I'm deploying the default Python templated httpTrigger Azure Function to Kubernetes (AKS) with this command
func kubernetes deploy --name test --registry testfunctionregistry.azurecr.io
When my configuration sets authLevel to anonymous like so
{
"scriptFile": "__init__.py",
"bindings": [
{
"authLevel": "anonymous",
"type": "httpTrigger",
"direction": "in",
"name": "req",
"methods": [
"get",
"post"
]
},
{
"type": "http",
"direction": "out",
"name": "$return"
}
]
}
I can call the function just fine, but if I use function as the authLevel I get a 401 which I think indicates I need to pass as valid code url parameter or auth code header.
However, it's not clear how to get a key for this for functions deployed to Kubernetes - the docs all refer to the Azure Function Apps Portal UI for this, but that's not used when I'm deploying to Kubernetes.
How do I find or set the key?
Ahmed ElSayed from the functions team has shared how this can be done on kubernetes here.
For reference, one would first have to create a Secret like the following. A host.json for the master key and individual <function-name>.json for each function.
apiVersion: v1
kind: Secret
metadata:
name: azure-functions-secrets
type: Opaque
stringData:
host.json: |-
{
"masterKey": {
"name": "master",
"value": "MASTER_KEY",
"encrypted": false
},
"functionKeys": [ ]
}
httptrigger.json: |-
{
"keys": [
{
"name": "default",
"value": "A_FUNCTION_KEY",
"encrypted": false
}
]
}
Then in your deployment, mount the secret as a volume to the functions container like this
spec:
containers:
- name: {azure-functions-container-name}
image: {your-container-image}
volumeMounts:
- name: secrets
mountPath: "/azure-functions-host/Secrets"
readOnly: true
env:
- name: AzureWebJobsSecretStorageType
value: files
volumes:
- name: secrets
secret:
secretName: azure-functions-secrets