Kubernetes Installation

This section includes different installation options such as a sidecar, stand-alone deployment or an operator.

Webhook Relay can help you receive webhooks for your internal services. We provide multiple options for the installation.

Option 1: Webhook Relay Operator (recommended)

Webhook Relay operator not only deploys and manages agent containers that subscribe and forward webhooks but it also configures buckets, inputs (your public endpoints) and outputs (forwarding destinations).

Install

Prerequisites:

You need to add this Chart repo to Helm:

helm repo add webhookrelay https://charts.webhookrelay.com
helm repo update

Get access token from here. Once you click on ‘Create Token’, it will generate it and show a helper to set environment variables:

export RELAY_KEY=*****-****-****-****-*********
export RELAY_SECRET=**********

Install through Helm:

helm upgrade --install webhookrelay-operator --namespace=default webhookrelay/webhookrelay-operator \
  --set credentials.key=$RELAY_KEY --set credentials.secret=$RELAY_SECRET

Usage

Once the operator is deployed, to start receiving webhooks you will need to create a Custom Resource (usually called just ‘CR’). It’s a short yaml file that describes your public endpoint characteristics and specifies where to forward the webhooks:

# cr.yaml
apiVersion: forward.webhookrelay.com/v1
kind: WebhookRelayForward
metadata:
  name: example-forward
spec:
  buckets:
  - name: k8s-operator
    inputs:
    - name: public-endpoint
      description: "Public endpoint, supply this to the webhook producer"
      responseBody: "OK"
      responseStatusCode: 200
    outputs:
    - name: webhook-receiver
      destination: http://destination:5050/webhooks
      internal: true

kubectl apply -f cr.yaml

Uninstall

To remove the agent that is forwarding the webhooks, remove the CR that created it:

kubectl delete -f cr.yaml

To remove operator, use standard Helm command to uninstall the operator.

helm uninstall webhookrelay-operator

Option 2: Sidecar

First, go to https://my.webhookrelay.com/tokens and create a token key & secret pair. Then, create a Kubernetes secret:

kubectl create secret generic webhookrelay-credentials --from-literal=key=[access key] --from-literal=secret=[access secret]

Once the secret is created, you can deploy Webhook Relay container either as a sidecar or a standalone container. Webhook Relay agent can be easily deployed as a sidecar. This way requests can be forwarded to the service through localhost:

apiVersion: apps/v1
kind: Deployment
metadata: 
  name: webhookrelay
  labels: 
      name: webhookrelay   
spec:
  replicas: 1
  selector:
    matchLabels:
      app: webhookrelay
  template:
    metadata:
      name: webhookrelay
      labels:
        app: webhookrelay        
    spec:
      containers:
        # Your example container                
        - image: karolisr/webhook-demo:0.0.15
          imagePullPolicy: Always            
          name: example
          command: ["/bin/webhook-demo"]
          ports:
            - containerPort: 8090       
          livenessProbe:
            httpGet:
              path: /healthz
              port: 8090
            initialDelaySeconds: 30
            timeoutSeconds: 10
          securityContext:
            privileged: true              
        # [START webhookrelay_container]
        - image: webhookrelay/webhookrelayd:latest
          name: relay
          env:                         
            - name: KEY
              valueFrom:
                secretKeyRef:
                  name: webhookrelay-credentials
                  key: key                
            - name: SECRET
              valueFrom:
                secretKeyRef:
                  name: webhookrelay-credentials
                  key: secret
            - name: BUCKET
              value: webhook-demo
            - name: WEBSOCKET_TRANSPORT # Optional when gRPC is not available
              value: "true" 
        # [END webhookrelay_container]

Option 3: Separate deployment

Webhook Relay container can also work as stand-alone deployment:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: webhookrelay
  labels:
    app: webhookrelay   
spec:
  replicas: 1
  selector:
    matchLabels:
      app: webhookrelay
      release: webhookrelay
  template:
    metadata:
      labels:
        app: webhookrelay
        release: webhookrelay
    spec:      
      containers:
        - name: webhookrelayd
          image: webhookrelay/webhookrelayd:latest
          env:
            - name: KEY
              valueFrom:
                secretKeyRef:
                  name: webhookrelay-credentials
                  key: key                
            - name: SECRET
              valueFrom:
                secretKeyRef:
                  name: webhookrelay-credentials
                  key: secret
            - name: BUCKET
              value: webhook-demo
            - name: WEBSOCKET_TRANSPORT # Optional when gRPC is not available
              value: "true"

If agent is deployed as a separate deployment, the output destination should then be a service name. Repository can be found here: https://github.com/webhookrelay/webhook-demo.

Option 4: Ingress Controller

Implements a Kubernetes ingress controller using tunnels to connect a Web Relay managed URL (https://yoursubdomain.webrelay.io) to a Kubernetes service based on ingress resources. Single ingress controller can manage multiple tunnels and route to multiple namespaces.

Deployment files and issue tracker is available on GitHub:

https://github.com/webrelay/ingress

You can try out Web Relay ingress controller by creating a deployment from a hosted manifest, no clone or local install necessary.

What you do need:

A Kubernetes cluster that has access to the Internet
kubectl configured with admin access to your cluster
relay CLI, installation instructions can be found here

Install

To add Web Relay ingress controller to your cluster, run:

relay ingress init

Manifests are available here: https://github.com/webrelay/ingress/tree/master/deployment

This command:

Creates webrelay-ingress namespace
Creates webrelay service account
Creates deployment with the controller
Creates cluster role and binding
Generates access key and secret for the Web Relay server and supplies them as a Kubernetes secret

If RBAC isn’t enabled on your cluster (for example, if you’re on GKE with legacy authorization or Minikube without RBAC), run:

relay ingress init --no-rbac

You can also generate tokens through the Web UI here https://my.webhookrelay.com/tokens or relay token create command on the CLI.

Uninstall Ingress Controller

To remove it, either delete the namespace where it was deployed or use:

relay ingress reset

PreviousContainerized NextPodman

Last updated 1 year ago