Microgateway CNI
The Microgateway CNI DaemonSet should be installed in the kube-system Namespace. This should be done using our CNI Helm chart. See Installation related articles for environment-depending installation.
The CNI Helm chart also installs a ServiceAccount with the ClusterRole, ClusterRoleBinding and a ConfigMap.
OpenShift requires to install Role and RoleBinding used for SCC and a NetworkAttachmentDefinition and adapting the k8s.v1.cni.cncf.io/networks annotation to allow the CNI plugin to work together with OpenShift Multus as described in section What's next.
After the installation, the airlock-microgateway-cni DaemonSet is installed in the kube-system Namespace and will deploy one Microgateway CNI plugin to every Node. Once a Microgateway CNI plugin is installed on a Node, it handles the network configuration inside containers with Microgateway Engine Pods every time an Engine is created.
Customizing the installation
The default installation values like the image registry and image name can be looked up and modified to your needs in the values.yaml file of the CNI Helm chart. For detailed information about the default configuration values and their meanings, see the explanations in the values.yaml file.
You can find the Airlock Microgateway Helm charts here:
- Ensure that the replaced Airlock Microgateway images are always specified in the Kubernetes manifest files with a tag and a digest.
Further information and links
Internal links:
- For CNI plugin installation, see
- Network routing issues
- System architecture
- Using a custom image registry