OperatorConfig

config.airlock.com/v1alpha1

OperatorConfig is the schema for the Airlock Microgateway Operator configuration file

# Example Operator configuration
apiVersion: config.airlock.com/v1alpha1
kind: OperatorConfig
log:
  level: info
health:
  healthProbeBindAddress: :8081
metrics:
  bindAddress: 0.0.0.0:8080
webhook:
  port: 9443
pprof:
  bindAddress: localhost:6060

# Extensions: Airlock Microgateway Operator
deployment:
  sidecar:
    engineContainerTemplate: "/sidecar/engine_container_template.yaml"
engine:
  bootstrapConfigTemplate: "/engine_bootstrap_config_template.yaml"
apiVersion: config.airlock.com/v1alpha1
kind: OperatorConfig
metrics: 
  bindAddress: "0.0.0.0:8080"
health: 
  healthProbeBindAddress: ":8081"
  readinessEndpointName: "/readyz"
  livenessEndpointName: "/healthz"
webhook: 
  port: 9443
deployment: 
  sidecar: 
    engineContainerTemplate: "/sidecar/engine_container_template.yaml"
    networkValidatorContainerTemplate: "/sidecar/network_validator_container_template.yaml"
engine: 
  bootstrapConfigTemplate: "/engine_bootstrap_config_template.yaml"
xdsServer: 
  port: 13377
  grpcSettings: 
    maxConcurrentStreams: 4294967295
    keepaliveTime: "2h"
    keepaliveTimeout: "20s"
    keepaliveClientMinTime: "5m"
log: 
  level: info

OperatorConfig

Field Type Description Required Default Allowed Values
deployment object Deployment defines the configuration for the deployment strategy. no
engine object Engine defines the configuration for the engine container. no
health object Health contains the health configuration of the operator. no
log object Log defines the log configuration of the operator. no
metrics object Metrics contains the metrics configuration of the operator. no
pprof object Pprof defines an optional pprof server with its binding address, if omitted no pprof server is started. no
webhook object Webhook contains the webhook configuration of the operator. no
xdsServer object XdsServer defines the configuration for the xDS server which communicates with the Airlock Microgateway Engine. no

OperatorConfig.deployment

Field Type Description Required Default Allowed Values
sidecar object Sidecar defines the configuration for the sidecar deployment. no

OperatorConfig.deployment.sidecar

Field Type Description Required Default Allowed Values
engineContainerTemplate string Defines the container which will be injected as sidecar. Can be useful to adjust the image, imagePullPolicy, capabilities or other settings.
For more information please visit the official Kubernetes documentation website.		 no /sidecar/engine_container_template.yaml
networkValidatorContainerTemplate string Defines the container which will be injected as init container to verify that the Airlock Microgateway CNI plugin correctly configured the pod’s network such
that traffic is redirected through Airlock Microgateway Engine.
Can be useful to adjust the image, imagePullPolicy, capabilities or other settings.
For more information please visit the official Kubernetes documentation website.
If explicitly set to an empty string, init container injection will be disabled and no network validation will be performed before pod startup.		 no /sidecar/network_validator_container_template.yaml

OperatorConfig.engine

Field Type Description Required Default Allowed Values
bootstrapConfigTemplate string Defines the Envoy bootstrap configuration. For more information, please visit the official Envoy documentation website. no /engine_bootstrap_config_template.yaml

OperatorConfig.health

Field Type Description Required Default Allowed Values
healthProbeBindAddress string HealthProbeBindAddress is the TCP address that the operator should bind to
for serving health probes.
It can be set to “0” to disable serving the health probe.		 no :8081
livenessEndpointName string LivenessEndpointName is the path under which the liveness probe is served. no /healthz
readinessEndpointName string ReadinessEndpointName is the path under which the readiness probe is served. no /readyz

OperatorConfig.log

Field Type Description Required Default Allowed Values
level enum Level defines the log level of the operator. no info error, warn, info, debug

OperatorConfig.metrics

Field Type Description Required Default Allowed Values
bindAddress string BindAddress is the TCP address that the operator should bind to
for serving prometheus metrics.
It can be set to “0” to disable the metrics serving.		 no 0.0.0.0:8080

OperatorConfig.pprof

Field Type Description Required Default Allowed Values
bindAddress string BindAddress defines the TCP address that the operator should bind to for serving pprof.
Since pprof may contain sensitive information, it is recommended to bind it to localhost only.		 yes

OperatorConfig.webhook

Field Type Description Required Default Allowed Values
port int Port is the port on which the webhook server is served. no 9443 [1, 65535]

OperatorConfig.xdsServer

Field Type Description Required Default Allowed Values
grpcSettings object Defines the gRPC Settings which are used by the xDS Server for the gRPC connections with the Airlock Microgateway Engine containers. no
port int32 Defines the port where the xDS server is listening. no 13377 [1, 65535]

OperatorConfig.xdsServer.grpcSettings

Field Type Description Required Default Allowed Values
keepaliveClientMinTime string (duration) Defines the minimum amount of time an Airlock Microgateway Engine (xDS client) should wait before sending a keepalive ping.
The Airlock Microgateway Operator (xDS server) will close connection with a client that violates this policy.		 no 5m See link
keepaliveTime string (duration) Defines the keep alive time. After this time without any activity from Airlock Microgateway Engine container a ping is sent to see if the transport is still alive. If set below 1s, a minimum value of 1s will be used instead. no 2h See link
keepaliveTimeout string (duration) Defines the keep alive timeout. Time to wait after keepalive check before closing the connection in case that there was no activity. no 20s See link
maxConcurrentStreams uint32 Defines the limit of max concurrent gRPC streams. no 4294967295 [0, 4294967295]