bug fix (#254)

Co-authored-by: David Hadas <[email protected]>

KUBERNETES.md

@@ -173,12 +173,12 @@ ko apply -f ./config/deploy/guard-service.yaml
 ### Install guard-service from released images and yamls
 
 ```sh
-kubectl apply -f https://raw.githubusercontent.com/knative-sandbox/security-guard/release-0.5/config/resources/gateAccount.yaml
-kubectl apply -f https://raw.githubusercontent.com/knative-sandbox/security-guard/release-0.5/config/resources/serviceAccount.yaml
-kubectl apply -f https://raw.githubusercontent.com/knative-sandbox/security-guard/release-0.5/config/resources/guardiansCrd.yaml
+kubectl apply -f https://raw.githubusercontent.com/knative-sandbox/security-guard/release-0.6/config/resources/gateAccount.yaml
+kubectl apply -f https://raw.githubusercontent.com/knative-sandbox/security-guard/release-0.6/config/resources/serviceAccount.yaml
+kubectl apply -f https://raw.githubusercontent.com/knative-sandbox/security-guard/release-0.6/config/resources/guardiansCrd.yaml
 
-kubectl apply -f https://github.com/knative-sandbox/security-guard/releases/download/v0.5.0/create-knative-secrets.yaml
-kubectl apply -f https://github.com/knative-sandbox/security-guard/releases/download/v0.5.0/guard-service.yaml
+kubectl apply -f https://github.com/knative-sandbox/security-guard/releases/download/v0.6.0/create-knative-secrets.yaml
+kubectl apply -f https://github.com/knative-sandbox/security-guard/releases/download/v0.6.0/guard-service.yaml
 ```
 
 ## Deploying a pod with a Security-Guard sidecar

hack/kind/deployKind.sh

@@ -46,15 +46,15 @@ kubectl create namespace knative-serving
 kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml
 
 #Create K8s resources CRD, ServiceAccounts etc.
-kubectl apply -f https://raw.githubusercontent.com/knative-sandbox/security-guard/release-0.5/config/resources/gateAccount.yaml
-kubectl apply -f https://raw.githubusercontent.com/knative-sandbox/security-guard/release-0.5/config/resources/serviceAccount.yaml
-kubectl apply -f https://raw.githubusercontent.com/knative-sandbox/security-guard/release-0.5/config/resources/guardiansCrd.yaml
+kubectl apply -f https://raw.githubusercontent.com/knative-sandbox/security-guard/release-0.6/config/resources/gateAccount.yaml
+kubectl apply -f https://raw.githubusercontent.com/knative-sandbox/security-guard/release-0.6/config/resources/serviceAccount.yaml
+kubectl apply -f https://raw.githubusercontent.com/knative-sandbox/security-guard/release-0.6/config/resources/guardiansCrd.yaml
 
 # start create-secrets
-kubectl apply -f https://github.com/knative-sandbox/security-guard/releases/download/v0.5.0/create-secrets.yaml
+kubectl apply -f https://github.com/knative-sandbox/security-guard/releases/download/v0.6.0/create-secrets.yaml
 
 # start guard-service
-kubectl apply -f https://github.com/knative-sandbox/security-guard/releases/download/v0.5.0/guard-service.yaml
+kubectl apply -f https://github.com/knative-sandbox/security-guard/releases/download/v0.6.0/guard-service.yaml
 
 # wait for keys to be ready
 kubectl wait --namespace knative-serving --for=condition=complete job/create-knative-secrets --timeout=120s
@@ -68,10 +68,10 @@ REPLACE_NAME="s/ name: knative-serving-certs/ name: default-serving-certs/"
 kubectl get secret knative-serving-certs --namespace=knative-serving -o yaml |sed "${REPLACE_NS}" |sed "${REPLACE_NAME}" |sed  "s/ selfLink: .*/ /"|sed  "s/ uid: .*/ /" |sed  "s/ resourceVersion: .*/ /" |kubectl apply -f -
 
 #add hellowworld - protected using a guard sidecar  (the recommended pattern)
-kubectl apply -f https://github.com/knative-sandbox/security-guard/releases/download/v0.5.0/secured-helloworld.yaml
+kubectl apply -f https://github.com/knative-sandbox/security-guard/releases/download/v0.6.0/secured-helloworld.yaml
 
 #add myapp - protected using a separate guard pod (non-recommended pattern)
-kubectl apply -f https://github.com/knative-sandbox/security-guard/releases/download/v0.5.0/secured-layered-myapp.yaml
+kubectl apply -f https://github.com/knative-sandbox/security-guard/releases/download/v0.6.0/secured-layered-myapp.yaml
 
 #cleanup
 rm $CONFIG

hack/kind/deployKnativeKind.sh

@@ -20,19 +20,19 @@ export KO_DOCKER_REPO=ko.local
 kn quickstart kind -n k8s --install-serving
 
 #Create K8s resources CRD, ServiceAccounts etc.
-kubectl apply -f https://raw.githubusercontent.com/knative-sandbox/security-guard/release-0.5/config/resources/gateAccount.yaml
-kubectl apply -f https://raw.githubusercontent.com/knative-sandbox/security-guard/release-0.5/config/resources/serviceAccount.yaml
-kubectl apply -f https://raw.githubusercontent.com/knative-sandbox/security-guard/release-0.5/config/resources/guardiansCrd.yaml
+kubectl apply -f https://raw.githubusercontent.com/knative-sandbox/security-guard/release-0.6/config/resources/gateAccount.yaml
+kubectl apply -f https://raw.githubusercontent.com/knative-sandbox/security-guard/release-0.6/config/resources/serviceAccount.yaml
+kubectl apply -f https://raw.githubusercontent.com/knative-sandbox/security-guard/release-0.6/config/resources/guardiansCrd.yaml
 
 # Kind seem to sometime need some extra time
 sleep 10
 
 # adjust knative to use guard
-kubectl apply -f https://github.com/knative-sandbox/security-guard/releases/download/v0.5.0/queue-proxy.yaml
-kubectl apply -f https://github.com/knative-sandbox/security-guard/releases/download/v0.5.0/config-features.yaml
+kubectl apply -f https://github.com/knative-sandbox/security-guard/releases/download/v0.6.0/queue-proxy.yaml
+kubectl apply -f https://github.com/knative-sandbox/security-guard/releases/download/v0.6.0/config-features.yaml
 
 # start guard-service
-kubectl apply -f https://github.com/knative-sandbox/security-guard/releases/download/v0.5.0/guard-service.yaml
+kubectl apply -f https://github.com/knative-sandbox/security-guard/releases/download/v0.6.0/guard-service.yaml
 
 # Activate internal encryption
 kubectl patch configmap config-network -n knative-serving --type=merge -p '{"data": {"internal-encryption": "true"}}'

pkg/guard-gate/gate.go

@@ -28,7 +28,7 @@ import (
 	pi "knative.dev/security-guard/pkg/pluginterfaces"
 )
 
-const plugVersion string = "0.5"
+const plugVersion string = "0.6"
 const plugName string = "guard"
 
 const (
@@ -74,6 +74,7 @@ func (p *plug) ApproveRequest(req *http.Request) (*http.Request, error) {
 
 	// Req
 	s.screenEnvelop(ticks)
+	s.screenPod()
 	s.screenRequest(req)
 	s.screenRequestBody(req)
 
@@ -117,6 +118,7 @@ func (p *plug) ApproveResponse(req *http.Request, resp *http.Response) (*http.Re
 	s.screenResponse(resp, ticks)
 	s.screenResponseBody(resp)
 	s.screenEnvelop(ticks)
+	s.screenPod()
 
 	if p.gateState.shouldBlock() && (s.hasAlert() || p.gateState.hasAlert()) {
 		p.gateState.addStat("BlockOnResponse")