Expose a Workload

This tutorial shows how to expose an unsecured instance of the HTTPBin Service and call its endpoints.

WARNING

Exposing a workload to the outside world is a potential security vulnerability, so be careful. In a production environment, always secure the workload you expose with JWT.

Prerequisites

• You have the Istio and API Gateway modules added.

• You have a deployed workload.

  NOTE

  To expose a workload using APIRule in version v2, the workload must be a part of the Istio service mesh. See Enable Istio Sidecar Proxy Injection.

• To use CLI instructions, you must install kubectl and curl. Alternatively, you can use Kyma dashboard.

• You have set up your custom domain. Alternatively, you can use the default domain of your Kyma cluster and the default Gateway kyma-system/kyma-gateway.

  NOTE

  Because the default Kyma domain is a wildcard domain, which uses a simple TLS Gateway, it is recommended that you set up your custom domain for use in a production environment.

  TIP

  To learn what the default domain of your Kyma cluster is, run kubectl get gateway -n kyma-system kyma-gateway -o jsonpath='{.spec.servers[0].hosts}'.

Steps

Access Your Workload

• Send a GET request to the exposed workload:

  curl -ik -X GET https://{SUBDOMAIN}.{DOMAIN_NAME}/ip

  If successful, the call returns the 200 OK response code.

• Send a POST request to the exposed workload:

  curl -ik -X POST https://{SUBDOMAIN}.{DOMAIN_NAME}/post -d "test data"

  If successful, the call returns the 200 OK response code.