Requirements and Limitations

Ensure the following requirements are met in order to run Airlock Microgateway successfully. Note that in addition to the following requirements, a valid license is required to operate Airlock Microgateway.

Platform requirements

Airlock Microgateway runs on Kubernetes version >= 1.25 and Istio >= 1.14.5. To ensure compatibility, we run automated tests with the following Kubernetes distributions:

Kubernetes distribution	Version	Description
Google Kubernetes Engine	1.25
Anthos Service Mesh on Google Kubernetes Engine	1.15.7-asm.8	Istio version 1.15.7
OpenShift	4.12.13
Red Hat OpenShift Service Mesh	2.3.3	Istio version 1.14.5

Kubernetes resource requirements

The Airlock Microgateway default installation defines the following Kubernetes resource requirements:

Deployment / DaemonSet	Airlock Microgateway container image	Kubernetes resource	CPU	Memory
`airlock-microgateway-operator-controller-manager`	Airlock Microgateway Operator	requests	`100m`	`512Mi`
`airlock-microgateway-operator-controller-manager`	Airlock Microgateway Operator	limits	`1000m`	`512Mi`
Protected web application	Airlock Microgateway Engine (Sidecar container)	requests	`10m`	`40Mi`
Protected web application	Airlock Microgateway Engine (Sidecar container)	limits	`500m`	`128Mi`
`airlock-microgateway-cni`	Airlock Microgateway CNI	requests	`10m`	`100Mi`
`airlock-microgateway-cni`	Airlock Microgateway CNI	limits	`not set`	`not set`
`airlock-microgateway-license-guard`	Microgateway License Guard	requests	`50m`	`64Mi`
`airlock-microgateway-license-guard`	Microgateway License Guard	limits	`not set`	`64Mi`
`airlock-microgateway-license-guard-redis`	Redis	requests	`100m`	`64Mi`
`airlock-microgateway-license-guard-redis`	Redis	limits	`not set`	`64Mi`

Network communication

The following network communication is required:

From Pod	To service	To namespace	To port	To protocol
Protected web application Pod	`airlock-microgateway-operator-xds`	`airlock-microgateway-system`	`13377`	`TCP`
Protected web application Pod	`airlock-microgateway-license-guard`	`airlock-microgateway-system`	`13378`	`TCP`

Additional components

Airlock Microgateway requires the following components to run:

Component	Tested version	Description
cert-manager	1.11.0	The cert-manager is required to secure the connection between Kubernetes API server to the Microgateway Operator Webhook. To install the cert-manager, follow the manual: (Kubernetes) Install cert-manager

Limitations

Airlock Microgateway is only available for x64 CPU architectures.
The Airlock Microgateway Operator can run only in AllNamespaces mode. The Operator watches and operates the Microgateway containers in all Kubernetes namespaces. Therefore, only one Airlock Microgateway version can be deployed and operated in the Kubernetes cluster.

Further information and links

Internal links:
Licensing and license-dependent behavior

External links:
(Kubernetes) Resource Management for Pods and Containers