Customizing Webhooks

Mon, 01 Jan 0001 00:00:00 +0000

Layer5 offers on-premises installation of its Meshery Remote Provider, Layer5 Cloud. In this guide, we will walk through configurable webhooks that Layer5 Cloud uses internally to automate tasks and how you can customize these webhooks to integrate with your existing tools.

Customize and add your own custom webhook 🔗

Layer5 Cloud’s webhook configurations are managed through environment variables defined in .env files. Here’s how you can customize them:

White-labeling (Rebranding)

Mon, 01 Jan 0001 00:00:00 +0000

You can change the logo, color scheme, domain name, and other aspects of the user interface to match your own identity and preferences. White-labeling enables you to offer a seamless and consistent experience to your customers, partners, or internal users who access your service mesh platform. White-labeling also helps you to differentiate your platform from other Layer5 Cloud users and competitors, and to enhance your brand recognition and loyalty.

Customizing Themes 🔗

The Layer5 Cloud dashboard can be customized with your own branding, including your full-sized logo, logo mark, and color scheme. Customized theme colors also affect email notifications.

Customizing Layer5 Cloud Deployment with Helm

Mon, 01 Jan 0001 00:00:00 +0000

Requirements 🔗

Repository	Name	Version
@ory	hydra	0.24.2
@ory	kratos	0.39.1

Values 🔗

Key	Type	Default	Description
affinity	object	`{}`	Affinity for Layer5 Cloud primary pods assignment ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
appVersion	string	`"v0.7.15"`
autoscaling.enabled	bool	`false`
autoscaling.maxReplicas	int	`100`
autoscaling.minReplicas	int	`1`
autoscaling.targetCPUUtilizationPercentage	int	`80`
env.db	string	`"postgres://postgres:postgres@postgres-postgresql.postgres.svc.cluster.local:5432/meshery?sslmode=disable"`	URL to be used to connect with the meshery database.
env.debug	string	`"false"`
env.environment	string	`"cloud"`	If the environment is set as “development”, the cloud server expects the meshery database connection at postgres://postgres:postgres@127.0.0.1:5432/meshery. For any other value env.db variable is used to connect to the database.
env.ghtoken	string	`""`	GitHub PAT to be used by server for dispatching workflows.
env.githubappkeypath	string	`"key.pem"`
env.hydraadmin	string	`"http://hydra-admin:4445"`
env.hydradb	string	`"postgres://postgres:postgres@postgres-postgresql.postgres.svc.cluster.local:5432/hydra?sslmode=disable"`	URL to be used to connect with the hydra database.
env.hydrapublic	string	`"http://hydra-public:4444"`
env.kratosdb	string	`"postgres://postgres:postgres@postgres-postgresql.postgres.svc.cluster.local:5432/kratos?sslmode=disable"`	URL to be used to connect with the kratos database.
env.minmesheryversion	string	`"v0.7.0"`	Minimum Meshery Server version compatible with the current Layer5 cloud server.
env.oauthclientid	string	`"meshery-cloud"`
env.oauthsecret	string	`"secret1234567890"`
env.port	int	`9876`	The port on which Layer5 Cloud server runs.
env.serverHost	string	`"localhost"`
env.serverbaseurl	string	`"http://localhost:9876"`	Layer5 Cloud base URL
fullnameOverride	string	`"meshery-cloud"`
hydra.hydra.config	object	{"dsn":"postgres://postgres:postgres@postgres-postgresql.postgres.svc.cluster.local:5432/hydra?sslmode=disable","log":{"leak_sensitive_values":false,"level":"debug"},"oauth2":{"expose_internal_errors":true},"secrets":{"system":[""]},"serve":{"public":{"cors":{"enabled":true}}},"strategies":{"access_token":"jwt"},"ttl":{"access_token":"24h","auth_code":"1h","id_token":"1h","refresh_token":"1000h"},"urls":{"consent":"https://public.hydra.localhost/consent","error":"https://public.hydra.localhost/error","login":"https://public.hydra.localhost/login","post_logout_redirect":"https://public.hydra.localhost/login","self":{"issuer":"https://public.hydra.localhost/hydra/","public":"https://public.hydra.localhost/hydra/"}}}	Hydra configuration to use. You can pass your own Hydra configuration file and configure callback, admin and public urls. (Hydra Reference Configuration)[https://www.ory.sh/docs/hydra/reference/configuration] for detailed description of each fields.
hydra.hydra.config.secrets.system[0]	string	`""`	pass in a seceret to be used in AuthZ flow
hydra.hydra.config.ttl.access_token	string	`"24h"`	Expiry of the issued token
hydra.hydra.config.ttl.auth_code	string	`"1h"`	Expiry of the issued auth code to be exchanged for access_token.
hydra.hydra.config.ttl.refresh_token	string	`"1000h"`	Expiry of the issued refresh token, once expired the refresh token cannot be used to re-issue the access token.
hydra.hydra.dangerousForceHttp	bool	`true`	enabled for development environment to skip TLS.
image.pullPolicy	string	`"IfNotPresent"`
image.repository	string	`"layer5/meshery-cloud"`
image.tag	string	`"latest"`
imagePullSecrets	list	`[]`
ingress.annotations	object	`{}`
ingress.className	string	`""`
ingress.enabled	bool	`false`
ingress.hosts[0].host	string	`""`
ingress.hosts[0].paths[0].path	string	`"/"`
ingress.hosts[0].paths[0].pathType	string	`"ImplementationSpecific"`
ingress.tls	list	`[]`
kratos.enabled	bool	`true`
kratos.kratos.automigration.enabled	bool	`true`
kratos.kratos.config	object	{"ciphers":{"algorithm":"xchacha20-poly1305"},"courier":{"smtp":{"connection_uri":""},"templates":{"recovery_code":{"valid":{"email":{"body":{"html":""},"subject":""}}},"verification_code":{"valid":{"email":{"body":{"html":""},"subject":""}}}}},"dsn":"postgres://postgres:postgres@postgres-postgresql.postgres.svc.cluster.local:5432/kratos?sslmode=disable","hashers":{"argon2":{"iterations":2,"key_length":16,"memory":"128MB","parallelism":1,"salt_length":16}},"identity":{"default_schema_id":"default","schemas":[{"id":"default","url":"file:///etc/config/identity.schema.json"}]},"log":{"format":"text","leak_sensitive_values":false,"level":"debug"},"secrets":{"cipher":[""],"cookie":[""]},"selfservice":{"allowed_return_urls":["http://localhost:9876"],"default_browser_return_url":"http://localhost:9876","flows":{"error":{"ui_url":"http://localhost:9876/error"},"login":{"after":{"default_browser_return_url":"http://localhost:9876/oauth/callback","password":{"hooks":[{"hook":"require_verified_address"}]}},"lifespan":"720m","ui_url":"http://localhost:9876/login"},"logout":{"after":{"default_browser_return_url":"http://localhost:9876/login"}},"recovery":{"enabled":true,"lifespan":"720h","ui_url":"http://localhost:9876/recovery","use":"code"},"registration":{"after":{"default_browser_return_url":"http://localhost:9876/registered","oidc":{"hooks":[{"hook":"session"},{"config":{"auth":{"config":{"in":"header","name":"X-API-Key","value":"dev_token"},"type":"api_key"},"body":"file:///home/ory/identity/password.webhook.jsonnet","method":"POST","response":{"ignore":true},"url":"http://localhost:9876/identity/users"},"hook":"web_hook"}]},"password":{"hooks":[{"config":{"auth":{"config":{"in":"header","name":"X-API-Key","value":"dev_token"},"type":"api_key"},"body":"file:///home/ory/identity/password.webhook.jsonnet","method":"POST","response":{"ignore":true},"url":"http://localhost:9876/identity/users"},"hook":"web_hook"}]}},"lifespan":"24h","ui_url":"http://localhost:9876/registration"},"settings":{"after":{"default_browser_return_url":"http://localhost:9876/account/profile"},"privileged_session_max_age":"15m","ui_url":"http://localhost:9876/reset"},"verification":{"enabled":true,"lifespan":"720h","ui_url":"http://localhost:9876/verification","use":"code"}},"methods":{"oidc":{"config":{"providers":[{"client_id":"","client_secret":"","id":"github","mapper_url":"file:///home/ory/identity/oidc.github.jsonnet","provider":"github","requested_claims":{"id_token":{"email":{"essential":true},"email_verified":{"essential":true},"name":{"essential":true},"picture":{"essential":true},"profile":{"essential":true}}},"scope":["read:user","user:email"]},{"client_id":"","client_secret":"","id":"google","mapper_url":"file:///home/ory/identity/oidc.google.jsonnet","provider":"google","requested_claims":{"id_token":{"email":{"essential":true},"email_verified":{"essential":true},"family_name":null,"given_name":{"essential":true},"hd":null}},"scope":["email","profile"]}]},"enabled":true},"password":{"config":{"haveibeenpwned_enabled":true,"identifier_similarity_check_enabled":true,"min_password_length":8},"enabled":true}}},"serve":{"admin":{"base_url":"http://localhost:9011/"},"public":{"base_url":"http://localhost:9010/","cors":{"allowed_headers":["Authorization","Cookie"],"allowed_methods":["POST","GET","PUT","PATCH","DELETE"],"allowed_origins":["http://localhost:9010/"],"enabled":true,"exposed_headers":["Content-Type","Set-Cookie"]}}}}	Kratos configuration to use. You can pass your own Kratos configuration file and configure self-service flows, enable/disable features as required. (Kratos Reference Configuration)[https://www.ory.sh/docs/kratos/reference/configuration] for detailed description of each fields.
kratos.kratos.config.ciphers	object	`{"algorithm":"xchacha20-poly1305"}`	One of the values: `[noop, aes, xchacha20-poly1305]`. Default if not provided is `noop`.
kratos.kratos.config.secrets.cookie	list	`[""]`	Fill in values for cookie and cipher to be used in the AuthN flows
kratos.kratos.config.selfservice.flows.login.lifespan	string	`"720m"`	Each session is valid for a set amount of time. This time is the session’s lifespan. When the session lifespan expires, the user must re-authenticate.
kratos.kratos.config.selfservice.flows.recovery.lifespan	string	`"720h"`	In the configuration, session lifespan is expressed in hours, minutes, and seconds. Use a combination of these units to define the desired lifespan. For example: 72h, 10m, 12s, 1h13m3s.
kratos.kratos.config.selfservice.flows.registration.lifespan	string	`"24h"`	Each session is valid for a set amount of time. This time is the session’s lifespan. When the session lifespan expires, the user must re-authenticate.
kratos.kratos.config.selfservice.flows.verification.lifespan	string	`"720h"`	In the configuration, session lifespan is expressed in hours, minutes, and seconds. Use a combination of these units to define the desired lifespan. For example: 72h, 10m, 12s, 1h13m3s.
kratos.kratos.config.selfservice.methods.oidc.config.providers[0].client_id	string	`""`	GitHub OAuth App client_id to enable GitHub OIDC support for cloud IDP.
kratos.kratos.config.selfservice.methods.oidc.config.providers[0].client_secret	string	`""`	GitHub OAuth App client_secret to enable GitHub OIDC support for cloud IDP.
kratos.kratos.config.selfservice.methods.oidc.config.providers[0].mapper_url	string	`"file:///home/ory/identity/oidc.github.jsonnet"`	mapper_url is a jsonnet file to map the incoming OIDC profile details to the Kratos Identity.
kratos.kratos.config.selfservice.methods.oidc.config.providers[0].scope	list	`["read:user","user:email"]`	GitHub OAuth App scope’s to specify exactly what type of access you need. Scopes limit access for OAuth tokens. They do not grant any additional permission beyond that which the user already has.
kratos.kratos.config.selfservice.methods.oidc.config.providers[1].client_id	string	`""`	Google OAuth App client_id to enable Google OIDC support for cloud IDP.
kratos.kratos.config.selfservice.methods.oidc.config.providers[1].client_secret	string	`""`	Google OAuth App client_secret to enable Google OIDC support for cloud IDP.
kratos.kratos.config.selfservice.methods.oidc.config.providers[1].mapper_url	string	`"file:///home/ory/identity/oidc.google.jsonnet"`	mapper_url is a jsonnet file to map the incoming OIDC profile details to the Kratos Identity.
kratos.kratos.config.selfservice.methods.oidc.config.providers[1].scope	list	`["email","profile"]`	GitHub OAuth App scope’s to specify exactly what type of access you need. Scopes limit access for OAuth tokens. They do not grant any additional permission beyond that which the user already has.
kratos.kratos.identitySchemas.“identity.schema.json”	string	"{\n\"$id\": \"identity.schema.json\",\n\"$schema\": \"http://json-schema.org/draft-07/schema#\",\n\"title\": \"Person\",\n\"type\": \"object\",\n\"properties\": {\n \"traits\": {\n \"type\": \"object\",\n \"properties\": {\n \"email\": {\n \"type\": \"string\",\n \"format\": \"email\",\n \"title\": \"E-Mail\",\n \"minLength\": 3,\n \"ory.sh/kratos\": {\n \"credentials\": {\n \"password\": {\n \"identifier\": true\n }\n },\n \"verification\": {\n \"via\": \"email\"\n },\n \"recovery\": {\n \"via\": \"email\"\n }\n }\n },\n \"name\": {\n \"type\": \"object\",\n \"properties\": {\n \"first_name\": {\n \"title\": \"First Name\",\n \"type\": \"string\"\n },\n \"last_name\": {\n \"title\": \"Last Name\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"first_name\",\n \"last_name\"\n ]\n },\n \"avatar\": {\n \"title\": \"Avatar URL\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"email\",\n \"name\"\n ],\n \"additionalProperties\": true\n }\n}\n}"
kratos.service.admin.enabled	bool	`true`
kratos.service.admin.port	int	`9011`	Kratos Admin API port
kratos.service.public.enabled	bool	`true`
kratos.service.public.port	int	`9010`	Kratos Public API port
nameOverride	string	`""`
nodeSelector	object	`{}`	Node labels for Layer5 Cloud pods assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
podAnnotations	object	`{}`
podSecurityContext	object	`{}`
replicaCount	int	`1`
resources.limits	object	`{}`	The resources limits for the Layer5 Cloud containers
resources.requests.cpu	string	`"250m"`	The requested cpu for the Layer5 Cloud containers
resources.requests.memory	string	`"256Mi"`	The requested memory for the Layer5 Cloud containers
securityContext	object	`{}`
service.port	int	`9876`
service.type	string	`"ClusterIP"`
serviceAccount.annotations	object	`{}`
serviceAccount.create	bool	`true`	Specifies whether a service account should be created
serviceAccount.name	string	`"meshery-cloud"`
smtp	object	`{"smtphost":"","smtppassword":"","smtpport":"","smtpusername":""}`	smtp configuration to be used when sending out emails
tolerations	list	`[]`	Tolerations for Layer5 Cloud pods assignment ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/

Deploying Layer5 Cloud

Mon, 01 Jan 0001 00:00:00 +0000

High-level List of Deployment Tasks 🔗

Review the prequisites for installing Layer5 Cloud on Kubernetes. (docs)
Prepare INIT_CONFIG parameters for initial setup
Install Layer5 Cloud on Kubernetes using Helm. Deploy it's services in Kubernetes in-cluster. (docs)
Meshery deployments are separate from Remote Provider deployments (Layer5 Cloud). Deploy Meshery in Kubernetes in-cluster (or out-of-cluster). (docs)
Configure Meshery Server point to your Remote Provider. Learn more about the Meshery Server registration process with Remote Providers. (docs)

Kubernetes-based Installation with Helm 🔗

Layer5 offers on-premises installation of its Meshery Remote Provider: Layer5 Cloud. Available in the Layer5 Helm repository is the layer5-cloud chart, which contains two subcharts. See the Helm repo index for details.

Networking

Mon, 01 Jan 0001 00:00:00 +0000

Considerations of Peer-to-Peer Communication 🔗

Layer5 Cloud offers central coordination for real-time user presence and its multi-player experience and does so by propagating document (e.g. designs, views, and so on) updates peer-to-peer to all users using WebRTC. This allows for real-time collaboration without the need for a central server. The signaling server is only used to establish the initial connection between peers. The signaling server does not have access to the content of the document.

Identity Services

Mon, 01 Jan 0001 00:00:00 +0000

Layer5 Cloud offers a built-in identity provider (IDP), supporting OIDC for normal users and token-based authentication (access, ID, refresh tokens) for API clients with JSON Web Signature (JWS) for token signing. Layer5 Cloud users can sign-up via email and password in addition to social identity providers (Google and GitHub) via OAuth2. See Getting Started with a Layer5 Account for details.

Layer5 Cloud identity services include features such as account recovery, email verification, automatica social sign-in account linking, and multi-factor authentication (coming soon).

Self-Hosted

Mon, 01 Jan 0001 00:00:00 +0000

On-premises Deployment of Layer5 Cloud 🔗

Layer5 Cloud is a collection of services that can be deployed on-premises.

Considerations of Self-Hosted Deployments 🔗

Email / SMTP Troubleshooting

Mon, 01 Jan 0001 00:00:00 +0000

Email Debugging Guide for Layer5 Cloud 🔗

This guide explains how to diagnose email sending issues in Layer5 Cloud deployments using the enhanced debug logging and testing features.

Overview 🔗

Email issues in Layer5 Cloud can occur due to various reasons including SMTP configuration problems, template errors, recipient validation issues, or network connectivity problems. This guide provides comprehensive debugging tools and techniques.

Self-Hosted on Layer5 Documentation

Customizing Webhooks

Customize and add your own custom webhook 🔗

White-labeling (Rebranding)

Customizing Themes 🔗

Customizing Layer5 Cloud Deployment with Helm

Requirements 🔗

Values 🔗

Deploying Layer5 Cloud

High-level List of Deployment Tasks 🔗

Kubernetes-based Installation with Helm 🔗

Networking

Considerations of Peer-to-Peer Communication 🔗

Identity Services

Self-Hosted

On-premises Deployment of Layer5 Cloud 🔗

Considerations of Self-Hosted Deployments 🔗

Email / SMTP Troubleshooting

Email Debugging Guide for Layer5 Cloud 🔗

Overview 🔗