Investigate enablement of Web Application Firewall for knative
Problem to solve
With the work completed in #25398 (closed), we now support enablement of Modsecurity Web Application Firewall using the default nginx ingress pod deployment. This does not yet provide any support for protecting serverless deployments using knative, which rely on deployment of Istio service mesh instead.
There are other ways we can explore securing Istio, such as network policies (#14010 (comment 221424686)) but we should also explore options for deployment of a ~WAF to reach feature parity with our current nginx offering.
Intended users
Further details
Proposal
Investigate available options for knative ~WAF.