Kubernetes Installation
This section includes different installation options such as a sidecar, stand-alone deployment or an operator.
Webhook Relay can help you receive webhooks for your internal services. We provide multiple options for the installation.
Webhook Relay operator not only deploys and manages agent containers that subscribe and forward webhooks but it also configures buckets, inputs (your public endpoints) and outputs (forwarding destinations).
Prerequisites:
- Kubernetes
You need to add this Chart repo to Helm:
helm repo add webhookrelay https://charts.webhookrelay.com
helm repo update
Get access token from here. Once you click on ‘Create Token’, it will generate it and show a helper to set environment variables:
export RELAY_KEY=*****-****-****-****-*********
export RELAY_SECRET=**********
Install through Helm:
helm upgrade --install webhookrelay-operator --namespace=default webhookrelay/webhookrelay-operator \
--set credentials.key=$RELAY_KEY --set credentials.secret=$RELAY_SECRET
Once the operator is deployed, to start receiving webhooks you will need to create a Custom Resource (usually called just ‘CR’). It’s a short yaml file that describes your public endpoint characteristics and specifies where to forward the webhooks:
# cr.yaml
apiVersion: forward.webhookrelay.com/v1
kind: WebhookRelayForward
metadata:
name: example-forward
spec:
buckets:
- name: k8s-operator
inputs:
- name: public-endpoint
description: "Public endpoint, supply this to the webhook producer"
responseBody: "OK"
responseStatusCode: 200
outputs:
- name: webhook-receiver
destination: http://destination:5050/webhooks
internal: true
kubectl apply -f cr.yaml
To remove the agent that is forwarding the webhooks, remove the CR that created it:
kubectl delete -f cr.yaml
To remove operator, use standard Helm command to uninstall the operator.
helm uninstall webhookrelay-operator
First, go to https://my.webhookrelay.com/tokens and create a token key & secret pair. Then, create a Kubernetes secret:
kubectl create secret generic webhookrelay-credentials --from-literal=key=[access key] --from-literal=secret=[access secret]
Once the secret is created, you can deploy Webhook Relay container either as a sidecar or a standalone container. Webhook Relay agent can be easily deployed as a sidecar. This way requests can be forwarded to the service through localhost:
apiVersion: apps/v1
kind: Deployment
metadata:
name: webhookrelay
labels:
name: webhookrelay
spec:
replicas: 1
selector:
matchLabels:
app: webhookrelay
template:
metadata:
name: webhookrelay
labels:
app: webhookrelay
spec:
containers:
# Your example container
- image: karolisr/webhook-demo:0.0.15
imagePullPolicy: Always
name: example
command: ["/bin/webhook-demo"]
ports:
- containerPort: 8090
livenessProbe:
httpGet:
path: /healthz
port: 8090
initialDelaySeconds: 30
timeoutSeconds: 10
securityContext:
privileged: true
# [START webhookrelay_container]
- image: webhookrelay/webhookrelayd:latest
name: relay
env:
- name: KEY
valueFrom:
secretKeyRef:
name: webhookrelay-credentials
key: key
- name: SECRET
valueFrom:
secretKeyRef:
name: webhookrelay-credentials
key: secret
- name: BUCKET
value: webhook-demo
- name: WEBSOCKET_TRANSPORT # Optional when gRPC is not available
value: "true"
# [END webhookrelay_container]
Webhook Relay container can also work as stand-alone deployment:
apiVersion: apps/v1
kind: Deployment
metadata:
name: webhookrelay
labels:
app: webhookrelay
spec:
replicas: 1
selector:
matchLabels:
app: webhookrelay
release: webhookrelay
template:
metadata:
labels:
app: webhookrelay
release: webhookrelay
spec:
containers:
- name: webhookrelayd
image: webhookrelay/webhookrelayd:latest
env:
- name: KEY
valueFrom:
secretKeyRef:
name: webhookrelay-credentials
key: key
- name: SECRET
valueFrom:
secretKeyRef:
name: webhookrelay-credentials
key: secret
- name: BUCKET
value: webhook-demo
- name: WEBSOCKET_TRANSPORT # Optional when gRPC is not available
value: "true"
If agent is deployed as a separate deployment, the output destination should then be a service name.
Repository can be found here: https://github.com/webhookrelay/webhook-demo.
Implements a Kubernetes ingress controller using tunnels to connect a Web Relay managed URL (https://yoursubdomain.webrelay.io) to a Kubernetes service based on ingress resources. Single ingress controller can manage multiple tunnels and route to multiple namespaces.
Deployment files and issue tracker is available on GitHub:
You can try out Web Relay ingress controller by creating a deployment from a hosted manifest, no clone or local install necessary.
What you do need:
- A Kubernetes cluster that has access to the Internet
kubectl
configured with admin access to your cluster
To add Web Relay ingress controller to your cluster, run:
relay ingress init
This command:
- Creates
webrelay-ingress
namespace - Creates
webrelay
service account - Creates deployment with the controller
- Creates cluster role and binding
- Generates access key and secret for the Web Relay server and supplies them as a Kubernetes secret
If RBAC isn’t enabled on your cluster (for example, if you’re on GKE with legacy authorization or Minikube without RBAC), run:
relay ingress init --no-rbac
You can also generate tokens through the Web UI here https://my.webhookrelay.com/tokens orrelay token create
command on the CLI.
To remove it, either delete the namespace where it was deployed or use:
relay ingress reset
Last modified 5mo ago