Host, Path, Annotations and TLS
Fission lets you configure ingress host rules, paths, annotations, and TLS on a route using --ingressrule, --ingressannotation, and --ingresstls.
Annotations (--ingressannotation)
You can specify annotations to ingress when creating the HTTP trigger. If you want to disable TLS auto redirect and enable regular expression matching in NGINX Ingress Controller, you can add annotations such as:
$ fission route create --name foo \
--url /foo --function foofn --createingress \
--ingressannotation "nginx.ingress.kubernetes.io/ssl-redirect=false" \
--ingressannotation "nginx.ingress.kubernetes.io/use-regex=true"
NOTE: The format of annotation depends on the underlying ingress controller being used. Check the respective documentation for details.
Host Rule (--ingressrule)
The format of rule is host=path.
You provide the host and the API endpoint path, separated by the = delimiter.
If the rule is not provided, fission uses path specified by --url and allows requests from all hosts.
For example, if you want to expose your function to the path /foobar and allow access from all hosts, you can do:
$ fission route create --name foobar --method GET --function nodejs --url "/foobar" --createingress --ingressrule "*=/foobar"
This results in the following ingress definition:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: foobar
namespace: fission
...
spec:
rules:
- http:
paths:
- path: /foobar
pathType: ImplementationSpecific
backend:
service:
name: router
port:
number: 80
If you want to limit the function’s accessibility to specific hosts, specify the host rule like --ingressrule "example.com=/foobar":
spec:
rules:
- host: example.com
http:
paths:
- path: /foobar
pathType: ImplementationSpecific
backend:
service:
name: router
port:
number: 80
NOTE: The format of rule depends on the underlying ingress controller you are using.
In case of NGINX Ingress Controller for example, to support wildcard path you need to:
- Enable regular expression matching by adding annotation to the Ingress.
- Specify the router URL as
/foo/{bar}and set path to/foo/*. (Issue)
$ fission route create --name foo \
--url /foo/{bar} --function foofn --createingress \
--ingressannotation "nginx.ingress.kubernetes.io/use-regex=true" \
--ingressrule "*=/foo/*"
TLS (--ingresstls)
To enable TLS termination, you need to follow the guide to create the secret that contains TLS private key and certificate. For Fission, specify the secret name when creating the HTTP trigger.
$ fission route create --name foo \
--url /foo/{bar} --function foofn --createingress \
--ingressannotation "nginx.ingress.kubernetes.io/ssl-redirect=false" \
--ingressannotation "nginx.ingress.kubernetes.io/use-regex=true" \
--ingressrule "*=/foo/*"
--ingresstls "foobartls"