Expose a Function Using the APIRule Custom Resource

This tutorial shows how you can expose your Function to access it outside the cluster, through an HTTP proxy. To expose it, use an APIRule custom resource (CR). Function Controller reacts to an instance of the APIRule CR and, based on its details, it creates an Istio VirtualService and Oathkeeper Access Rules that specify your permissions for the exposed Function.

When you complete this tutorial, you get a Function that:

• Uses the noAuth access strategy, allowing access on an unsecured endpoint.
• Accepts the GET, POST, PUT, and DELETE methods.

To learn more about securing your Function, see the tutorial Expose and secure a workload with JWT.

Read also about Function’s specification if you are interested in its signature, event and context objects, and custom HTTP responses the Function returns.

Prerequisites

• You have an existing Function.
• You have the Istio, API Gateway, and Serverless modules added.
• For the Kyma CLI scenario, you have Kyma CLI installed.

Procedure

You can expose a Function using Kyma dashboard, Kyma CLI, or kubectl: