relay-core

module

v0.0.0-...-cb1a7a4 Latest Latest Go to latest Published: Aug 21, 2022 License: Apache-2.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/puppetlabs/relay-core

Links

Open Source Insights

README ¶

Relay Core

This repository contains a Kubernetes-based execution engine for running workflows or processing webhook triggers.

Installation

kustomize build manifests | kubectl apply -f -
kustomize build examples/install | kubectl apply -f -

Requirements

Kubernetes v1.20+
Tekton (v0.32.1+)
Knative Serving (v1.1.2+)
Kourier (v1.1.0+)

Components

Operator

The Relay operator is responsible for reconciling the Relay custom resource definitions (CRDs). It is built using controller-runtime, although it does not use a higher-level framework like Kubebuilder or Operator SDK.

The entry point for the operator is in cmd/relay-operator.

Resources

API Version	Kind	Description
`relay.sh/v1beta1`	`Run`	Runs the defined workflow using a Tekton pipeline
`relay.sh/v1beta1`	`Tenant`	Defines event emission and namespace configuration for objects attached to it
`relay.sh/v1beta1`	`WebhookTrigger`	Creates Knative services with a given container configuration and tenant to handle webhook requests and emit events
`relay.sh/v1beta1`	`Workflow`	Defines a workflow using the given container configurations and dependencies

Metadata API

The metadata API provides runtime information to a pod running under the supervision of the Relay operator.

The entry point for the metadata API is in cmd/relay-metadata-api.

Endpoints

Requests to the metadata API are always authenticated. In production mode, we use the source IP of the request to look up an annotation containing an encrypted token that grants access to the resources for that pod. Once authenticated, the following endpoints are available:

Method	Path	Scope	Description
`GET`	`/conditions`	Any	Resolves any conditions specified in the `when` clause of a container specification
`POST`	`/events`	Triggers	Emits a new event using the configure trigger event sink of the pod's tenant
`PUT`	`/outputs/:name`	Steps	Sets the output with the given name
`GET`	`/outputs/:step_name/:name`	Steps	Retrieves the value of the output with the given step name and output name
`GET`	`/secrets/:name`	Any	Retrieves the value of the secret with the given name
`GET`	`/spec`	Any	Retrieves the entire specification associated with this container or a subset of the specification described by the given language (`lang`) and expression (`q`) query string parameters
`GET`	`/state/:name`	Any	Retrieves the value of the internal state variable with the given name

Testing

To test the metadata API without deploying it in a live environment, you can run it using a sample configuration. A selection of sample configurations are provided in the examples/sample-configs directory.

You can specify a JWT signing key for authenticating requests explicitly using the RELAY_METADATA_API_SAMPLE_HS256_SIGNING_KEY environment variable. If not specified, the metadata API process will generate and print one when it starts up.

For example:

$ go build -o relay-metadata-api ./cmd/relay-metadata-api
$ export RELAY_METADATA_API_SAMPLE_CONFIG_FILES=examples/sample-configs/simple.yaml
$ ./relay-metadata-api &
[...] created new HMAC-SHA256 signing key     key=[...]
[...] generated JWT for step                  run-id=1234 step-name=foo token=eyJhbGciOiJIUzI1NiJ9.[...]
[...] listening for metadata connections      addr=0.0.0.0:7000
$ curl -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.[...]' http://localhost:7000/spec | jq .
{
  "value": {
    "aws": {
      "accessKeyID": "AKIASAMPLEKEY",
      "secretAccessKey": "6bkpuV9fF3LX1Yo79OpfTwsw8wt5wsVLGTPJjDTu"
    },
    "foo": "bar"
  },
  "unresolvable": {},
  "complete": true
}

Contributing

See CONTRIBUTING.md for more information on how to contribute to this project.

Directories ¶

Path	Synopsis
cmd
relay-installer
relay-metadata-api
relay-metrics
relay-operator
relay-operator-vault-init
relay-operator-webhook-certificate-controller
relay-runtime-tools
pkg
apis
apis/install.relay.sh/v1alpha1 Package v1alpha1 contains API Schema definitions for the installer v1alpha1 API group +kubebuilder:object:generate=true +groupName=install.relay.sh	Package v1alpha1 contains API Schema definitions for the installer v1alpha1 API group +kubebuilder:object:generate=true +groupName=install.relay.sh
apis/relay.sh/v1beta1 Package v1beta1 is the v1 beta 1 version of the API.	Package v1beta1 is the v1 beta 1 version of the API.
authenticate
entrypoint
entrypoint/cmd
install/app
install/config
install/controller
install/dependency
install/jwt
install/op/kube
install/op/vault
install/reconciler
install/vault
manager/api
manager/builder
manager/configmap
manager/decorator
manager/input
manager/log
manager/memory
manager/reject
manager/service
manager/specadapter
manager/vault
metadataapi/errors Package errors contains errors for the domain "rma".	Package errors contains errors for the domain "rma".
metadataapi/opt
metadataapi/sample
metadataapi/server
metadataapi/server/api
metadataapi/server/middleware
metrics/model
metrics/opt
metrics/reconciler/run
model
obj
operator/admission
operator/app
operator/config
operator/controller/handler
operator/controller/run
operator/controller/tenant
operator/controller/trigger
operator/dependency
operator/handler/condition
operator/reconciler/run
operator/reconciler/tenant
operator/reconciler/trigger
spec
util/capturer
util/file
util/image
util/testutil
util/typeutil
workflow/validation

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL