--- title: "Kubernetes | WebhookRelay" meta: "og:description": "How to use Webhook Relay client with Kubernetes to start forwarding webhooks to your internal services and open tunnels to expose your services" "og:title": Kubernetes description: "How to use Webhook Relay client with Kubernetes to start forwarding webhooks to your internal services and open tunnels to expose your services" --- ![Stripes](https://webhookrelay.com/docs/installation/kubernetes/images/stripes.svg) Documentation **Fundamentals** # **Kubernetes** How to use Webhook Relay client with Kubernetes to start forwarding webhooks to your internal services and open tunnels to expose your services Webhook Relay can help you receive webhooks in your internal services. To achieve that you can use: 1. [Webhook Relay operator](#Option-1-Webhook-Relay-Operator-recommended) - recommended way to forward webhooks to Kubernetes clusters. Handles agent deployment and routing configuration. 2. [A sidecar container](#Option-2-Sidecar) - does not automatically configure routing. 3. [A standalone deployment](#Option-3-Separate-deployment) - does not automatically configure routing. 4. [Webhook Relay ingress controller](#Option-4-Ingress-Controller) - recommended way to open bidirectional tunnels to expose services directly from your Kubernetes cluster such as Grafana, Prometheus, etc. Since container is stateless and only requires your access key & secret, deploying and running it is extremely easy. Recommended way to deploy Webhook Relay into your cluster is using the official operator. ## [Option 1: Webhook Relay Operator (recommended)](#option-1-webhook-relay-operator-recommended) Webhook Relay operator not only deploys and manages agent containers that subscribe and forward webhooks but it also configures buckets, inputs (your public endpoints) and outputs (forwarding destinations). ### [Install](#install) Prerequisites: - [Helm](https://docs.helm.sh/using_helm/#installing-helm) - [Webhook Relay account](https://my.webhookrelay.com) - Kubernetes You need to add this Chart repo to Helm: ``` helm repo add webhookrelay https://charts.webhookrelay.com helm repo update ``` Get access token from [here](https://my.webhookrelay.com/tokens). Once you click on 'Create Token', it will generate it and show a helper to set environment variables: ``` export RELAY_KEY=*****-****-****-****-********* export RELAY_SECRET=********** ``` Install through Helm: ``` helm upgrade --install webhookrelay-operator --namespace=default webhookrelay/webhookrelay-operator \ --set credentials.key=$RELAY_KEY --set credentials.secret=$RELAY_SECRET ``` ### [Usage](#usage) Once the operator is deployed, to start receiving webhooks you will need to create a [Custom Resource](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/) (usually called just 'CR'). It's a short yaml file that describes your public endpoint characteristics and specifies where to forward the webhooks: ``` # cr.yaml apiVersion: forward.webhookrelay.com/v1 kind: WebhookRelayForward metadata: name: example-forward spec: buckets: - name: k8s-operator inputs: - name: public-endpoint description: "Public endpoint, supply this to the webhook producer" responseBody: "OK" responseStatusCode: 200 outputs: - name: webhook-receiver destination: http://destination:5050/webhooks ``` ``` kubectl apply -f cr.yaml ``` ### [Uninstall](#uninstall) To remove the agent that is forwarding the webhooks, remove the CR that created it: ``` kubectl delete -f cr.yaml ``` To remove operator, use standard Helm command to uninstall the operator. ``` helm uninstall webhookrelay-operator ``` ## [Option 2: Sidecar](#option-2-sidecar) First, go to [https://my.webhookrelay.com/tokens](https://my.webhookrelay.com/tokens) and create a token key & secret pair. Then, create a Kubernetes secret: ``` kubectl create secret generic webhookrelay-credentials --from-literal=key=[access key] --from-literal=secret=[access secret] ``` Once the secret is created, you can deploy webhookrelayd container either as a sidecar or a standalone container. Webhookrelayd agent can be easily deployed as a sidecar. This way requests can be forwarded to the service through localhost: ``` apiVersion: apps/v1 kind: Deployment metadata: name: webhookrelay-deployment labels: app: webhookrelay spec: replicas: 1 selector: matchLabels: app: webhookrelay template: metadata: labels: app: webhookrelay spec: containers: - name: demo image: karolisr/webhook-demo:0.0.15 command: ["/bin/webhook-demo"] ports: - containerPort: 8090 # Webhook Relay sidecar - name: webhookrelayd image: webhookrelay/webhookrelayd:latest env: - name: KEY valueFrom: secretKeyRef: name: webhookrelay-credentials key: key - name: SECRET valueFrom: secretKeyRef: name: webhookrelay-credentials key: secret - name: BUCKETS value: bucket1,bucket2,bucket3 ``` ## [Option 3: Separate deployment](#option-3-separate-deployment) Webhook Relay container can also work as standalone deployment: ``` apiVersion: apps/v1 kind: Deployment metadata: name: webhookrelay-deployment labels: app: webhookrelay spec: replicas: 1 selector: matchLabels: app: webhookrelay template: metadata: labels: app: webhookrelay spec: containers: - name: webhookrelayd image: webhookrelay/webhookrelayd:latest env: - name: KEY valueFrom: secretKeyRef: name: webhookrelay-credentials key: key - name: SECRET valueFrom: secretKeyRef: name: webhookrelay-credentials key: secret - name: BUCKETS value: bucket1,bucket2,bucket3 ``` If agent is deployed as a separate deployment, the **output** destination should then be a service name. Repository can be found here: [https://github.com/webhookrelay/webhook-demo](https://github.com/webhookrelay/webhook-demo). ## [Option 4: Ingress Controller](#option-4-ingress-controller) Implements a [Kubernetes](https://kubernetes.io/) ingress controller using tunnels to connect a Web Relay managed URL (_[https://yoursubdomain.webrelay.io](https://yoursubdomain.webrelay.io)_) to a Kubernetes [service](https://kubernetes.io/docs/concepts/services-networking/service/) based on [ingress resources](https://kubernetes.io/docs/concepts/services-networking/ingress/#what-is-ingress). Single ingress controller can manage multiple tunnels and route to multiple namespaces. Deployment files and issue tracker is available on GitHub: [https://github.com/webrelay/ingress](https://github.com/webrelay/ingress) You can try out Web Relay ingress controller by creating a deployment from a hosted manifest, no clone or local install necessary. What you do need: - A Kubernetes cluster that has access to the Internet - `kubectl` configured with admin access to your cluster - `relay` CLI, installation instructions can be found [here](https://docs.webhookrelay.com/installation-options/installation-options/install-cli) ### [Installing](#installing) To add Web Relay ingress controller to your cluster, run: ``` relay ingress init ``` > Manifests are available here: [https://github.com/webrelay/ingress/tree/master/deployment](https://github.com/webrelay/ingress/tree/master/deployment) This command: - Creates `webrelay-ingress` namespace - Creates `webrelay` service account - Creates deployment with the controller - Creates cluster role and binding - Generates access key and secret for the Web Relay server and supplies them as a Kubernetes secret If RBAC isn't enabled on your cluster (for example, if you're on GKE with legacy authorization or Minikube without RBAC), run: ``` relay ingress init --no-rbac ``` > You can also generate tokens through the Web UI here [https://my.webhookrelay.com/tokens](https://my.webhookrelay.com/tokens) or `relay token create` command on the CLI. ### [Uninstalling Ingress Controller](#uninstalling-ingress-controller) To remove it, either delete the namespace where it was deployed or use: ``` relay ingress reset ``` Did this page help you?