Installing Security-Guard

Using Security-Guard requires that your cluster will use an enhanced queue-proxy image.

In addition, Security-Guard includes automation for auto-learning a per service Guardian. Auto-learning requires you to deploy a on your kubernetes cluster. guard-service should be installed in any namespace where you deploy knative services that require Security-Guard protection.

Before installing Security-Guard, learn

Install steps

To start this tutorial, after installing Knative Serving, run the following procedure to replace your queue-proxy image and deploy a guard-service in the current namespace.

1. Do

2. Run ko apply -Rf ./config

Use released images to update your system to enable Security-Guard:

1. Set the deployment parameter to gcr.io/knative-releases/knative.dev/security-guard/cmd/queue in the config-deployment ConfigMap.

   An easy way to do that is using:

2. Add the necessary Security-Guard resources to your cluster using: