Any communication between containers in the airlock-microgateway-system
namespace and, i.e., Microgateway Engine containers in web application namespaces, is secured using TLS/mTLS.
During the Microgateway Operator startup, the following self-signed certificates are generated and stored as secrets in the airlock-microgateway-system
namespace:
airlock-microgateway-ca-cert
– the CA certificate to generate self-signed TLS certificates.webhook-server-cert
– the server certificate of the Microgateway Operator.
Each time an Airlock Microgateway Engine sidecar is injected, an airlock-microgateway-bootstrap-secret
is generated and saved to the web application namespace. This secret holds the required certificates and keys for mTLS-based communication between the Microgateway Engine and the Operator. The TLS certificates of the bootstrap secret are renewed automatically every 48h.