[go: up one dir, main page]

Skip to content

Extending Queue Proxy image with QPOptions

Knative service pods include two containers:

  • The user main service container, which is named user-container
  • The Queue Proxy - a sidecar named queue-proxy that serves as a reverse proxy in front of the user-container

You can extend Queue Proxy to offer additional features. The QPOptions feature of Queue Proxy allows additional runtime packages to extend Queue Proxy capabilities.

For example, the security-guard repository provides an extension that uses the QPOptions feature. The QPOption package enables users to add additional security features to Queue Proxy.

The runtime features available are determined when the Queue Proxy image is built. Queue Proxy defines an orderly manner to activate and to configure extensions.

Additional information

Adding extensions

You can add extensions by replacing the cmd/queue/main.go file before the Queue Proxy image is built. The following example shows a cmd/queue/main.go file that adds the test-gate extension:

  package main

  import "os"

  import "knative.dev/serving/pkg/queue/sharedmain"
  import "knative.dev/security-guard/pkg/qpoption"
  import _ "knative.dev/security-guard/pkg/test-gate"

  func main() {
      qOpt := qpoption.NewQPSecurityPlugs()
      defer qOpt.Shutdown()

        if sharedmain.Main(qOpt.Setup) != nil {
          os.Exit(1)
      }
  }

We use analytics and cookies to understand site traffic. Information about your use of our site is shared with Google for that purpose. Learn more.

× OK