Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/puppetlabs/relay-core

Kubernetes-based execution engine
https://github.com/puppetlabs/relay-core

relay

Last synced: about 2 months ago
JSON representation

Kubernetes-based execution engine

Host: GitHub
URL: https://github.com/puppetlabs/relay-core
Owner: puppetlabs
License: apache-2.0
Archived: true
Created: 2019-06-19T21:40:20.000Z (over 5 years ago)
Default Branch: main
Last Pushed: 2023-02-09T21:10:43.000Z (almost 2 years ago)
Last Synced: 2024-09-23T05:31:37.169Z (about 2 months ago)
Topics: relay
Language: Go
Homepage:
Size: 22.3 MB
Stars: 16
Watchers: 40
Forks: 8
Open Issues: 0
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Codeowners: CODEOWNERS

Awesome Lists containing this project

README

        # Relay Core

This repository contains a Kubernetes-based execution engine for running workflows or processing webhook triggers.

## Installation

```bash

kustomize build manifests | kubectl apply -f -

kustomize build examples/install | kubectl apply -f -

```

### Requirements

* Kubernetes v1.20+

* [Tekton](https://tekton.dev/) (v0.32.1+)

* [Knative Serving](https://knative.dev/) (v1.1.2+)

* [Kourier](https://github.com/knative-sandbox/net-kourier/) (v1.1.0+)

## Components

### Operator

The Relay operator is responsible for reconciling the Relay [custom resource

definitions

(CRDs)](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/).

It is built using

[controller-runtime](https://github.com/kubernetes-sigs/controller-runtime/),

although it does not use a higher-level framework like Kubebuilder or Operator

SDK.

The entry point for the operator is in

[`cmd/relay-operator`](cmd/relay-operator).

#### Resources

| API Version | Kind | Description |

|-------------|------|-------------|

| `relay.sh/v1beta1` | `Run` | Runs the defined workflow using a Tekton pipeline |

| `relay.sh/v1beta1` | `Tenant` | Defines event emission and namespace configuration for objects attached to it |

| `relay.sh/v1beta1` | `WebhookTrigger` | Creates Knative services with a given container configuration and tenant to handle webhook requests and emit events |

| `relay.sh/v1beta1` | `Workflow` | Defines a workflow using the given container configurations and dependencies |

### Metadata API

The metadata API provides runtime information to a pod running under the

supervision of the Relay operator.

The entry point for the metadata API is in

[`cmd/relay-metadata-api`](cmd/relay-metadata-api).

#### Endpoints

Requests to the metadata API are always authenticated. In production mode, we

use the source IP of the request to look up an annotation containing an

encrypted token that grants access to the resources for that pod. Once

authenticated, the following endpoints are available:

| Method | Path | Scope | Description |

|--------|------|-------|-------------|

| `GET` | `/conditions` | Any | Resolves any conditions specified in the `when` clause of a container specification |

| `POST` | `/events` | Triggers | Emits a new event using the configure trigger event sink of the pod's tenant |

| `PUT` | `/outputs/:name` | Steps | Sets the output with the given name |

| `GET` | `/outputs/:step_name/:name` | Steps | Retrieves the value of the output with the given step name and output name |

| `GET` | `/secrets/:name` | Any | Retrieves the value of the secret with the given name |

| `GET` | `/spec` | Any | Retrieves the entire specification associated with this container or a subset of the specification described by the given language (`lang`) and expression (`q`) query string parameters |

| `GET` | `/state/:name` | Any | Retrieves the value of the internal state variable with the given name |

#### Testing

To test the metadata API without deploying it in a live environment, you can run

it using a sample configuration. A selection of sample configurations are

provided in the [`examples/sample-configs`](examples/sample-configs) directory.

You can specify a JWT signing key for authenticating requests explicitly using

the `RELAY_METADATA_API_SAMPLE_HS256_SIGNING_KEY` environment variable. If not

specified, the metadata API process will generate and print one when it starts

up.

For example:

```console

$ go build -o relay-metadata-api ./cmd/relay-metadata-api

$ export RELAY_METADATA_API_SAMPLE_CONFIG_FILES=examples/sample-configs/simple.yaml

$ ./relay-metadata-api &

[...] created new HMAC-SHA256 signing key     key=[...]

[...] generated JWT for step                  run-id=1234 step-name=foo token=eyJhbGciOiJIUzI1NiJ9.[...]

[...] listening for metadata connections      addr=0.0.0.0:7000

$ curl -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.[...]' http://localhost:7000/spec | jq .

{

  "value": {

    "aws": {

      "accessKeyID": "AKIASAMPLEKEY",

      "secretAccessKey": "6bkpuV9fF3LX1Yo79OpfTwsw8wt5wsVLGTPJjDTu"

    },

    "foo": "bar"

  },

  "unresolvable": {},

  "complete": true

}

```

## Contributing

See [`CONTRIBUTING.md`](CONTRIBUTING.md) for more information on how to

contribute to this project.