SkyfloDocs
DeploymentIngress & Exposure

Ingress & Exposure

By default, Skyflo is accessible via kubectl port-forward. For production, expose the Command Center (ui service) through an Ingress resource. Route traffic to the skyflo-ui service on port 80.

Base Manifest

Cloud-agnostic Ingress. Add provider-specific annotations for your environment.

yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: skyflo-ingress
  namespace: skyflo
spec:
  ingressClassName: nginx
  tls:
    - hosts:
        - your-domain.com
      secretName: skyflo-tls
  rules:
    - host: your-domain.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: skyflo-ui
                port:
                  number: 80

AWS ALB

yaml
metadata:
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/scheme: internal
    alb.ingress.kubernetes.io/target-type: ip
    alb.ingress.kubernetes.io/subnets: subnet-xxxxx, subnet-yyyyy
    alb.ingress.kubernetes.io/security-groups: sg-xxxxx
    alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:region:account:certificate/xxxxx
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80,"HTTPS":443}]'
    alb.ingress.kubernetes.io/ssl-redirect: "443"
spec:
  ingressClassName: alb

GCP Cloud Load Balancer

yaml
metadata:
  annotations:
    kubernetes.io/ingress.class: gce
    networking.gke.io/managed-certificates: skyflo-cert
    kubernetes.io/ingress.global-static-ip-name: skyflo-ip
spec:
  ingressClassName: gce

Azure Application Gateway

yaml
metadata:
  annotations:
    kubernetes.io/ingress.class: azure/application-gateway
    appgw.ingress.kubernetes.io/ssl-redirect: "true"
    appgw.ingress.kubernetes.io/backend-protocol: "http"
spec:
  ingressClassName: azure-application-gateway

Apply

bash
kubectl apply -f skyflo-ingress.yaml

Retrieve the external address:

bash
kubectl get ingress -n skyflo

Point your domain to the load balancer address via DNS. Use a CNAME for hostnames or an A record for IPs.

SSE Streaming

The Nginx proxy sidecar handles SSE streaming with buffering disabled and 3600s timeouts. If you place an external load balancer or CDN in front of Skyflo, ensure it supports long-lived HTTP connections and does not buffer SSE responses.