Overview

These guides help platform engineers configure networking and service mesh features in UDS Core. Each guide focuses on a single task and includes step-by-step instructions with verification.

For background on how the service mesh, gateways, and authorization model work, see Networking & Service Mesh Concepts.

Guides

Configure TLS certificates Set up TLS certificates for your ingress gateways.

Expose applications on gateways Make applications accessible through the tenant or admin gateway.

Enable the passthrough gateway Deploy the optional passthrough gateway for apps that handle their own TLS.

Define network access Configure intra-cluster ingress/egress, Kubernetes API access, and external egress for your application.

Set up non-HTTP ingress Accept TCP traffic (SSH, database ports, etc.) through a gateway.

Create a custom gateway Deploy a gateway with independent domain, TLS, and security controls.

Configure an L7 load balancer Run UDS Core behind an ALB, Azure Application Gateway, or similar.

Allow permissive mesh traffic Relax strict authorization policies for exceptional workloads.

Configure network access for Core services Extend network rules for Core components like Falco, Vector, and Grafana.

Manage trust bundles Distribute custom CA certificates across the cluster for private PKI or DoD CAs.