Preparation
- Deploy the Kubernetes exercise
- 1.Run the following commands:
- The exercise has been deployed successfully.
The exercise does not contain any licenses. Therefore, Airlock Microgateway runs as Community Edition
For more details see Features and support.
To run the exercise as Premium Edition, copy a valid license to .templates/microgateway/secret/microgateway.lic and execute kubectl apply -k . to re-deploy the Microgateway.
Instruction
- Change the Microgateway configuration
- 1.Connect to the website:
- ●Open the URL in your browser: https://<MINIKUBE_IP>/
- 2.Watch the logs of the Microgateway pod.
- 3.Check the following:
- ●Did Airlock Microgateway receive the request?
- ●Did Airlock Microgateway forward the request to the back-end service?
- The following should be noticed:
- ●The request was received by Airlock Microgateway. The log message WR-SG-SUMMARY indicates that.
- ●Without a back-end host configured in the config.yaml file, Airlock Microgateway connects to the default back-end which is http://backend:8080.
- ●The request is rejected by Airlock Microgateway because there is no back-end reachable/available under this name (log message WR-SG-BACK-502).
- 4.Find out the Kubernetes service name which should be protected by Microgateway.
- 5.Edit Microgateway's configuration file.
- For the mapping echoserver:
- ●backend.name
- ●backend.hosts[].name
- ●backend.hosts[].protocol
- ●backend.hosts[].port
- 6.Apply the new configuration.
- 7.Deploy the Microgateway with the new configuration.
- 8.Check the status of the Microgateway pod.
- 9.Connect to the website:
- ●Open the URL in your browser: https://<MINIKUBE_IP>/
- The web application should be reachable from the browser.
- 10.Watch the logs of the Microgateway pod.
- The log message WR-SG-SUMMARY with the key action:allowed indicates that the request has successfully proceeded.
Check the logs of the Microgateway configbuilder.
Follow the logs of the Microgateway runtime container.
Follow the logs of the Microgateway runtime container and filter for interesting log messages. Mainly these are the log messages with the log_id WR-SG-SUMMARY and WR-SG-BLOCK. Under some circumstances, WR-SG-REJECT or WR-SG-BACK is also very interesting.
kubectl logs -l app=microgateway -c microgateway -f | grep -iE "WR-SG-(SUMMARY|BLOCK|REJECT|BACK)"The NAME of the Kubernetes service can be configured as back-end host in the Microgateway configuration.
Edit the file config/config.yaml and configure the following settings:
Use the (Microgateway) DSL reference to accomplish this task.
The modified part of the config.yaml looks as follow:
mappings:
- name: echoserver
...
...
backend:
name: echoserver
hosts:
- name: echoserver
protocol: http
port: 8080 After modifying the configuration file, apply the new configuration by running the following command:
A running Microgateway does not automatically reload the new configmap. The existing Microgatway pod must be killed. This way a new pod is deployed with the adapted configuration.
List the Microgateway pods:
Show Microgateway pod details:
Once the pod is ready to process requests, the output of the kubectl describe command shows that the pod is ready.
... Conditions: Type Status Initialized True Ready True ContainersReady True PodScheduled True ...
Check the logs of the Microgateway configbuilder.
Follow the logs of the Microgateway runtime container.
Follow the logs of the Microgateway runtime container and filter for interesting log messages. Mainly these are the log messages with the log_id WR-SG-SUMMARY and WR-SG-BLOCK. Under some circumstances, WR-SG-REJECT or WR-SG-BACK is also very interesting.
kubectl logs -l app=microgateway -c microgateway -f | grep -iE "WR-SG-(SUMMARY|BLOCK|REJECT|BACK)"Cleanup
- Delete Kubernetes resources from previously exercises or solutions
- 1.Run the following commands:
- All relevant Kubernetes resources in the namespace have been deleted successfully.
kubectl delete all,ing,cm,secrets,pv,pvc,sa,roles,rolebindings,clusterroles,clusterrolebindings -l purpose=microgateway-tutorial