Configuration and monitoring of licenses

To use Airlock Microgateway, a valid license is required. Airlock Microgateway is available in a Premium and a free Community edition. The available editions are compared in the article Airlock Microgateway license editions.

Configure and change the license

  1. Store the license in the Microgateway Operator namespace, in a Kubernetes secret with the name airlock-microgateway-license and the key microgateway-license.txt. Use the following command:
    2. copy
    kubectl -n airlock-microgateway-system create secret generic airlock-microgateway-license  
--from-file=microgateway-license.txt=<my-local-microgateway-license.txt>
  2. To change a license (e.g. when upgrading from Community to Premium), use kubectl apply to apply the new license to the airlock-microgateway-license secret in the airlock-microgateway-system namespace.

There is no need to restart the Airlock Microgateway Operator. Kubernetes Secrets are updated at intervals of about one minute. Wait for the new license to become active.

Monitor license information with metrics and logs

Apart from the Community edition license, you should always order a Premium edition license that covers your (calendar-based) monthly request count.
We have implemented a set of license-related metrics. Use them to monitor if your current Airlock Microgateway license is still sufficient and to update/change your license in time.

  • Metrics:
  • License-related metrics with explanations are listed below in this article.

For a detailed list of available metrics with a short description, see available metrics in Prometheus format.

  • Operator logs:
  • License information on a daily base for
    • license expiration due date,
    • on expired license,
    • when license is missing or invalid.
  • License details at every start of the Microgateway Operator or after license exchange/upgrade.

Behavior with invalid or expired licenses

Licenses are treated either as valid, invalid or expired. Differences between invalid and expired licenses are shown in the following table.

  • Corresponding metrics:
  • microgateway_license_valid
  • microgateway_license_expiry_timestamp_seconds

License validity

Definition and behavior

Valid license

  • Definition:
  • Valid (metric microgateway_license_valid = 1) Community or Premium edition license.
  • Microgateway Engine behavior:
  • Traffic is secured according to the configuration of the Airlock Microgateway Engine and the kind and scope of the license.

Invalid license

  • Definition:
  • Missing or invalid signed license (metric microgateway_license_valid = 0).
  • Microgateway Engine behavior:
  • All traffic is blocked.

Expired license

  • Definition
  • The license is expired (metric microgateway_license_valid = 0) as soon as the license expiry timestamp metric value is reached.
  • Microgateway Engine behavior:
  • Pods created before the license expiry timestamp run normally.
  • Pods created after the license expiry timestamp block all traffic.
  • Operator and Pods are not affected by the license status:
  • The Airlock Microgateway Operator runs normally for sidecar-based and sidecarless installations.
  • For sidecar-based installations, the Airlock Microgateway Operator​ injects the Microgateway Engine sidecar container into Pods based on labels. Therefore, only labeled Pods are affected. See list of Annotations for the Microgateway Operator.

Monitor the licensed throughput

The Airlock Microgateway premium license model is trust-based and applies to calendar-based monthly request rates and you should upgrade your license if the number of requests exceeds the licensed count. To monitor the requests per calendar month, follow our example Prometheus request configuration and set up a Grafana licensing dashboard or similar.
Note that monitoring the throughput of a Community Edition license is unnecessary, as this edition has a hard limit.

Due to the default Prometheus storage retention, licensing information might get lost. Therefore, we recommend setting up a dedicated Prometheus deployment with a higher storage retention for license monitoring or other Microgateway metrics.

Prometheus query examples

For total request count monitoring, the metric microgateway_license_http_rq_total is available.

Example A – standard query

The following Prometheus query will generate smoothed-out metrics over 30 days. This can be useful for a quick visualization using /graph, the built-in Prometheus expression browser:

round(sum(increase(microgateway_license_http_rq_total[30d:15s])))

Example B – refined query for Grafana usage

As Airlock Microgateway licensing is based on a calendar month, you could use the following Prometheus query to allow for This month and Previous month filtering in Grafana:

round(sum(increase(microgateway_license_http_rq_total[$__range:15s])))

How to interpret a Grafana licensing dashboard view

Interpreting the metrics to check the licensing situation with a Grafana dashboard is easy if you add a threshold line according to the licensed throughput.

  1. Prepare a Grafana dashboard:
  2. Find out the licensed requests limit per month count. For this, either check your premium license order or read out the metric value:
    3. copy
    microgateway_license_max_rq_count_per_month
  3. Configure an absolute threshold line based on the request limit as described in the Grafana thresholds documentation.
  4. Add the refined Grafana query from Example B:
    5. round(sum(increase(microgateway_license_http_rq_total[$__range:15s])))
  5. Adjust the Grafana Query options, e.g., to 1M/M to visualize the request counts for the last and current calendar month. For more information see Grafana query option documentation.
  6. Whenever the monthly request count in the chart is below the threshold line, the Airlock Microgateway license is sufficient.