandbox/security-guard/release-0.4/config/resources/gateAccount.yaml ``` +## Per Namespace Setup + +In order to deploy guard protected services in a namespace, provide `guard-gate` with the necessary permissions on each namespace used: + +``` +kubectl apply -f https://raw.githubusercontent.com/knative-sandbox/security-guard/release-0.4/config/resources/gateAccount.yaml +``` + ## Additional Production Configuration It is recommended to secure the communication between queue-proxy with the `guard-service` using one of the following methods: