To use Airlock Microgateway in your Kubernetes cluster, follow this guide to deploy the Airlock Microgateway Operator and its resources.
Prerequisites
- To use Airlock Microgateway, a valid license is required. Airlock Microgateway is available in a Premium and a free Community edition. To request and configure/change a license, see the article Licensing and license-dependent behavior.
- Deploy the
cert-manager
in your Kubernetes cluster.
For an easy start in non-production environments, you may deploy the same cert-manager
we use for internal testing. Note that the files provided are not intended for production use! Consult the manual for productive environments (Kubernetes) Install cert-manager.
Airlock Microgateway CNI installation
Install the CNI DaemonSet and required RBAC (Role Based Access Control) manifests with helm.
- Adapt and run the following command with the current CNI Helm chart version.
- Wait for the Airlock Microgateway CNI DaemonSet to be up and running.
- Verify the correctness of the installation with
helm test
. - Check the log messages.
- On successful installation, the logs should show the message
Success
. If the installation was not successful, go to Troubleshooting Microgateway CNI Helm test for troubleshooting. - Disable the
helm test
deployment afterward.
Environment preset values
Different environment preset values (e.g., gke-values.yaml
and openshift-values.yaml
) are available on GitHub. These values have been tested in our installation environments. The default presets may need to be adapted to meet the requirements of your setup.
The values can be applied during installation using -f <values-name>.yaml
directly from GitHub or a local source.
For installation in OpenShift environments, see article OpenShift.
Install the Airlock Microgateway Operator
In order to complete the Airlock Microgateway Operator installation and to run the below helm test
successfully, you need to deploy a valid license. See article Licensing and license-dependent behavior for more information.
- Create the
airlock-microgateway-system
namespace - Store the license in the Microgateway Operator namespace, in a Kubernetes secret with the name
airlock-microgateway-license
and the keymicrogateway-license.txt
. Use the following command: - Adapt and run the following command with the current Airlock Microgateway Operator Helm chart version. This will install
airlock-microgateway
in theairlock-microgateway-system
namespace. - Verify that the Airlock Microgateway Operator started successfully:
- Verify the correctness of the installation with
helm test
. - Check the log messages.
- On successful installation, the logs should show the following message:
### Installation of 'airlock-microgateway' succeeded
. If the installation was not successful, go to Troubleshooting Microgateway Operator Helm test for troubleshooting. - Disable the
helm test
deployment afterward.
During installation, the installation status is echoed – i.e., the preliminary cleanup task and scaling the test installation to only 1 replica (to ensure no pods from previous runs are present).
What's next
- After deploying the Airlock Microgateway Operator in your Cluster, the following steps are required:
- Configure/change the Airlock Microgateway license. See article Licensing and license-dependent behavior.
- Annotate the web application Pods to protect as explained in Labels and annotations for Airlock Microgateway.
- Create the
CustomResources
to configure the Airlock Microgateway as outlined in Configuration.