Ensure the following requirements are met in order to run Airlock Microgateway successfully. Note that in addition to the following requirements, a valid license is required to operate Airlock Microgateway.
Platform requirements
Airlock Microgateway runs on Kubernetes version >= 1.25
and Istio >= 1.14.5
. To ensure compatibility, we run automated tests with the following Kubernetes distributions:
Kubernetes distribution | Version | Description |
---|---|---|
Google Kubernetes Engine | 1.25 | |
Anthos Service Mesh on Google Kubernetes Engine | 1.15.7-asm.8 | Istio version 1.15.7 |
OpenShift | 4.12.13 | |
Red Hat OpenShift Service Mesh | 2.3.3 | Istio version 1.14.5 |
K3s | 1.25 |
Kubernetes resource requirements
The Airlock Microgateway default installation defines the following Kubernetes resource requirements:
Deployment / DaemonSet | Airlock Microgateway container image | Kubernetes resource | CPU | Memory |
---|---|---|---|---|
| Airlock Microgateway Operator | requests |
|
|
limits |
|
| ||
Protected web application | Airlock Network Validator | requests |
|
|
limits |
|
| ||
Airlock Microgateway Engine | requests |
|
| |
limits |
|
| ||
Airlock Microgateway Session Agent | requests |
|
| |
limits |
|
| ||
| Airlock Microgateway CNI | requests |
|
|
limits |
|
|
Network communication
The following network communication is required:
From Pod | To service | To namespace | To port | To protocol |
---|---|---|---|---|
Protected web application Pod |
|
|
|
|
Additional components
Airlock Microgateway requires the following components to run:
Component | Tested version | Description |
---|---|---|
cert-manager | 1.11.0 | The cert-manager is required to secure the connection between Kubernetes API server to the Microgateway Operator Webhook. To install the cert-manager, follow the manual: installation of the cert-manager |
Limitations
- Mixing different versions like Airlock Microgateway Operator in version 4.x and Microgateway Engine in version 4.y is not supported.
- WebSocket support is limited to HTTP/1.1.
Further information and links
- Internal links:
- Configuration and monitoring of licenses
- External links:
- (Kubernetes) Resource Management for Pods and Containers