The ingress trait provides an easy method to augment OAM applications by exposing a secure endpoint so your users can easily access the application. The trait automatically generates a secure endpoint to expose a container port.
Remember We provide a certificate for the endpoint signed by Let’s Encrypt, but it is your responsibility to implement authentication and authorization mechanisms at the application level.
The trait is already installed on the Napptive playground, so you can use it directly in your applications.
$ kubectl --kubeconfig napptive-kubeconfig get traitdefinitions.core.oam.dev NAME DEFINITION-NAME ingresses.core.napptive.com ingresses.core.napptive.com ...
The Ingress Trait will be available for download soon for private clusters. Contact us if you are interested in installing the trait now.
Using the trait is as simple as adding it to the OAM
ApplicationConfiguration on the selected component.
apiVersion: core.oam.dev/v1alpha2 kind: ApplicationConfiguration ... spec: components: - componentName: drawio traits: - trait: apiVersion: core.napptive.com/v1alpha1 kind: Ingress metadata: name: drawio-ingress spec: name: drawio protocol: HTTP port: 8080 path: / ...
The trait accepts the following parameters:
|Name||Name that will be associated with the generated endpoint. The system will automatically generated an endpoint with the following format: |
|protocol||Protocol used to expose the endpoint. Only HTTP is supported for now|
|port||Port of the parent component the requests will be redirected to.|
|path||Path prefix indicating which requests are to be forwarded.|
|rewritePath||Pattern to be applied to rewrite the request path.|
The ingress will automatically redirect requests to the component even if the component has just started. Please wait some time depending on the image being execute so that the component is fully up and running.
Major browsers implement HTTP Strict Transport Security (STS) which translates in automatic promotion of plain requests to
https://. We recomended adapting the client consuming the service to support TLS. Alternatively, check your browser documentation to see whether it is possible to switch off this protection layer.