Istio

To use Airlock Microgateway in your Kubernetes or OpenShift cluster with Istio, follow along this guide to deploy the Airlock Microgateway Operator and its resources.

• Istio has been deployed as described in their documentation (Istio) Documentation.

1. Ensure that the Airlock Microgateway Operator does not have Istio injected. Neither through labeling the namespace nor with the corresponding annotation.
   For more information, consult (Istio) Sidecar injection.
2. Depending on which Kubernetes distribution you are using, complete the instructions in the corresponding installation guide:
• For Kubernetes, follow this guide: Kubernetes
• For OpenShift, follow this guide: OpenShift
3. Airlock Microgateway should be up and running.

0. After deploying the Airlock Microgateway Operator in your Kubernetes Cluster, the following steps are required:
1. Annotate the web application Pods to protect as explained in Annotations for Microgateway Engine injection.
2. Create the CustomResources to configure the Airlock Microgateway as outlined in Configuration.
3. If Istio meshConfig.outboundTrafficPolicy.mode is set to the non-default value REGISTRY_ONLY. Annotate the web application Pod with traffic.sidecar.istio.io/excludeOutboundPorts: <comma-separated port list> with the ports described in Network communication to allow network traffic to the services.

• Internal links:
• Annotations for Microgateway Engine injection
• Configuration

• External links:
• (Istio) OutboundTrafficPolicy