Expose Workloads in Multiple Namespaces With a Single APIRule Definition ​
Learn how to expose Service endpoints in multiple namespaces.
WARNING
Exposing a workload to the outside world causes a potential security vulnerability, so be careful. In a production environment, secure the workload you expose with JWT.
Prerequisites ​
You have the Istio and API Gateway modules added.
You have deployed two workloads in different namespaces.
NOTE
To expose a workload using APIRule in version
v2, the workload must be a part of the Istio service mesh. See Enable Istio Sidecar Proxy Injection.To use CLI instructions, you must install kubectl and curl. Alternatively, you can use Kyma dashboard.
You have set up your custom domain. Alternatively, you can use the default domain of your Kyma cluster and the default Gateway
kyma-system/kyma-gateway.NOTE
Because the default Kyma domain is a wildcard domain, which uses a simple TLS Gateway, it is recommended that you set up your custom domain for use in a production environment.
TIP
To learn what the default domain of your Kyma cluster is, run
kubectl get gateway -n kyma-system kyma-gateway -o jsonpath='{.spec.servers[0].hosts}'.
Steps ​
Access Your Workloads ​
To call the endpoints, send GET requests to the exposed Services:
curl -ik -X GET https://{SUBDOMAIN}.{DOMAIN_NAME}/headers
curl -ik -X GET https://{SUBDOMAIN}.{DOMAIN_NAME}/getIf successful, the calls return the 200 OK response code.