Kubernetes Installation

This section includes different installation options such as a sidecar, stand-alone deployment or an operator.

Webhook Relay can help you receive webhooks for your internal services. We provide multiple options for the installation.

Option 1: Webhook Relay Operator (recommended)

Webhook Relay operator not only deploys and manages agent containers that subscribe and forward webhooks but it also configures buckets, inputs (your public endpoints) and outputs (forwarding destinations).

Install

Prerequisites:

You need to add this Chart repo to Helm:

helm repo add webhookrelay https://charts.webhookrelay.com
helm repo update

Get access token from here. Once you click on ‘Create Token’, it will generate it and show a helper to set environment variables:

export RELAY_KEY=*****-****-****-****-*********
export RELAY_SECRET=**********

Install through Helm:

helm upgrade --install webhookrelay-operator --namespace=default webhookrelay/webhookrelay-operator \
--set credentials.key=$RELAY_KEY --set credentials.secret=$RELAY_SECRET

Usage

Once the operator is deployed, to start receiving webhooks you will need to create a Custom Resource (usually called just ‘CR’). It’s a short yaml file that describes your public endpoint characteristics and specifies where to forward the webhooks:

# cr.yaml
apiVersion: forward.webhookrelay.com/v1
kind: WebhookRelayForward
metadata:
name: example-forward
spec:
buckets:
- name: k8s-operator
inputs:
- name: public-endpoint
description: "Public endpoint, supply this to the webhook producer"
responseBody: "OK"
responseStatusCode: 200
outputs:
- name: webhook-receiver
destination: http://destination:5050/webhooks
kubectl apply -f cr.yaml

Uninstall

To remove the agent that is forwarding the webhooks, remove the CR that created it:

kubectl delete -f cr.yaml

To remove operator, use standard Helm command to uninstall the operator.

helm uninstall webhookrelay-operator

Option 2: Sidecar

First, go to https://my.webhookrelay.com/tokens and create a token key & secret pair. Then, create a Kubernetes secret:

kubectl create secret generic webhookrelay-credentials --from-literal=key=[access key] --from-literal=secret=[access secret]

Once the secret is created, you can deploy Webhook Relay container either as a sidecar or a standalone container. Webhook Relay agent can be easily deployed as a sidecar. This way requests can be forwarded to the service through localhost:

apiVersion: apps/v1
kind: Deployment
metadata:
name: webhookrelay
labels:
name: webhookrelay
spec:
replicas: 1
selector:
matchLabels:
app: webhookrelay
template:
metadata:
name: webhookrelay
labels:
app: webhookrelay
spec:
containers:
# Your example container
- image: karolisr/webhook-demo:0.0.15
imagePullPolicy: Always
name: example
command: ["/bin/webhook-demo"]
ports:
- containerPort: 8090
livenessProbe:
httpGet:
path: /healthz
port: 8090
initialDelaySeconds: 30
timeoutSeconds: 10
securityContext:
privileged: true
# [START webhookrelay_container]
- image: webhookrelay/webhookrelayd:latest
name: relay
env:
- name: KEY
valueFrom:
secretKeyRef:
name: webhookrelay-credentials
key: key
- name: SECRET
valueFrom:
secretKeyRef:
name: webhookrelay-credentials
key: secret
- name: BUCKET
value: webhook-demo
# [END webhookrelay_container]

Option 3: Separate deployment

Webhook Relay container can also work as stand-alone deployment:

apiVersion: apps/v1
kind: Deployment
metadata:
name: webhookrelay
labels:
app: webhookrelay
spec:
replicas: 1
selector:
matchLabels:
app: webhookrelay
release: webhookrelay
template:
metadata:
labels:
app: webhookrelay
release: webhookrelay
spec:
containers:
- name: webhookrelayd
image: webhookrelay/webhookrelayd:latest
env:
- name: KEY
valueFrom:
secretKeyRef:
name: webhookrelay-credentials
key: key
- name: SECRET
valueFrom:
secretKeyRef:
name: webhookrelay-credentials
key: secret
- name: BUCKET
value: webhook-demo

If agent is deployed as a separate deployment, the output destination should then be a service name. Repository can be found here: https://github.com/webhookrelay/webhook-demo.

Option 4: Ingress Controller

Implements a Kubernetes ingress controller using tunnels to connect a Web Relay managed URL (https://yoursubdomain.webrelay.io) to a Kubernetes service based on ingress resources. Single ingress controller can manage multiple tunnels and route to multiple namespaces.

Deployment files and issue tracker is available on GitHub:

https://github.com/webrelay/ingress

You can try out Web Relay ingress controller by creating a deployment from a hosted manifest, no clone or local install necessary.

What you do need:

  • A Kubernetes cluster that has access to the Internet

  • kubectl configured with admin access to your cluster

  • relay CLI, installation instructions can be found here

Install

To add Web Relay ingress controller to your cluster, run:

relay ingress init

Manifests are available here: https://github.com/webrelay/ingress/tree/master/deployment

This command:

  • Creates webrelay-ingress namespace

  • Creates webrelay service account

  • Creates deployment with the controller

  • Creates cluster role and binding

  • Generates access key and secret for the Web Relay server and supplies them as a Kubernetes secret

If RBAC isn’t enabled on your cluster (for example, if you’re on GKE with legacy authorization or Minikube without RBAC), run:

relay ingress init --no-rbac

You can also generate tokens through the Web UI here https://my.webhookrelay.com/tokens or relay token create command on the CLI.

Uninstall Ingress Controller

To remove it, either delete the namespace where it was deployed or use:

relay ingress reset