TitelTable of contents1. Airlock Secure Access Hub2. About this document2.1. How information is structured in this manual2.2. Leveled prerequisites2.3. Warning tiers in this document2.4. Additional panel types2.5. Advanced Lucene searches within this online help3. About Airlock Microgateway3.1. Airlock Microgateway license editions and support3.2. Release and support information3.3. Incubating features in Airlock Microgateway3.4. Online labs4. How to establish security controls4.1. Empower your counterpart4.1.1. Blueprints4.1.2. Templates4.1.3. Enforce policies4.1.4. Assess the active configuration4.1.5. Monitor and analyze4.1.6. Education and guidelines4.1.7. Establish GitOps principles4.1.8. Staging5. System architectures5.1. Architecture of sidecar-based Airlock Microgateway deployments5.1.1. Sidecar-based Kubernetes cluster without a service mesh5.1.2. Sidecar-based Kubernetes cluster with an Istio service mesh5.1.3. Sidecar-based Kubernetes cluster with Cilium5.1.4. Sidecar-based installation mode types5.2. Architecture of K8s Gateway API-based sidecarless Airlock Microgateway deployments5.2.1. Sidecarless Kubernetes cluster without a service mesh5.2.2. Sidecar-based Installation mode types6. Getting started – installation and follow-ups7. Requirements and limitations8. Container image repositories and registries8.1. Verify the image signature8.2. Using a custom image registry9. Installation, upgrade, and uninstallation instructions9.1. Sidecar-based Microgateway installation, upgrade, and uninstallation instructions9.1.1. Installation in Kubernetes9.1.2. Installation in OpenShift9.1.3. Installation in Kubernetes or OpenShift with Istio Service Mesh9.1.4. Installation in Kubernetes cluster with Cilium9.1.5. Uninstallation and upgrade instructions9.2. Sidecarless K8s Gateway API-based Microgateway installation, upgrade, and uninstallation instructions9.2.1. Installation in Kubernetes9.2.2. Uninstallation and upgrade instructions10. Configuration10.1. Sidecar-based Microgateway configuration10.1.1. Microgateway Operator10.1.2. Microgateway CNI10.1.3. Microgateway Engine sidecar injection and configuration10.1.4. Microgateway Session Agent10.1.5. Labels and annotations for Airlock Microgateway in sidecar-based data plane mode10.2. Sidecarless K8s Gateway API-based Microgateway configuration10.2.1. Airlock Microgateway configuration with K8s Gateway API10.3. Custom Resource Definitions10.3.1. CR AccessControl10.3.2. CR ContentSecurity10.3.3. CR ContentSecurityPolicy10.3.4. CR DenyRules10.3.5. CR EnvoyCluster10.3.6. CR EnvoyConfiguration10.3.7. CR EnvoyHTTPFilter10.3.8. CR GraphQL10.3.9. CR HeaderRewrites10.3.10. CR IdentityPropagation10.3.11. CR JWKS10.3.12. CR Limits10.3.13. CR OIDCProvider10.3.14. CR OIDCRelyingParty10.3.15. CR OpenAPI10.3.16. CR Parser10.3.17. CR RedisProvider10.3.18. CR SessionHandling10.3.19. CR SidecarGateway10.3.20. CR Telemetry11. Operation11.1. Configuration and monitoring of licenses11.1.1. Monitor the licensed throughput11.2. Reducing false-positive blocks11.3. Logging configuration and output formatting11.4. Grafana dashboards for metric and log visualization11.5. Using Microgateway Prometheus metrics12. Tooling12.1. Completion, validation and tooltips in Visual Studio Code13. Troubleshooting and support13.1. Pod is not ready13.2. List Pods with SidecarGateway selectors13.3. Listing the SidecarGateway status13.4. Envoy Admininistration interface13.5. Inspect the Envoy configuration13.6. Several SidecarGateway CRs point to the same Pod13.7. Troubleshooting Microgateway CNI Helm test13.8. Troubleshooting Microgateway Operator Helm test13.9. Troubleshooting for network routing issues in the application pod13.9.1. Network Validator sanity check13.10. HTTP protocol selection13.11. Debugging with additional Envoy filters14. Reference documentation14.1. Airlock Microgateway API reference documentation14.2. Available metrics in Prometheus format14.3. Access log field reference14.4. License texts