Merge pull request #72 from fluxcd/move-receiver

Move Receiver API to notification controller
This commit is contained in:
Stefan Prodan 2020-07-03 17:06:09 +03:00 committed by GitHub
commit 4acf569681
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 63 deletions

View File

@ -16,4 +16,5 @@ This is the v1alpha1 API specification for defining the desired state sources of
## Consumers
* [kustomize-controller](https://github.com/fluxcd/kustomize-controller/)
* [kustomize-controller](https://github.com/fluxcd/kustomize-controller/)
* [helm-controller](https://github.com/fluxcd/helm-controller/)

View File

@ -1,62 +0,0 @@
# Receivers
The `Receiver` API defines a webhook receiver that triggers
a synchronization for a group of sources.
## Specification
```go
type ReceiverSpec struct {
// Type of webhook sender, used to determine
// the validation procedure and payload deserialization.
// +kubebuilder:validation:Enum=github;gitlab
// +required
Type string `json:"type"`
// A list of sources to be notified about changes.
// +required
Sources []corev1.TypedLocalObjectReference `json:"sources"`
}
```
Webhook sender type:
```go
const (
GitHubWebhook string = "github"
GitLabWebhook string = "gitlab"
)
```
## Status
```go
type ReceiverStatus struct {
// Generated webhook URL in the format
// of '/hook/sha256sum(token)'.
// +required
URL string `json:"url"`
// Generate token used to validate the payload authenticity.
// +required
Token string `json:"token"`
}
```
## Implementation
The source controller handles the webhook requests on a dedicated port. This port can be used to create
a Kubernetes LoadBalancer Service or Ingress to expose the receiver endpoint outside the cluster.
When a `Receiver` is created, the controller generates a random token and
sets the `Receiver` status token and URL in the format `/hook/sha256sum(token)`.
The `ReceiverReconciler` creates an indexer for the SHA265 digest
so that it can be used as a field selector.
When source controller receives a POST request:
* extract the SHA265 digest from the URL
* loads the `Receiver` using the digest field selector
* extracts the signature from HTTP headers based on `spec.type`
* validates the signature using `status.Token` based on `spec.type`
* extract the event type from the payload
* triggers a synchronization for `spec.sources` if the event type is `push`