Install and Upgrade in Kubernetes

The instructions below cover the required steps to install and upgrade the Airlock Microgateway Operator in Kubernetes.

Prerequisites

A valid license is required unless Airlock Microgateway is used in the Community Edition. If you want to try premium features without contacting a sales partner, you can request an evaluation license. The available editions are compared in Editions.

Either request an evaluation or premium license

  1. Request an evaluation license
    A license will be sent automatically within minutes.
  2. Request a premium license
    Your sales partner will contact you for licensing.

Install

Deploy Kubernetes Gateway API CRDs

Airlock Microgateway requires the Kubernetes Gateway API CRDs. To use incubating features, install the experimental channel. Otherwise the standard channel.

Standard channel:

 
Terminal box
kubectl apply --server-side -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.6.0/standard-install.yaml

Experimental channel:

 
Terminal box
kubectl apply --server-side -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.6.0/experimental-install.yaml
 
Info

More details, including release notes and upgrade information, can be found in the official Kubernetes Gateway API installation documentation.

Deploy Airlock Microgateway license

If you use the Community Edition, you can skip license deployment.

  1. Create the airlock-microgateway-system namespace.
  2.  
    Terminal box
    kubectl create namespace airlock-microgateway-system
  3.  
    Terminal box
    kubectl create secret generic airlock-microgateway-license \
      -n airlock-microgateway-system \
      --from-file=microgateway-license.txt=<path-to-your-local-microgateway-license.txt>
 
Notice

For more details about license monitoring, consider the article Monitor Microgateway Licenses.

Deploy Airlock Microgateway Operator

  1. CRDs are included via the standard Helm 3 mechanism, i.e. Helm will handle initial installation but not upgrades.
  2.  
    Terminal box
    helm install airlock-microgateway \
      oci://quay.io/airlockcharts/microgateway \
      --version 5.1.0 \
      -n airlock-microgateway-system \
      --wait
  3. The logs should show the message Thank you for installing Airlock Microgateway​. ... including further information on successful installation.

What's next

  1. Gateway Deployment
    Deploy the gateway either as an Ingress or as an in-cluster Gateway.
  2. Session Handling
    Enable session handling to persist session information and correlate requests with a session ID. This is a prerequisite for OIDC-based authentication.
  3. Configuration Guides
    Learn how to use Airlock Microgateway for other typical scenarios such as request routing, request filtering or authentication enforcement.

Upgrade

The following upgrade instructions aim to upgrade running deployments to a newer version of Airlock Microgateway without interruption of service.

 
Notice
  • The upgrade instructions may not apply to breaking release upgrades of Airlock Microgateway. Refer to the release notes published on GitHub.
  • Do not add the --reuse-values flag to the helm upgrade command when upgrading to a different version of Airlock Microgateway/Helm charts. The flag would prevent updating some required settings and changes.
  1. For information on what to consider when upgrading the Gateway API CRDs, follow the instructions in the section Upgrading to a new version of the official CRD Management Guide of the Gateway API. In most cases, the upgrade can be performed using one of the following commands, depending on the Kubernetes Gateway API channel you have installed.
  2. Standard channel:

  3.  
    Terminal box
    kubectl apply --server-side -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.6.0/standard-install.yaml
  4. Experimental channel:

  5.  
    Terminal box
    kubectl apply --server-side -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.6.0/experimental-install.yaml
  6. Upgrade the Airlock Microgateway CRDs.
  7.  
    Terminal box
    kubectl apply -k https://github.com/airlock/microgateway/deploy/charts/airlock-microgateway/crds/?ref=5.1.0 \
      --server-side \
      --force-conflicts
  8. Upgrade the Microgateway Operator.
  9.  
    Terminal box
    helm upgrade airlock-microgateway \
      oci://quay.io/airlockcharts/microgateway \
      --version '5.1.0' \
      -n airlock-microgateway-system
  10. You can verify the current Pod status by checking the version label.