Looking for the old docs site? You can still view it for a limited time here.

Ingress and Security

All external access to Fusion services should be routed through the Fusion proxy service, which serves as an API gateway and provides authentication and authorization. The most common approach is to set up a Kubernetes Ingress that routes requests to Fusion services to the proxy service as shown in the example ingress definition below. Moreover, it is also common to do TLS termination at the Ingress so that all traffic to/from the K8s cluster is encrypted but internal requests happen over unencrypted HTTP.

apiVersion: v1
items:
- apiVersion: extensions/v1beta1
  kind: Ingress
  metadata:
    annotations:
      ...
    labels:
      ...
    name: <RELEASE>-api-gateway
    namespace: <NAMESPACE>
  spec:
    rules:
    - host: <HOSTNAME>
      http:
        paths:
        - backend:
            serviceName: proxy
            servicePort: 6764
          path: "/*"
    tls:
    - hosts:
      - <HOSTNAME>
      secretName: <RELEASE>-api-gateway-tls-secret
  status:
    loadBalancer:
      ingress:
      - ip: <SOME_IP>

If running on GKE or AKS, the setup scripts in the fusion-cloud-native repo provide the option to create the Ingress and TLS cert (using Let’s Encrypt). Otherwise, refer your specific K8s provider’s documentation on creating an Ingress and TLS certificate.