Webhook Relay Operator provides an easy way to receive webhooks to an internal Kubernetes cluster without configuring public IP or load balancer. Perfect for:
- On-premise deployments
- Cloud deployments where public load balancer is not required (single endpoint receiving webhooks and no need to expose the whole server)
- Edge deployments
- IoT & Edge computing with https://k3s.io/
Operator can manage buckets, configure your public endpoints that accept webhooks/API requests and sets up forwarding destinations (where HTTP requests will be sent).
Current operator project scope:
- Deploy webhook forwarding agents with configured buckets
- Read credentials from secrets and mount secrets to webhookrelayd containers
- Ensure buckets are created
- Ensure inputs are configured (public endpoints)
- Ensure outputs are configured (forwarding destinations)
- K8s events on taken actions
- Updates CR status
- Create & manage Functions that transform webhook requests and responses
- Manage Function configuration through Kubernetes secrets
- Provision separate access tokens for webhookrelayd containers with disabled API access (only subscribe capability). CR should have a finalizer that would ensure that the secret is removed together with the agent configuration.
- Deploy Webhook Relay ingress controller (separate CRD)
- Expose webhookrelayd agent forwarding metrics
- Configure notification integrations via CRDs
Prerequisites:
- Helm
- Webhook Relay account
- Kubernetes
You need to add this Chart repo to Helm:
helm repo add webhookrelay https://charts.webhookrelay.com
helm repo update
Get access token from here. Once you click on 'Create Token', it will generate it and show a helper to set environment variables:
export RELAY_KEY=*****-****-****-****-*********
export RELAY_SECRET=**********
Install through Helm:
helm upgrade --install webhookrelay-operator --namespace=default webhookrelay/webhookrelay-operator \
--set credentials.key=$RELAY_KEY --set credentials.secret=$RELAY_SECRET
Operator works as a manager to configure your public endpoints and forwarding destinations. To start receiving webhooks you will need to create a Custom Resource (usually called just 'CR'). It's a short yaml file that describes your public endpoint characteristics and specifies where to forward the webhooks:
# cr.yaml
apiVersion: forward.webhookrelay.com/v1
kind: WebhookRelayForward
metadata:
name: example-forward
spec:
buckets:
- name: k8s-operator
inputs:
- name: public-endpoint
description: "Public endpoint, supply this to the webhook producer"
responseBody: "OK"
responseStatusCode: 200
outputs:
- name: webhook-receiver
lockPath: true # set to 'false' to reuse any extra path WHR received
disabled: false # set to 'true' to disable output
destination: http://destination:5050/webhooks
kubectl apply -f cr.yaml
Now, to view CR status which will display our public endpoints:
# get available CRs
$ kubectl get webhookrelayforwards.forward.webhookrelay.com
# get our example forward status
$ kubectl describe webhookrelayforwards.forward.webhookrelay.com example-forward
Name: example-forward
Namespace: default
Labels: <none>
Annotations: API Version: forward.webhookrelay.com/v1
Kind: WebhookRelayForward
Metadata:
Creation Timestamp: 2020-06-18T23:05:33Z
Generation: 1
Resource Version: 118902
Self Link: /apis/forward.webhookrelay.com/v1/namespaces/default/webhookrelayforwards/example-forward
UID: 998b0fca-f975-40dd-b2b5-91abd1edaee0
Spec:
Buckets:
Inputs:
Description: Public endpoint, supply this to the webhook producer
Name: public-endpoint
Response Body: OK
Response Status Code: 200
Name: k8s-operator
Outputs:
Destination: http://destination:5050/webhooks
Name: webhook-receiver
Secret Ref Name: whr-credentials
Secret Ref Namespace:
Status:
Agent Status: Running
Public Endpoints:
https://my.webhookrelay.com/v1/webhooks/92582560-738a-4eae-94b1-23299ed20b3c
Ready: true
Routing Status: Configured
Events: <none>
Here we can see our public endpoints.
If more than one user is using the operator, it's possible to skip credentials setting during Helm install and just specify the access token key & secret in the CR itself:
# access_token.yaml
apiVersion: v1
kind: Secret
metadata:
name: whr-credentials
type: Opaque
stringData:
key: XXX # your access token key
secret: YYY # your access token secret
Create it:
kubectl apply -f access_token.yaml
Specify the secret ref in the CR as secretRefName
and secretRefNamespace
(this one is optional):
# cr.yaml
apiVersion: forward.webhookrelay.com/v1
kind: WebhookRelayForward
metadata:
name: example-forward
spec:
secretRefName: whr-credentials # Secret
secretRefNamespace: ""
buckets:
- name: k8s-operator
inputs:
- name: public-endpoint
description: "Public endpoint, supply this to the webhook producer"
responseBody: "OK"
responseStatusCode: 200
outputs:
- name: webhook-receiver
lockPath: true # set to 'false' to reuse any extra path WHR received
disabled: false # set to 'true' to disable output
destination: http://destination:5050/webhooks
# Use custom Docker image
#image: "quay.io/your-custom/image:latest"
# Add custom env variables to the agent container
extraEnvVars:
- name: WEBSOCKET_TRANSPORT
value: "true"
Create the CR:
kubectl apply -f cr.yaml
If your outgoing connections are intercepted by an HTTP/HTTPS proxy - you will need to supply connection details with --set httpProxy
or --set httpsProxy
Helm values:
helm upgrade --install webhookrelay-operator --namespace=default webhookrelay/webhookrelay-operator \
--set credentials.key=$RELAY_KEY --set credentials.secret=$RELAY_SECRET \
--set httpsProxy="https://example-proxy.com"
This will set environment variables for the operator and operator will propagate them to the deployed agent.