Routes & ingress
Components are private by default. A route is how you deliberately expose one to the outside world.
Exposing a component
Add a route to a component's config to publish it on a port and hostname. The engine renders the ingress and reconciles it alongside the workload. Conflicting routes are caught before rollout — you get a plain warning, not a broken deploy.
TLS & domains
Attach a domain to a route and High provisions and renews TLS for it — certificates are issued on demand, no manual step. Internal traffic never needs a route; it already flows privately over the overlay.
Gating a route
A route doesn't have to be wide open. Put one behind sign-in and only authenticated users reach the component — the platform handles the login flow in front of it. And routes aren't only for HTTP: you can expose a raw TCP or UDP port the same way, for services that don't speak HTTP.
A rejected preview reads: 2 routes conflict on port 443. Edit the config and retry. Fix the config, then re-run the release.