Setting Ingress for your Functions
Categories:
Some exciting updates to ingress host path, annotations, and TLS support. In Fission version 1.6.0, which was released on Friday 11 October 2019, new features arrived. This blogpost covers the exciting updates to ingress host path, annotations, and TLS support.
Fission previously supported ingress. However, it lacked support for TLS, host field, and ingress annotations. Now with version 1.6, all three are supported.
In this blog post, we will cover all three of the new features. But first, let’s talk about ingress some more.
What is ingress? Ingress exposes HTTP and HTTPS routes from outside of the Kubernetes cluster to services located within the cluster.
An ingress object can be configured to give services externally-reachable URLs, load balance traffic, terminate TLS, and can offer name-based virtual hosting. An ingress controller is responsible for fulfilling the ingress object.
Check below for an example deployment.
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: sample-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- http:
paths:
- path: /testpath
backend:
serviceName: ingress
servicePort: 80
To learn more about Kubernetes ingress check out this link
Ingress host rule
You can enable ingress host rule by adding --ingressrule
to your fission route command.
The format to use is host=path
. You have to provide both the host and the endpoint path.
You can allow access from all hosts by providing an astrix as the host like:
--ingressrule "*=/foobar"
You can also specify specific hosts by providing the name like:
--ingressrule "example.com=/foobar"
Command example:
$ fission route create --name foobar --method GET \
--function nodejs --url "/foobar" --createingress --ingressrule "*=/foobar"
Ingress annotations
You can now specify annotations to ingress when creating the HTTP trigger. To use ingress annotations, –ingressannotation needs to be added when creating or updating a fission route.
If you, for example, want to disable TLS auto-redirect and enable regular expressions. You have to use the following command:
$ fission route create --name foo --url /foo --function foofn --createingress \
--ingressannotation "nginx.ingress.kubernetes.io/ssl-redirect=false" \
--ingressannotation "nginx.ingress.kubernetes.io/use-regex=true"
Ingress TLS
To enable this, you first have to create a secret that contains the TLS private key and the certificate.
To enable ingress TLS, --ingresstls
needs to be added when creating or updating a fission route.
Command example:
$ fission route create --name foo --url /foo/{bar} --function foofn --createingress \
--ingressannotation "nginx.ingress.kubernetes.io/ssl-redirect=false" \
--ingressannotation "nginx.ingress.kubernetes.io/use-regex=true" \
--ingressrule "*=/foo/*" --ingresstls "foobartls"
Fission 1.6.0 added a lot of other cool features as well. Check out the full changelog or go directly to the release page here.