Expose a Function with an API Rule
This tutorial shows how you can expose your Function to access it outside the cluster, through an HTTP proxy. To expose it, use an APIRule custom resource (CR) managed by the in-house API Gateway Controller. This controller reacts to an instance of the APIRule CR and, based on its details, it creates an Istio VirtualService and Oathkeeper Access Rules that specify your permissions for the exposed Function.
When you complete this tutorial, you get a Function that:
- Is available on an unsecured endpoint (handler set to
noopin the APIRule CR).
- Accepts the
NOTE: To learn more about securing your Function, see the Expose and secure a workload with OAuth2 or Expose and secure a workload with JWT tutorials.
TIP: Read also about Function’s specification if you are interested in its signature,
contextobjects, and custom HTTP responses the Function returns.
This tutorial is based on an existing Function. To create one, follow the Create a Function tutorial.
NOTE: Read about Istio sidecars in Kyma and why you want them. Then, check how to enable automatic Istio sidecar proxy injection. For more details, see Default Istio setup in Kyma.
Follow these steps:
- Kyma CLI
- Kyma Dashboard