Having a brand new shiny managed service fabric cluster, I now need to put some security behind an exposed API endpoint with which my client apps need to connect.