-
Deny all traffic by default
kubectl apply -f setup/deny-all-by-default.yaml
-
Allow Knative Serving components to send requests to the Activator
kubectl apply -f setup/allow-traffic-to-activator.yaml
-
Allow Knative Kafka controller to probe Knative Kafka data plane for resource readiness
kubectl apply -f setup/allow-probe-kafka-controller.yaml
-
Allow Brokers with class
MTChannelBasedBrokerto communicate with the underlying channels:kubectl apply -f setup/allow-mt-channel-based-broker-to-channels.yaml
Imaging we want to onboard a new project order-service to Knative composed of two namespaces: ns1 and ns2.
-
Create the project's namespaces by running the following commands:
kubectl create ns ns1 kubectl create ns ns2
-
Install the Helm chart
helm install oci://quay.io/pierdipi/knative-istio-authz-onboarding --version 0.1.0 --set "name=order-service" --set "namespaces={ns1, ns2}"
or, view the resources you would need to onboard the project:
helm template oci://quay.io/pierdipi/knative-istio-authz-onboarding --version 0.1.0 --set "name=order-service" --set "namespaces={ns1, ns2}"
Render the templates by running the following command:
helm template ./ --values tests/values.yamlPackage the chart by running the following command:
helm package ./Push the chart by running the following command:
helm push knative-istio-authz-onboarding-0.1.0.tgz oci://quay.io/pierdipi