We use cookies for the best online experience.Read our Privacy Statement

Expose a workload

This tutorial shows how to expose service endpoints and configure different allowed HTTP methods for them using API Gateway Controller.

CAUTION: Exposing a workload to the outside world is always a potential security vulnerability, so tread carefully. In a production environment, always secure the workload you expose with OAuth2 or JWT.

The tutorial may be a follow-up to the Set up a custom domain for a workload tutorial.

Prerequisites

This tutorial is based on a sample HttpBin service deployment and a sample Function. To deploy or create one of those, follow the Create a workload tutorial.

Expose and access your workload

Follow the instruction to expose and access your unsecured instance of the HttpBin service or unsecured sample Function.

  • HttpBin
  • Function

  1. Export the following value as an environment variable:

    Click to copy
    export DOMAIN_TO_EXPOSE_WORKLOADS={DOMAIN_NAME}
    export GATEWAY=$NAMESPACE/httpbin-gateway

    NOTE: DOMAIN_NAME is the domain that you own, for example, api.mydomain.com. If you don't want to use your custom domain, replace DOMAIN_NAME with a Kyma domain and $NAMESPACE/httpbin-gateway with Kyma's default Gateway kyma-system/kyma-gateway

  1. Expose the instance of the HttpBin service by creating an APIRule CR in your Namespace. Run:

    Click to copy
    cat <<EOF | kubectl apply -f -
    apiVersion: gateway.kyma-project.io/v1beta1
    kind: APIRule
    metadata:
      name: httpbin
      namespace: $NAMESPACE
    spec:
      host: httpbin.$DOMAIN_TO_EXPOSE_WORKLOADS
      service:
        name: httpbin
        namespace: $NAMESPACE
        port: 8000
      gateway: $GATEWAY
      rules:
        - path: /.*
          methods: ["GET"]
          accessStrategies:
            - handler: noop
          mutators:
            - handler: noop
        - path: /post
          methods: ["POST"]
          accessStrategies:
            - handler: noop
          mutators:
            - handler: noop
    EOF

    NOTE: If you are running Kyma on k3d, add httpbin.kyma.local to the entry with k3d IP in your system's /etc/hosts file.

    NOTE: If you don't specify a Namespace for your service, the default APIRule Namespace is used.

  1. Call the endpoint by sending a GET request to the HttpBin service:

    Click to copy
    curl -ik -X GET https://httpbin.$DOMAIN_TO_EXPOSE_WORKLOADS/ip

  2. Send a POST request to the HttpBin's /post endpoint:

    Click to copy
    curl -ik -X POST https://httpbin.$DOMAIN_TO_EXPOSE_WORKLOADS/post -d "test data"

    These calls return the code 200 response.