Legacy Product

Fusion 5.10
    Fusion 5.10

    Ingress and Security

    Table of Contents

    The Fusion proxy service serves as an API gateway and provides authentication and authorization. Route all external access to Fusion services through the Fusion proxy service. The most common approach is to set up a Kubernetes Ingress that routes Fusion service requests to the proxy service as shown in the example ingress definition below. It’s also common to do TLS termination at the Ingress, so that all traffic to and from the Kubernetes cluster is encrypted.

    Internal requests happen over unencrypted HTTP.
    apiVersion: v1
    - apiVersion: extensions/v1beta1
      kind: Ingress
        name: <RELEASE>-api-gateway
        namespace: <NAMESPACE>
        - host: <HOSTNAME>
            - backend:
                serviceName: proxy
                servicePort: 6764
              path: "/*"
        - hosts:
          - <HOSTNAME>
          secretName: <RELEASE>-api-gateway-tls-secret
          - ip: <SOME_IP>


    For deployments that run on EKS, the setup_f5_eks.sh setup script creates a classic elastic load balancer (ELB) to expose the Fusion proxy service for demonstration purposes. However, you’re strongly encouraged to configure a Kubernetes Ingress with TLS termination in front of the proxy service. See How do I terminate HTTPS traffic on Amazon EKS workloads with ACM? for more information.

    You can also opt to use an Application Load balancer instead of the proxy service.


    AKS deployments can use the setup_f5_aks.sh setup script, which exposes the Fusion proxy service on an external IP using HTTP for demonstration purposes. We recommend that you configure a Kubernetes Ingress with TLS termination in front of the proxy service.

    Other Kubernetes Platforms

    If your deployment runs on OpenShift using a cluster created with OpenShift Infrastructure Provider, the setup_f5_k8s.sh setup script will install Fusion 5 on your existing cluster. OpenShift Online services are not supported.

    See the RedHat OpenShift section of the readme for more tips toward a successful installation.

    If your deployment runs on GKE, the setup_f5_gke.sh setup script in the fusion-cloud-native repo provides the option to create the Ingress and TLS cert.

    This process uses Let’s Encrypt.

    For other Kubernetes providers, refer to provider’s documentation on creating an Ingress and TLS certificates.