Security Recommendations¶

We recommend the following:

Use the NGINX Ingress Controller or another similar reverse proxy in front of AI Gateway. See the Expose with NGINX Ingress Controller guide.
Use TLS or mTLS for connections between AI Gateway core and services, processors or any other external component.

Serving traffic with TLS for AI Gateway¶

Both AI Gateway core and the processors server support TLS termination. A kubernetes.io/tls type secret is required which provides the TLS certificate and key.

Create a kubernetes.io/tls secret with your certificate and key.

kubectl create secret tls aigw-tls --cert=tls.crt --key=tls.key

Enable and configure TLS in the values file.

# my-values.yaml
aigw:
  tls:
    enabled: true
    secretName: aigw-tls

processors:
  f5:
    tls:
      enabled: true
      secretName: aigw-tls

Previous Next