With Helm in Kubernetes
Deploy with Helm in Kubernetes

Helm is a popular package manager for Kubernetes (Greek for helmsman). Helm packages are called charts and contain all of the resource definitions necessary to run an application or service inside of a Kubernetes cluster.

It helps achieving the following tasks:

  • Install and upgrade applications within Kubernetes.
  • Define dependencies within the Helm Chart.
  • Create all required Kubernetes resource definitions for the application.
  • Allow customizing the installation through parameters.

In order to speed up your deployments, we have made our internal (Github) Airlock Microgateway - Helm Charts publicly available on GitHub. The Helm Chart contains all resource definitions and dependencies to deploy Airlock Microgateway in a Kubernetes or OpenShift cluster.

Follow this guide to deploy and configure Airlock Microgateway using Helm.

The Airlock Helm Charts are released under an MIT license. They are provided as is, without a warranty of any kind.

Prerequisites

Preparation

Before proceeding, follow the instructions below to add and update the repo Airlock Helm Charts to your Helm client.

  • 1.
    Add the chart repository:
  • copy
    helm repo add airlock https://ergon.github.io/airlock-helm-charts/
  • 2.
    Update the chart repository to the latest version:
  • copy
    helm repo update

Deployment

Follow the instructions below to deploy Airlock Microgateway with an echo and a Redis service.

  • 1.
    To use the community edition, create the following values.yaml file:
  • copy
    config:
      dsl:
        session:
          redis_hosts: [redis-master]
        log:
          level: info
        remote_ip:
          header: X-Forwarded-For
          internal_proxies:
            - 10.0.0.0/8
            - 172.16.0.0/12
            - 192.168.0.0/16
    
        apps:
          - mappings:
              - session_handling: enforce_session
                deny_rule_groups:
                  - level: strict
    
    redis:
      enabled: true
    echo-server:
      enabled: true
    ingress:
      enabled: true
      annotations:
        nginx.ingress.kubernetes.io/rewrite-target: /
        kubernetes.io/ingress.class: nginx
      hosts:
        - virtinc.com
    …Show more…Show less
  • 2.
    To use the premium edition, do the following:
    • Create the following values.yaml file:
    • copy
      config:
        license:
          useExistingSecret: true
          secretName: "microgateway-license"
        dsl:
          session:
            redis_hosts: [redis-master]
          log:
            level: info
          remote_ip:
            header: X-Forwarded-For
            internal_proxies:
              - 10.0.0.0/8
              - 172.16.0.0/12
              - 192.168.0.0/16
      
          apps:
            - mappings:
                - session_handling: enforce_session
                  deny_rule_groups:
                    - level: strict
      
      redis:
        enabled: true
      echo-server:
        enabled: true
      ingress:
        enabled: true
        annotations:
          nginx.ingress.kubernetes.io/rewrite-target: /
          kubernetes.io/ingress.class: nginx
        hosts:
          - virtinc.com
      …Show more…Show less
    • Save the Microgateway license as microgateway.lic file and run the following command:
    • copy
      kubectl create secret generic microgateway-license --from-file=license=microgateway.lic
  • 3.
    Deploy Airlock Microgateway under the release name microgateway-echo.
  • copy
    helm upgrade -i microgateway-echo airlock/microgateway -f values.yaml

Verification

Follow the instructions below to verify that the Helm release could be deployed successfully.

  • 1.
    Check the status of the pods:
  • copy
    kubectl get pods

    All pods have a STATUS of Running.

  • 2.
    Send a curl request to the echo server:
  • copy
    curl -v -k http://$(minikube ip)/ -H "Host: virtinc.com"

    In case that Airlock Microgateway was not deployed in Minikube, replace the part $(minikube ip) with the IP address of the Ingress of your Kubernetes cluster.

  • The request is sent to the echo server.
  • The Airlock Microgateway logs show, that the request has been filtered by Microgateway.

Uninstall

Follow the instructions below to uninstall the Helm release.

  • 1.
    Uninstall the Helm release
  • copy
    helm uninstall microgateway-echo