This article shows the architecture of a web application deployed in a Kubernetes cluster and protected by Airlock Microgateway. This example illustrates the setup if no service mesh is used. This is the most simple functional setup – with Airlock Microgateway injected which secures a single Web application container. The setup shows two namespaces, one for the Microgateway Operator Pod and a second one with the Web application Pod.
The Microgateway Operator container injects the Microgateway Engine Container into web application Pods labeled with sidecar.microgateway.airlock.com/inject: "true"
.
- The Operator configures the Engine based on Custom Resources that contain the Engine configuration.
- The Microgateway CNI plugin of the Node configures the network routing between Engine and Web application container.