FAIRVISOR Docs
⌘K
GitHub fairvisor.com

Helm

Fairvisor Edge Helm deployment is the primary production install path.

Standalone

helm upgrade --install fairvisor-edge ./helm/fairvisor-edge \
  --set image.repository=ghcr.io/fairvisor/fairvisor-edge \
  --set image.tag=v0.1.0 \
  --set mode=decision_service \
  --set standalone.policy.existingConfigMapRef=fairvisor-policy

SaaS

helm upgrade --install fairvisor-edge ./helm/fairvisor-edge \
  --set image.repository=ghcr.io/fairvisor/fairvisor-edge \
  --set image.tag=v0.1.0 \
  --set saas.url=https://api.fairvisor.com \
  --set saas.edgeId=edge-prod-us-east-1 \
  --set saas.edgeTokenSecretRef=fairvisor-edge-secret

Sidecar

Instead of a standalone Deployment, inject the container into the application pod:

# In your app Deployment spec
spec:
  template:
    spec:
      containers:
        - name: my-app
          image: my-app:latest
        - name: fairvisor-edge
          image: ghcr.io/fairvisor/fairvisor-edge:v0.1.0
          env:
            - name: FAIRVISOR_MODE
              value: decision_service
            - name: FAIRVISOR_CONFIG_FILE
              value: /etc/fairvisor/policy.json
          volumeMounts:
            - name: fairvisor-policy
              mountPath: /etc/fairvisor
      volumes:
        - name: fairvisor-policy
          configMap:
            name: fairvisor-policy

The app calls http://localhost:8080 for decisions. Sidecar shares the pod network namespace. Each pod enforces limits independently (local ngx.shared.dict).

Reverse proxy

helm upgrade --install fairvisor-edge ./helm/fairvisor-edge \
  --set image.repository=ghcr.io/fairvisor/fairvisor-edge \
  --set image.tag=v0.1.0 \
  --set mode=reverse_proxy \
  --set backendUrl=http://backend.default.svc.cluster.local:8080 \
  --set standalone.policy.existingConfigMapRef=fairvisor-policy

Required value rules

  1. mode must be decision_service or reverse_proxy.
  2. backendUrl is required when mode=reverse_proxy.
  3. Set exactly one source type: SaaS (saas.url + credentials) or standalone policy source (standalone.policy.inlineJson or existing ConfigMap/Secret).
  4. For SaaS mode, set exactly one token source: saas.edgeToken or saas.edgeTokenSecretRef.

Health endpoints

  • GET /livez
  • GET /readyz

Notes on scaling

ℹ️

Rate-limit state is local to each pod (shared dict in-process memory). Under horizontal scaling, limits are enforced per pod.

MD