OperatorConfig
config.airlock.com/v1alpha1
OperatorConfig is the schema for the Airlock Microgateway Operator configuration file
# Example Operator configuration
apiVersion: config.airlock.com/v1alpha1
kind: OperatorConfig
log:
level: info
health:
healthProbeBindAddress: :8081
metrics:
bindAddress: 0.0.0.0:8080
webhook:
port: 9443
pprof:
bindAddress: localhost:6060
# Extensions: Airlock Microgateway Operator
deployment:
sidecar:
engineContainerTemplate: "/sidecar/engine_container_template.yaml"
engine:
bootstrapConfigTemplate: "/engine_bootstrap_config_template.yaml"apiVersion: config.airlock.com/v1alpha1
kind: OperatorConfig
metrics:
bindAddress: "0.0.0.0:8080"
health:
healthProbeBindAddress: ":8081"
readinessEndpointName: "/readyz"
livenessEndpointName: "/healthz"
webhook:
port: 9443
deployment:
sidecar:
engineContainerTemplate: "/sidecar/engine_container_template.yaml"
networkValidatorContainerTemplate: "/sidecar/network_validator_container_template.yaml"
engine:
bootstrapConfigTemplate: "/engine_bootstrap_config_template.yaml"
xdsServer:
port: 13377
grpcSettings:
maxConcurrentStreams: 4294967295
keepaliveTime: "2h"
keepaliveTimeout: "20s"
keepaliveClientMinTime: "5m"
log:
level: info
licensing:
throughputCheckTimeout: "50ms"OperatorConfig
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| deployment | object | Deployment defines the configuration for the deployment strategy. | no | ||
| engine | object | Engine defines the configuration for the engine container. | no | ||
| health | object | Health contains the health configuration of the operator. | no | ||
| licensing | object | Licensing defines the licensing options of the operator and engine. | no | ||
| log | object | Log defines the log configuration of the operator. | no | ||
| metrics | object | Metrics contains the metrics configuration of the operator. | no | ||
| pprof | object | Pprof defines an optional pprof server with its binding address, if omitted no pprof server is started. | no | ||
| webhook | object | Webhook contains the webhook configuration of the operator. | no | ||
| xdsServer | object | XdsServer defines the configuration for the xDS server which communicates with the Airlock Microgateway Engine. | no |
OperatorConfig.deployment
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| sidecar | object | Sidecar defines the configuration for the sidecar deployment. | no |
OperatorConfig.deployment.sidecar
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
engineContainerTemplate |
string | Defines the container which will be injected as sidecar. Can be useful to adjust the image, imagePullPolicy, capabilities or other settings. For more information please visit the official Kubernetes documentation website. | no | /sidecar/engine_container_template.yaml |
|
networkValidatorContainerTemplate |
string | Defines the container which will be injected as init container to verify that the Airlock Microgateway CNI plugin correctly configured the pod’s network such that traffic is redirected through Airlock Microgateway Engine. Can be useful to adjust the image, imagePullPolicy, capabilities or other settings. For more information please visit the official Kubernetes documentation website. If explicitly set to an empty string, init container injection will be disabled and no network validation will be performed before pod startup. | no | /sidecar/network_validator_container_template.yaml |
OperatorConfig.engine
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
bootstrapConfigTemplate |
string | Defines the Envoy bootstrap configuration. For more information, please visit the official Envoy documentation website. | no | /engine_bootstrap_config_template.yaml |
OperatorConfig.health
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
healthProbeBindAddress |
string | HealthProbeBindAddress is the TCP address that the operator should bind to for serving health probes. It can be set to “0” to disable serving the health probe. | no | :8081 |
|
livenessEndpointName |
string | LivenessEndpointName is the path under which the liveness probe is served. | no | /healthz |
|
readinessEndpointName |
string | ReadinessEndpointName is the path under which the readiness probe is served. | no | /readyz |
OperatorConfig.licensing
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
throughputCheckTimeout |
string (duration) | ThroughputCheckTimeout specifies the timeout for the license ratelimit RPCs. If the license guard does not respond within this window, the request will be blocked unless enforceThroughputLimit is disabled. | no | 50ms |
See link |
OperatorConfig.log
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
level |
enum | Level defines the log level of the operator. | no | info |
error, warn, info, debug |
OperatorConfig.metrics
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
bindAddress |
string | BindAddress is the TCP address that the operator should bind to for serving prometheus metrics. It can be set to “0” to disable the metrics serving. | no | 0.0.0.0:8080 |
OperatorConfig.pprof
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
bindAddress |
string | BindAddress defines the TCP address that the operator should bind to for serving pprof. Since pprof may contain sensitive information, it is recommended to bind it to localhost only. | yes |
OperatorConfig.webhook
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
port |
int | Port is the port on which the webhook server is served. | no | 9443 |
[1, 65535] |
OperatorConfig.xdsServer
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| grpcSettings | object | Defines the gRPC Settings which are used by the xDS Server for the gRPC connections with the Airlock Microgateway Engine containers. | no | ||
port |
int32 | Defines the port where the xDS server is listening. | no | 13377 |
[1, 65535] |
OperatorConfig.xdsServer.grpcSettings
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
keepaliveClientMinTime |
string (duration) | Defines the minimum amount of time an Airlock Microgateway Engine (xDS client) should wait before sending a keepalive ping. The Airlock Microgateway Operator (xDS server) will close connection with a client that violates this policy. | no | 5m |
See link |
keepaliveTime |
string (duration) | Defines the keep alive time. After this time without any activity from Airlock Microgateway Engine container a ping is sent to see if the transport is still alive. If set below 1s, a minimum value of 1s will be used instead. | no | 2h |
See link |
keepaliveTimeout |
string (duration) | Defines the keep alive timeout. Time to wait after keepalive check before closing the connection in case that there was no activity. | no | 20s |
See link |
maxConcurrentStreams |
uint32 | Defines the limit of max concurrent gRPC streams. | no | 4294967295 |
[0, 4294967295] |