This tutorial shows how you can expose your Function to access it outside the cluster, through an HTTP proxy. To expose it, use an APIRule custom resource (CR) managed by the in-house API Gateway Controller. This controller reacts to an instance of the APIRule CR and, based on its details, it creates an Istio VirtualService and Oathkeeper Access Rules that specify your permissions for the exposed Function.

When you complete this tutorial, you get a Function that:

• Is available on an unsecured endpoint (handler set to noop in the APIRule CR).
• Accepts the GET, POST, PUT, and DELETE methods.

NOTE: To learn more about securing your Function, see the Expose and secure a workload with OAuth2 or Expose and secure a workload with JWT tutorials.

TIP: Read also about Function’s specification if you are interested in its signature, event and context objects, and custom HTTP responses the Function returns.

Prerequisites

This tutorial is based on an existing Function. To create one, follow the Create a Function tutorial.

NOTE: Read about Istio sidecars in Kyma and why you want them. Then, check how to enable automatic Istio sidecar proxy injection. For more details, see Default Istio setup in Kyma.

Steps

Follow these steps: