With Helm in OpenShift
Deploy with Helm in OpenShift

Helm is a popular package manager for Kubernetes (Greek for helmsman). Helm packages are called charts and contain all of the resource definitions necessary to run an application or service inside of a Kubernetes cluster.

It helps achieving the following tasks:

  • Install and upgrade applications within Kubernetes.
  • Define dependencies within the Helm Chart.
  • Create all required Kubernetes resource definitions for the application.
  • Allow customizing the installation through parameters.

In order to speed up your deployments, we have made our internal (Github) Airlock Microgateway - Helm Charts publicly available on GitHub. The Helm Chart contains all resource definitions and dependencies to deploy Airlock Microgateway in a Kubernetes or OpenShift cluster.

Follow this guide to deploy and configure Airlock Microgateway using Helm.

The Airlock Helm Charts are released under an MIT license. They are provided as is, without a warranty of any kind.

Prerequisites

Preparation

Before proceeding, follow the instructions below to add and update the repo Airlock Helm Charts to your Helm client.

  • 1.
    Add the chart repository:
  • copy
    helm repo add airlock https://ergon.github.io/airlock-helm-charts/
  • 2.
    Update the chart repository to the latest version:
  • copy
    helm repo update

Deployment

Follow the instructions below to deploy Airlock Microgateway with an echo and a Redis service.

  • 1.
    To use the community edition, create the following values.yaml file:
  • copy
    config:
      dsl:
        session:
          redis_hosts: [redis-master]
        log:
          level: info
        remote_ip:
          header: X-Forwarded-For
          internal_proxies:
            - 10.0.0.0/8
            - 172.16.0.0/12
            - 192.168.0.0/16
    
        apps:
          - mappings:
              - session_handling: enforce_session
                deny_rule_groups:
                  - level: strict
    
    redis:
      enabled: true
    echo-server:
      enabled: true
    route:
      enabled: true
      hosts:
        - virtinc.com
      targetPort: http
      tls:
        enabled: false
    …Show more…Show less
  • 2.
    To use the premium edition, do the following:
    • Create the following values.yaml file:
    • copy
      config:
        license:
          useExistingSecret: true
          secretName: "microgateway-license"
        dsl:
          session:
            redis_hosts: [redis-master]
          log:
            level: info
          remote_ip:
            header: X-Forwarded-For
            internal_proxies:
              - 10.0.0.0/8
              - 172.16.0.0/12
              - 192.168.0.0/16
      
          apps:
            - mappings:
                - session_handling: enforce_session
                  deny_rule_groups:
                    - level: strict
      
      redis:
        enabled: true
      echo-server:
        enabled: true
      route:
        enabled: true
        hosts:
          - virtinc.com
        targetPort: http
        tls:
          enabled: false
      …Show more…Show less
    • Save the Microgateway license as microgateway.lic file and run the following command:
    • copy
      kubectl create secret generic microgateway-license --from-file=license=microgateway.lic
  • 3.
    Deploy Airlock Microgateway under the release name microgateway-echo.
  • copy
    helm upgrade -i microgateway-echo airlock/microgateway -f values.yaml

Verification

Follow the instructions below to verify that the Helm release could be deployed successfully.

  • 1.
    Check the status of the pods:
  • copy
    kubectl get pods

    All pods have a STATUS of Running.

  • 2.
    Send a curl request to the echo server:
  • copy
    curl -v -k http://$(minishift ip)/ -H "Host: virtinc.com"

    In case that Airlock Microgateway was not deployed in Minishift, replace the part $(minishift ip) with the IP address of the Route of your OpenShift cluster.

  • The request is sent to the echo server.
  • The Airlock Microgateway logs show, that the request has been filtered by Microgateway.

Uninstall

Follow the instructions below to uninstall the Helm release.

  • 1.
    Uninstall the Helm release
  • copy
    helm uninstall microgateway-echo