SidecarGateway is the link between the protected application and Airlock Microgateway. It specifies the configuration of the Airlock Microgateway Engine injected into the application Pod including configuration options for topics like TLS and HTTP, remote IP identification and request normalization. Additional CRs cover different aspects of web application security are referenced.
If references are not explicitly configured, default settings designed to work with most upstream services will be applied.
- List of referenceable CRs:
- CR AccessControl
- CR ContentSecurity
- CR EnvoyHTTPFilter
- CR EnvoyCluster
- CR Telemetry
- CR SessionHandling
Without a Custom Resource SidecarGateway
referring to a Pod, the Microgateway Engine does not forward any traffic to the upstream application. This results in Connection Refused
errors on access.
The status of referenced CRs (including nested CRs) is available via CR SidecarGateway
status - missing references are reported with further information in the form of a message and a reason. This helps to find problems and solve them quickly.