Requirements

Skills

Airlock Microgateway is designed to run in Kubernetes distributions, like OpenShift, AKS, Rancher, etc. In order to be successful during the deployment or operational tasks, Kubernetes knowledge on CKA/CKAD level is suggested.

Other vendors like OpenShift have their equivalent certification courses which also satisfy this requirement.

Platform requirements

Airlock Microgateway has been tested with the following versions:

Kubernetes distribution
Version
Kubernetes
Kubernetes version >= 1.18
OpenShift
OpenShift version 3.11
OpenShift versions 4.x

Medium - Airlock Microgateway is known to work in docker-compose setups. However, docker-compose is not one of the target platforms for which Microgateway deployments are optimized. We recommend using any Kubernetes distribution instead. Deployments in Kubernetes bring many advantages, such as:

  • Readiness and Liveness Probes
  • Scaling horizontally
  • Easy integration in CI/CD pipelines (GitOps)
  • Canary deployments
  • Rollover without downtime
  • etc.

Medium – This manual is written for deployments in the mentioned Kubernetes distributions, although Airlock Microgateway might also work in other distributions as well.

Always use the latest bugfix release before proceeding.

Resource requirements

The Airlock Microgateway runtime container itself has the following resource requirements:

 
CPU (Millicores)
Memory (MB)
Requests (Minimum)
30
256
Limits
-
4'096

Example Kubernetes configuration for these system requirements:

copy
  resources:
    requests:
      memory: "256Mi"
      cpu: "30m"
    limits:
      memory: "4096Mi"

The resources.requests parameters must be adapted depending on the expected throughput. Further information are mentioned in Sizing.

Sizing

The amount of requests being processed by the Airlock Microgateway depend on the CPU and memory resources available for the runtime container. Please adapt the resource requirements according to your traffic load.

Performance tests showed that they scale very well with CPU and memory resources. The following figures could be measured with a default configuration (no session handling, deny rules only):

CPU (Millicores)
Memory (GiB)
Performance (Requests/s)
500
0.5
~330
1'000
1.0
~680
2'000
2.0
~1'430
4'000
4.0
~2'900