How to make Public Broker

[Andrey Stelmashenko]

Hey, Community,

For knative-serving there is a way to setup custom DNS , I wonder how to do the same for knative-eventing.

Here is what I'm trying to achieve: 

make broker to have public DNS to accept events from outside (external event source), something like:

External System -> kn broker -> kn trigger -> kn service

By default broker's url is "cluster local" like this
http://broker-ingress.knative-eventing.svc.cluster.local/viax/default
and it is not publicly available.

How to make broker public? May be I ask wrong question and it should be done another way, if so, please point me a direcation.

Thank you.

[Scott Nichols]

The broker is internal by design, but you could use a DomainMapping from serving to expose a broker as a fqdn.

The other way is to use an HTTP proxy and forward traffic to the broker. 

-Scott

--
You received this message because you are subscribed to the Google Groups "Knative Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to knative-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/knative-users/c4dd92c0-d46f-4bcd-992f-6a14dbfd6ce2n%40googlegroups.com.

[Andrey Stelmashenko]

Scott, thank you for the answer. If broker is internal by default, there were reasons for that and is it wrong way to solve the problem? I've found this discussion https://github.com/knative/eventing/issues/3097 it looks like sink binding may be the right way to go, is not it?

When I'm trying to apply DomainMapping:

apiVersion: serving.knative.dev/v1alpha1

kind: DomainMapping

metadata:

  name: default-broker.viax.batcave-dev.viax.io

  namespace: viax

spec:

  ref:

    name: default

    kind: Broker

    apiVersion: eventing.knative.dev/v1

I get the following error:

error: unable to recognize "dns-broker.yaml": no matches for kind "DomainMapping" in version "serving.knative.dev/v1alpha1"

How to make DomainMapping available? I have knative-eventing and knative-service v0.20

[Scott Nichols]

The DomainMapping CRD is an extra install, search for "DomainMapping CRD" on https://knative.dev/docs/install/any-kubernetes-cluster/

The reason you might not want to expose a broker is because there is a fair amount of trust on that component, and if a malicious event sender finds your broker, it is not clear what it might be able to do. It would be best to have some kind of auth to allow you to filter the inbound traffic. 

There is a webhook source from TriggerMesh you could also try: https://docs.triggermesh.io/sources/webhook/

Eventing nor the Sources WG have not worked on this problem space much yet, but there are several ways to work around it depending on your needs. 

The last option for something cheap and cheerful would be a simple cloudevents proxy app you ship as a Knative Service if you are able to code a solution, one of the cloudevents sdks should get you most of the way there if you want to go that way.

-Scott

To view this discussion on the web visit https://groups.google.com/d/msgid/knative-users/bf684015-e8e4-4c7f-8424-b1678f9a3a9dn%40googlegroups.com.

[Ali Ok]

BTW, brokers expect to receive CloudEvents.

 

The last option for something cheap and cheerful would be a simple cloudevents proxy app you ship as a Knative Service if you are able to code a solution, one of the cloudevents sdks should get you most of the way there if you want to go that way.

Not only limited to this, but this might help with that, instead of making the clients send CloudEvents to the broker. 

To view this discussion on the web visit https://groups.google.com/d/msgid/knative-users/CAFvqHVQm0RtuQbGk2rZzMuT2hUOC8D%2BP_cJb%2B-M_ew9x-b0jWw%40mail.gmail.com.

[Matthias Wessendorf]

Just noticed this, but the suggestion pointing to a `Broker` object
does not work.

See:
https://github.com/knative/serving/issues/12686

-M

> To view this discussion on the web visit https://groups.google.com/d/msgid/knative-users/bf684015-e8e4-4c7f-8424-b1678f9a3a9dn%40googlegroups.com.



--
Matthias Wessendorf

github: https://github.com/matzew
twitter: http://twitter.com/mwessendorf