Requirements and limitations

Ensure the following requirements are met in order to run Airlock Microgateway successfully. Note that in addition to the following requirements, a valid license is required to operate Airlock Microgateway.

Platform requirements

Airlock Microgateway runs on Kubernetes version >= 1.25 and Istio >= 1.14.5. To ensure compatibility, we run automated tests with the following Kubernetes distributions:

Kubernetes distribution

Version

Description

Google Kubernetes Engine

1.25

Anthos Service Mesh on Google Kubernetes Engine

1.15.7-asm.8

Istio version 1.15.7

OpenShift

4.12.13

Red Hat OpenShift Service Mesh

2.3.3

Istio version 1.14.5

K3s

1.25

Kubernetes resource requirements

The Airlock Microgateway default installation defines the following Kubernetes resource requirements:

Deployment / DaemonSet

Airlock Microgateway container image

Kubernetes resource

CPU

Memory

airlock-microgateway-operator

Airlock Microgateway Operator

requests

not set

not set

limits

not set

not set

Protected web application

Airlock Network Validator
(init Container)

requests

not set

not set

limits

not set

not set

Airlock Microgateway Engine
(Sidecar container)

requests

not set

not set

limits

not set

not set

Airlock Microgateway Session Agent
(Sidecar container)

requests

not set

not set

limits

not set

not set

airlock-microgateway-cni

Airlock Microgateway CNI

requests

10m

100Mi

limits

not set

not set

Network communication

The following network communication is required:

From Pod

To service

To namespace

To port

To protocol

Protected web application Pod

airlock-microgateway-operator-xds

airlock-microgateway-system

13377

TCP

Additional components

Airlock Microgateway requires the following components to run:

Component

Tested version

Description

cert-manager

1.11.0

The cert-manager is required to secure the connection between Kubernetes API server to the Microgateway Operator Webhook.

To install the cert-manager, follow the manual: installation of the cert-manager

Limitations

  • Mixing different versions like Airlock Microgateway Operator in version 4.x and Microgateway Engine in version 4.y is not supported.
  • WebSocket support is limited to HTTP/1.1.