Skip to main content
Fusion is comprised of microservices that drive features and functionality within a deployment. The services running in your deployment depend on the version of Fusion and the features you have enabled.

Get deployment details

You can view your deployment details using kubectl.
  1. First, verify that you have access to your cluster, replacing the example values with your parameters. This example is for a Fusion instance deployed using GKE. 
    gcloud container clusters get-credentials EXAMPLE-CLUSTER --region EXAMPLE-REGION --project EXAMPLE-PROJECT
  2. Get the ports and services: 
    kubectl get svc -n EXAMPLE-NAME
  3. Get the StatefulSets: 
    kubectl get statefulsets -n EXAMPLE-NAME
  4. Get the deployments: 
    kubectl get deploy -n EXAMPLE-NAME

Overview

The table below lists the Fusion microservices deployed by the Helm chart. It also include Kubernetes services that manage traffic to microservices.
Fusion is a complex distributed application composed of many stateful and stateless services designed to support demanding search-oriented workloads at high scale.
For Docker image versions associated with microservices, see the list of Docker images and versions for each Fusion release.

Microservices

Below is a list of microservices used in Fusion 5.9.x.
MicroserviceRequired for FusionProtocolDeployment or StatefulSetNode Pool AssignmentAutoscaling SupportedDescription
adminYesREST/HTTPDeploymentsystemNot required. Minimum of 1, but 2 pods are recommended for high availability.Exposes endpoints for admin tasks, such as creating applications and running jobs.
admin-uiNoWebDeploymentsystemNot required. One pod is enough for most clusters.Serves static Web assets for the admin UI.
apps-managerYesREST/HTTPDeploymentanalytics or systemNot required. One pod is enough for most clusters.Tracks Fusion entitlement license and consumption.
async-parserNoREST/HTTPDeploymentsystem or analyticsYes (CPU or custom metric).Manages parsers and sends documents to be parsed asynchronously.
auth-uiNoWebDeploymentsystemNot required. One pod is enough for most clusters.Serves static Web assets for the login form.
connector-plugin-<connector_plugin>NoHTTP/TCPDeploymentanalytics or systemYes (CPU or custom metric).Deployment for each connector plugin type. Note: There is a base deployment, connector-plugin with 0 replicas. This is used as a deployment template for each connector plugin type. It should not be deleted or scaled.
connectorsNoREST/HTTPDeploymentanalytics or systemNot required. One pod is enough for most clusters.Routes REST API requests to connectors-classic and connectors-rpc.
connectors-backendNogRPCDeploymentanalytics or systemYes (CPU or custom metric).gRPC service for managing SDK-based connector plugins.
connectors-classicNoREST/HTTPStatefulSetanalytics or systemNot supported.REST service for supporting non-RPC connector plugins. This microservice was previously named classic-rest-service.
{fusion-namespace}-argoNoHTTPDeploymentsystemYes (CPU or custom metric).Orchestrates parallel jobs on Kubernetes.
{fusion-namespace}-argo-argo-uiNoWebDeploymentsystemNot required. One pod is enough for most clusters.Stores logs and prior Argo workflow runs.
{fusion-namespace}-kafkaYesHTTPStatefulSetsystemRequired. One pod is enough for most clusters.Contains incoming data for Solr.
{fusion-namespace}-kafka-headlessYesHTTPStatefulSetsystemRequired. One pod is enough for most clusters.Contains incoming data for Solr.
{fusion-namespace}-ml-model-service-ambassadorNoWebDeploymentsystemNot required. Minimum of 1, but 2 pods are recommended for high availability.Load balancing and proxy for Seldon Core deployments.
{fusion-namespace}-ml-model-service-mysqlNoWebDeploymentsystemNot required. Minimum of 1, but 2 pods are recommended for high availability.Handles metadata for Milvus service.
{fusion-namespace}-solr-headlessYesHTTPStatefulSetAt least 3 nodes in search, 2 in analytics, and 2 in systemYes (CPU or custom metric).Search engine.
{fusion-namespace}-solr-svcYesHTTPStatefulSetAt least 3 nodes in search, 2 in analytics, and 2 in systemYes (CPU or custom metric).Search engine.
{fusion-namespace}-zookeeperYesTCPStatefulSetsystemNot required. You need to run 1, 3, or 5 ZooKeeper pods to keep quorum. Do not use HPA for scaling ZooKeeper.Stores centralized configuration and performs distributed coordination tasks.
{fusion-namespace}-zookeeper-headlessYesTCPStatefulSetsystemNo. You need to run 1, 3, or 5 ZooKeeper pods to keep quorum. Do not use HPA for scaling ZooKeeper.Stores centralized configuration and performs distributed coordination tasks.
indexingYesREST/HTTPDeploymentsearch or analytics depending on write-volumeYes (CPU or custom metric).Processes indexing requests.
insightsNoWebDeploymentsystemNot required. One pod is enough for most clusters.Serves the App Insights UI.
job-configYesREST/HTTPDeploymentsystemYes, but not usually required. One pod is enough for most clusters.Manages job configurations and histories. Added in Fusion 5.9.11.
job-launcherNoREST/HTTPDeploymentanalyticsNot required. One pod is enough for most clusters.Configures and launches the Spark driver pod for running Spark jobs.
job-rest-serverNoREST/HTTPDeploymentanalyticsNot required. One pod is enough for most clusters.Performs admin tasks for creating and running Spark jobs.
kuberay-operatorNoHTTPDeployment-Not required. One pod is enough for most clusters.Manages Ray deployments and jobs (in Fusion 5.9.12 and later).
milvusNoREST/HTTPDeploymentanalytics or systemNot required. One pod is enough for most clusters.Dense Vector Search Engine for ML models active.
ml-model-grpcNoREST/HTTP and gRPCDeploymentsearchYes (CPU or custom metric).Exposes gRPC endpoints for generating predictions from ML models.
ml-model-serviceNoREST/HTTP and gRPCDeploymentsearchYes (CPU or custom metric).Exposes gRPC endpoints for generating predictions from ML models.
pm-uiNoWebDeploymentsystemNot required. One pod is enough for most clusters.Serves static Web assets for the Predictive Merchandiser app.
proxy / api-gatewayYesHTTPDeploymentsearchNot required. Minimum of 1, but 2 pods are recommended for high availability.Performs authentication, authorization, and traffic routing.
queryYesREST/HTTPDeploymentsearchYes (CPU or custom metric).Processes query requests.
rules-uiNoWebDeploymentsystemNot required. One pod is enough for most clusters.Serves static Web assets for the Rules UI.
seldon-webhook-serviceNoWebDeploymentsystemNot required. One pod is enough for most clusters.Maintains Seldon Core deployments for ML model serving active.
templatingNoWebDeploymentsystemNot required. One pod is enough for most clusters.Retrieves and renders Predictive Merchandiser templates.
webappsNoREST/HTTPDeploymentsystemNot required. One pod is enough for most clusters.Serves App Studio-based Web apps.

Ports used by Fusion

Below you will find the list of pod ports for intra-cluster communications.
ServicePort
admin8765
admin-ui8080
apps-manager9025
async-parsing9005
argo-argo-ui2746
auth-ui8080
connector-plugin9020, 5701
connectors9010
connectors-backend8771
connectors-classic9000
{fusion-namespace}-argo-argo-ui2746
{fusion-namespace}-kafka9092, 9093
{fusion-namespace}-kafka-headless9092, 9093
{fusion-namespace}-ml-model-service-ambassador80, 443
{fusion-namespace}-ml-model-service-mysql3306
{fusion-namespace}-reverse-search-headless8983
{fusion-namespace}-reverse-search-svc8983
{fusion-namespace}-solr-headless8983
{fusion-namespace}-solr-svc8983
{fusion-namespace}-zookeeper2181, 2281
{fusion-namespace}-zookeeper-headless2181, 3888, 2888, 2281
indexing8765
insights8080
job-launcher8083
job-rest-server8081
milvus19530, 19121
ml-model-grpc6565
ml-model-service8086
pm-ui8080
proxy6764
query8787
rules-ui8080
seldon-webhook-service443
templating5250
webapps8780

Standardized component logging using structured JSON format

In Fusion 5.9.14 and later, some Fusion services can log in structured JSON format instead of plaintext (Log4j-style) output. This improves compatibility with monitoring tools and log aggregation systems by making logs easier to parse, filter, and analyze. JSON logging is supported for the following services:
  • admin
  • apps-manager
  • connectors
  • connectors-backend
  • connectors-classic
  • distributed-compute (job-launcher, job-rest-server)
  • indexing
  • job-config
  • ml-model-service (including kuberay-operator, seldon-webhook-service)
  • proxy / api-gateway
  • query
  • solr
  • templating
  • webapps
JSON logging is off by default. To enable it, you can set jsonOutput: true globally or for specific services in the values.yaml configuration file. This update does not affect log formats in the following services:
  • admin-ui
  • auth-ui
  • insights
  • pm-ui
  • rules-ui
  • argo
  • kafka
  • spark
  • zookeeper

Transport Layer Security (TLS)

In Fusion release 5.9.2, Fusion microservices can be Enable Transport Layer Security (TLS) for Fusion Microservices.
This feature is only available in Fusion releases 5.9.x starting with 5.9.2.
This article describes how to deploy Fusion with Transport Layer Security (TLS) enabled for Fusion microservices.When enabled, Fusion generates a TLS certificate for each pod when the pod starts. This allows Fusion to use the Kubernetes endpoints API to reach each pod by its IP address and perform load balancing, circuit breaking, and retries in the Fusion microservices.In order to facilitate the TLS operations, Fusion utilizes Jetstack’s **cert-manager** add-on to provision a certificate for each pod. This certificate contains the pods’ IP address.
It is not possible to update an existing cluster enable or disable TLS. These instructions apply to new deployments only.

Install Jetstack cert-manager

  1. Add the Jetstack helm repo. 
    helm repo add jetstack https://charts.jetstack.io
  2. Update the local cache. 
    helm repo update
  3. Create the CRDs required for Jetstack. For Jetstack v1.12.4: 
    kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.12.4/cert-manager.crds.yaml
    For Jetstack v1.13.1: 
    kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.1/cert-manager.crds.yaml
  4. Create the namespace for cert-manager. 
    kubectl create namespace "cert-manager"
  5. Install cert-manager into the namespace.
ForJetstack v1.12.4:
helm upgrade --install --namespace "cert-manager" cert-manager jetstack/cert-manager --version 1.12.4 --set 'extraArgs[0]=--enable-certificate-owner-ref=true'
For Jetstack v1.13.1:
helm upgrade --install --namespace "cert-manager" cert-manager jetstack/cert-manager --version 1.13.1 --set 'extraArgs[0]=--enable-certificate-owner-ref=true'
You must only complete this process once per Fusion cluster. All namespaces in the cluster are affected by this process.

Prepare the namespace for Fusion

  1. Create the namespace to install Fusion into. 
    kubectl create namespace ${KUBE_NAMESPACE}
  2. Create the Root CA certificate for the namespace that will be used to sign all certificates in the namespace. 
    cat  <<EOF | cfssl genkey -initca - | cfssljson -bare ca
{
    "hosts": [
    ],
    "key": {
        "algo": "rsa",
        "size": 4096
    },
    "names": [
        {
            "C":  "US",
            "L":  "San Francisco",
            "O":  "Lucidworks",
            "OU": "Engineering",
            "ST": "California"
        }
    ]
}
EOF

kubectl --namespace "${KUBE_NAMESPACE}" create secret generic cert-manager-ca --from-literal=tls.crt="$(cat ca.pem)" --from-literal=tls.key="$(cat ca-key.pem)"
  3. Create a cert-manager issuer to sign CSRs in the namespace. For Jetstack v1.12.4: 
    cat  > ca-issuer.yaml <<EOF
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: ${KUBE_NAMESPACE}-ca-issuer
spec:
  ca:
    secretName: cert-manager-ca
EOF
kubectl --namespace "${KUBE_NAMESPACE}" apply -f ca-issuer.yaml
    For Jetstack v1.13.1: 
    cat  > ca-issuer.yaml <<EOF
apiVersion: cert-manager.io/v1alpha2
kind: Issuer
metadata:
  name: ${KUBE_NAMESPACE}-ca-issuer
spec:
  ca:
    secretName: cert-manager-ca
EOF
kubectl --namespace "${KUBE_NAMESPACE}" apply -f ca-issuer.yaml
  4. Install Fusion with the following parameters: 
    helm install... --set global.tlsEnabled=true --set global.tlsIssuerRef=${KUBE_NAMESPACE}-ca-issuer --set global.zkPort=2281 --set global.kafkaPort=9092 --set kafka.auth.clientProtocol=tls --set global.zkReplicaCount=3
Be sure to include the flags --set global.zkReplicaCount=3 and --set kafka.auth.clientProtocol=tls or Kafka can enter a crash loop state.
When enabled, Fusion generates a TLS certificate for each pod when the pod starts. This allows Fusion to use the Kubernetes endpoints API to reach each pod by its IP address and perform load balancing, circuit breaking, and retries in the Fusion microservices.
I