⚠️  This repo contains the source for a component of the Brigade v1.x ecosystem. Brigade v1.x reached end-of-life on June 1, 2022 and as a result, this component is no longer maintained.

Experimental: This should not be used in production. Misconfiguration can consume massive amounts of cluster resources.

This is a Brigade gateway that listens to the Kubernetes event stream and triggers events inside of Brigade.

Issues for Brigade projects are all tracked on the main Brigade project.

The Brigade K8s Gateway Helm Chart is hosted at the brigadecore/charts repository.

To install the latest image into your cluster:

$ helm repo add brigade https://brigadecore.github.io/charts
$ helm inspect values brigade/brigade-k8s-gateway > myvalues.yaml
# edit myvalues.yaml
$ helm install -f myvalues brigade/brigade-k8s-gateway

You must have the Go toolchain, make, and dep installed. For Docker support, you will need to have Docker installed as well. From there:

$ make build

To build a Docker image, you can make docker-build.

Configuring the gateway is tricky: You don't want to cause a build to trigger another build. In your Helm values.yaml file you will want to configure your filters appropriately.

Here is an example that listens to Pod events that occur in the namespace pequod.

filters:
  # Ignore all events coming from kube-system
  - namespace: kube-system
    action: reject
  # Ignore events on Nodes. We just care about Pods
  - kind: Node
    action: reject
  # Ignore "Killing" messages for Pods
  - kind: Pod
    reasons:
      - Killing
    action: reject
  # ONLY Listen to events for Pods in this namespace
  - kind: Pod
    namespace: pequod
    action: accept
  # Reject anything else (don't DOS yourself)
  - action: reject

For example, the following kinds (and more) produce events

• Node
• Pod
• CronJob
• Job
• Deployment
• ReplicaSet

The list of reasons is unconstrained (the value is a string in the Kubernetes API). But here are a few examples

• Node Starting: A node is starting up
• Pod Killing: Triggered when a pod has been terminated
• ReplicaSet SuccessfulCreate: Triggered when a ReplicaSet has been created

To make it easier to see what the gateway sees, we log the events. You can use kubectl logs $GATEWAY_POD_NAME to see the data. HEre's an example log entry for a Pod's Pulled event:

Processing default/wp-wordpress-69cfcc7544-nmsj5.1510e390827104e3: {
  "metadata": {
    "name": "wp-wordpress-69cfcc7544-nmsj5.1510e390827104e3",
    "namespace": "default",
    "selfLink": "/api/v1/namespaces/default/events/wp-wordpress-69cfcc7544-nmsj5.1510e390827104e3",
    "uid": "c2e459a8-0b9d-11e8-850f-080027ff61a5",
    "resourceVersion": "95112",
    "creationTimestamp": "2018-02-07T00:28:04Z"
  },
  "involvedObject": {
    "kind": "Pod",
    "namespace": "default",
    "name": "wp-wordpress-69cfcc7544-nmsj5",
    "uid": "ac2aa534-0b9d-11e8-850f-080027ff61a5",
    "apiVersion": "v1",
    "resourceVersion": "95051",
    "fieldPath": "spec.containers{wp-wordpress}"
  },
  "reason": "Pulled",
  "message": "Container image \"bitnami/wordpress:4.9.1-r0\" already present on machine",
  "source": {
    "component": "kubelet",
    "host": "minikube"
  },
  "firstTimestamp": "2018-02-07T00:28:04Z",
  "lastTimestamp": "2018-02-07T00:28:04Z",
  "count": 1,
  "type": "Normal"
}

If you are running with RBAC, you will need to write roles and role bindings for the namespaces you want this service to attach to. The chart includes a role/role binding for the default namespace. You may use this as a template.

This Brigade project accepts contributions via GitHub pull requests. This document outlines the process to help get your contribution accepted.

A DCO sign-off is required for contributions to repos in the brigadecore org. See the documentation in Brigade's Contributing guide for how this is done.