Kubernetes

To use Airlock Microgateway in your Kubernetes cluster, follow this guide to deploy the Airlock Microgateway Operator and its resources.

• To use Airlock Microgateway, a valid license is required. Airlock Microgateway is available in a Premium and a free Community edition. To request and configure/change a license, see the article Licensing and license-dependent behavior.
• Deploy the cert-manager in your Kubernetes cluster.

For an easy start in non-production environments, you may deploy the same cert-manager we use for internal testing. Note that the files provided are not intended for production use! Consult the manual for productive environments (Kubernetes) Install cert-manager.

copy

# Deploy the cert-manager
kubectl apply -k "https://github.com/airlock/microgateway/examples/utilities/cert-manager/?ref=4.2.2"

# Wait for the cert-manager to be up and running
kubectl -n cert-manager wait --for=condition=ready --timeout=600s pod -l app.kubernetes.io/instance=cert-manager

Install the CNI DaemonSet and required RBAC (Role Based Access Control) manifests with helm.

1. Adapt and run the following command with the current CNI Helm chart version.
copy



helm install airlock-microgateway-cni -n kube-system oci://quay.io/airlockcharts/microgateway-cni --version 4.2.2

2. Wait for the Airlock Microgateway CNI DaemonSet to be up and running.
copy



kubectl -n kube-system rollout status daemonset -l app.kubernetes.io/instance=airlock-microgateway-cni

3. Verify the correctness of the installation with helm test.
copy



helm upgrade airlock-microgateway-cni -n kube-system oci://quay.io/airlockcharts/microgateway-cni --set tests.enabled=true --reuse-values --version 4.2.2

4. Check the log messages.
copy



helm test airlock-microgateway-cni -n kube-system --logs

5. On successful installation, the logs should show the message Success. If the installation was not successful, go to Troubleshooting Microgateway CNI Helm test for troubleshooting.
6. Disable the helm test deployment afterward.
copy



helm upgrade airlock-microgateway-cni -n kube-system  oci://quay.io/airlockcharts/microgateway-cni --set tests.enabled=false --reuse-values --version 4.2.2

Environment preset values

Different environment preset values (e.g., gke-values.yaml and openshift-values.yaml) are available on GitHub. These values have been tested in our installation environments. The default presets may need to be adapted to meet the requirements of your setup.

The values can be applied during installation using -f <values-name>.yaml directly from GitHub or a local source.
For installation in OpenShift environments, see article OpenShift.

In order to complete the Airlock Microgateway Operator installation and to run the below helm test successfully, you need to deploy a valid license. See article Licensing and license-dependent behavior for more information.

1. Create the airlock-microgateway-system namespace
copy



kubectl create namespace airlock-microgateway-system

2. Store the license in the Microgateway Operator namespace, in a Kubernetes secret with the name airlock-microgateway-license and the key microgateway-license.txt. Use the following command:
copy



kubectl -n airlock-microgateway-system create secret generic airlock-microgateway-license  
--from-file=microgateway-license.txt=<my-local-microgateway-license.txt>

3. Adapt and run the following command with the current Airlock Microgateway Operator Helm chart version. This will install airlock-microgateway in the airlock-microgateway-system namespace.
copy



helm install -n airlock-microgateway-system airlock-microgateway oci://quay.io/airlockcharts/microgateway --wait --version 4.2.2

4. Verify that the Airlock Microgateway Operator started successfully:
copy



kubectl -n airlock-microgateway-system wait --for=condition=Available deployments --all --timeout=3m

5. Verify the correctness of the installation with helm test.
copy



helm upgrade airlock-microgateway -n airlock-microgateway-system oci://quay.io/airlockcharts/microgateway --set tests.enabled=true --reuse-values --version 4.2.2

6. Check the log messages.
copy



helm test airlock-microgateway -n airlock-microgateway-system --logs

During installation, the installation status is echoed – i.e., the preliminary cleanup task and scaling the test installation to only 1 replica (to ensure no pods from previous runs are present).

7. On successful installation, the logs should show the following message: ### Installation of 'airlock-microgateway' succeeded. If the installation was not successful, go to Troubleshooting Microgateway Operator Helm test for troubleshooting.
8. Disable the helm test deployment afterward.
copy



helm upgrade airlock-microgateway -n airlock-microgateway-system oci://quay.io/airlockcharts/microgateway --set tests.enabled=false --reuse-values --version 4.2.2

0. After deploying the Airlock Microgateway Operator in your Cluster, the following steps are required:
1. Configure/change the Airlock Microgateway license. See article Licensing and license-dependent behavior.
2. Annotate the web application Pods to protect as explained in Labels and annotations for Airlock Microgateway.
3. Create the CustomResources to configure the Airlock Microgateway as outlined in Configuration.

• Internal links:
• Licensing and license-dependent behavior
• Troubleshooting Microgateway CNI Helm test
• Labels and annotations for Airlock Microgateway
• Microgateway CNI
• Configuration