Queue Proxy Option
This package includes glue code needed to attach a security plug such as:
as an option (extension) to Knative queue.
The package reads the service annotations from annotations file in the podInfo volume mounted by Queue Proxy. The annotations indicate if the security plug need to be activated and provide config parameters to the security plug.
The package then interact with the pluginterfaces package and the respective security gate to ensure they are properly initialized and may start serving the requests, responses and global queue proxy context.
Using Plugs
This package enables using security plugs with Queue Proxy by following these steps:
- Replace cmd/queue/main.go of serving with the code as described below.
- Create a new Queue Proxy Image
- Store the new Queue Proxy Image in an image repository
- Configure your cluster to use the new Queue Proxy Image
In order to activate guard-gate replace cmd/queue/main.go of serving with the following code:
package main
import "os"
import (
"knative.dev/serving/pkg/queue/sharedmain"
"github.com/knative-sandbox/security-guard/pkg/qpoption"
_ "github.com/knative-sandbox/security-guard/pkg/guard-gate"
)
func main() {
qOpt := qpoption.NewGateQPOption()
defer qOpt.Shutdown()
if sharedmain.Main(qOpt.Setup) != nil {
qOpt.Shutdown()
os.Exit(1)
}
}
In order to activate test-gate replace cmd/queue/main.go of serving with the following code:
package main
import "os"
import (
"knative.dev/serving/pkg/queue/sharedmain"
"github.com/knative-sandbox/security-guard/pkg/qpoption"
_ "github.com/knative-sandbox/security-guard/pkg/test-gate"
)
func main() {
qOpt := qpoption.NewGateQPOption()
defer qOpt.Shutdown()
if sharedmain.Main(qOpt.Setup) != nil {
qOpt.Shutdown()
os.Exit(1)
}
}