Expose Workloads in Multiple Namespaces With a Single APIRule Definition ​
Learn how to expose Service endpoints in multiple namespaces.
WARNING
Exposing a workload to the outside world causes a potential security vulnerability, so be careful. In a production environment, secure the workload you expose with JWT.
Prerequisites ​
You have Istio and API Gateway modules in your cluster. See Adding and Deleting a Kyma Module for SAP BTP, Kyma runtime or Quick Install for open-source Kyma.
You have deployed two workloads in different namespaces.
NOTE
To expose a workload using APIRule in version
v2, the workload must be a part of the Istio service mesh. See Enable Istio Sidecar Proxy Injection.To set up a custom Gateway, see Configure a TLS Gateway in SAP BTP, Kyma Runtime. Alternatively, you can use the default domain of your Kyma cluster and the default Gateway
kyma-system/kyma-gateway.NOTE
Because the default Kyma domain is a wildcard domain, which uses a simple TLS Gateway, it is recommended that you set up your custom domain for use in a production environment. For more information, see Getting Started with Istio Gateways.
TIP
To learn what the default domain of your Kyma cluster is, run
kubectl get gateway -n kyma-system kyma-gateway -o jsonpath='{.spec.servers[0].hosts}'.
Steps ​
Access Your Workloads ​
To call the endpoints, send GET requests to the exposed Services:
curl -ik -X GET https://${SUBDOMAIN}.${DOMAIN_NAME}/headers
curl -ik -X GET https://${SUBDOMAIN}.${DOMAIN_NAME}/getIf successful, the calls return the 200 OK response code.