Getting started

Overview

Goal

Deploy the Microgateway and get familiar with its components.

Notes

No back-end will be deployed. Therefore, do not expect that requests are being handled by a back-end.

Deploy the solution

  1. Deploy the solution of the exercise
  2. Run the following commands:
    3. copy
    cd getting-started/solution/
    copy
    kubectl apply -k .
  3. The solution has been deployed successfully.

The exercise does not contain any licenses. Therefore, Airlock Microgateway runs as Community Edition

For more details see Features and support.

To run the exercise as Premium Edition, copy a valid license to .templates/microgateway/secret/microgateway.lic and execute kubectl apply -k . to re-deploy the Microgateway.

Instruction

  1. Observe the deployment and get used to it
  2. Check the status of the Microgateway pod.
    3. details...

    List the Microgateway pods:

    copy
    kubectl get pod
    copy
    kubectl get pod -l app=microgateway

    Show Microgateway pod details:

    copy
    kubectl describe pod -l app=microgateway

    Once the pod is ready to process requests, the output of the kubectl describe command shows that the pod is ready.

    ...
   Conditions: 
  Type              Status 
  Initialized       True 
  Ready             True 
  ContainersReady   True 
  PodScheduled      True
...
  3. Watch the logs of the Microgateway pod.
    4. details...

    Check the logs of the Microgateway configbuilder.

    copy
    kubectl logs -l app=microgateway -c configbuilder -f

    Follow the logs of the Microgateway runtime container.

    copy
    kubectl logs -l app=microgateway -c microgateway -f

    Follow the logs of the Microgateway runtime container and filter for interesting log messages. Mainly these are the log messages with the log_id WR-SG-SUMMARY and WR-SG-BLOCK. Under some circumstances, WR-SG-REJECT or WR-SG-BACK is also very interesting.

    copy
    kubectl logs -l app=microgateway -c microgateway -f | grep -iE "WR-SG-(SUMMARY|BLOCK|REJECT|BACK)"
  4. Check the status of the Microgateway service.
    5. details...

    List the Microgateway service

    copy
    kubectl get svc
    copy
    kubectl get svc -l app=microgateway

    Show Microgateway service details

    copy
    kubectl describe svc -l app=microgateway
  5. Check the config files of the Microgateway runtime container which have been generated by the Microgateway configbuilder.
    • The following files should exist in the Microgateway runtime container:
    • /opt/airlock/ext-apache/conf/httpd.conf
    • /config/opt/airlock/gatekeeper/resource/*
    • /config/opt/airlock/gatekeeper/resource/license
    details...
    1. Check the config files:
    2. Connect to the Microgateway container
      3. copy
      kubectl exec -it <Pod> -- bash
      copy
      kubectl exec -it deploy/microgateway -- bash
    3. Show the Apache config file /opt/airlock/ext-apache/conf/httpd.conf
      4. copy
      cat /opt/airlock/ext-apache/conf/httpd.conf
    4. List the Securitygate config files in /config/opt/airlock/gatekeeper/resource/
      5. copy
      ls -la /config/opt/airlock/gatekeeper/resource/
    5. Show the Microgateway license file /config/opt/airlock/gatekeeper/resource/license
      6. copy
      cat /config/opt/airlock/gatekeeper/resource/license
    6. Exit the shell
      7. copy
      exit

Cleanup

  1. Delete Kubernetes resources from previously exercises or solutions
  2. Run the following commands:
    3. copy
    kubectl delete all,ing,cm,secrets,pv,pvc,sa,roles,rolebindings,clusterroles,clusterrolebindings -l purpose=microgateway-tutorial
  3. All relevant Kubernetes resources in the namespace have been deleted successfully.