Relationships

Meshery uses relationships to map how interconnected components interact. These relationships are defined by a combination of properties: kind, type, and subtype. This allows you to model various connections between components, including:

  • Hierarchical structures: Parent-child relationships show clear lineage, similar to a family tree (child, parent, grandparent, etc.).
  • Interdependencies: This captures how components rely on each other to function.
  • Collateral connections: These describe components that share a common origin but operate independently (siblings, cousins, etc.).
  • Non-genealogical ties: Relationships like “parent,” “sibling,” or “binding” can exist regardless of ancestry.

Relationships are further customized by:

  • Selectors: These specify which components the relationship applies to.
  • Selector sets: Combine multiple selectors for more granular control.
  • Metadata: Provides additional descriptive information about the relationship.
  • Optional parameters: Allow for further tailoring of the relationship behavior.

Relationships define the nature of interaction between interconnected components in Meshery. They represent various types of connections and dependencies between components no matter the genealogy of the relationship such as parent, siblings, binding. Relationships have selectors, metadata, and optional parameters.

Contributor Guide to Meshery Relationships

If you want to create a new relationship definition or modify existing relationship definitions, see the Contributing to Meshery Relationships guide.

Types of Relationships

Meshery supports a variety of relationships between components. Relationships are are categorized into different kinds, types, and subtypes, so that can be expressive of the specific manner in which one or more components relate to one another. Each type of relationship can be interpretted by Meshery UI (or other extensions) and mapped to a specific visual paradigm for the given kind relationship. Let’s look at some examples of these visual paradigms; let’s explore examples of way in which relationships are represented in Meshery.

Here is a list of the different types of relationships that Meshery supports:

  1. Edge
    1. Network
    2. Firewall
    3. Binding
      1. Mount
      2. Permission
  2. Heirarchical
    1. Inventory
    2. Parent

The Meaning of Relationships

Meshery supports a variety of relationships between components. These relationships are categorized into two types: Semantic and Non-Semantic. Relationships are categorized by whether they are meaningful in terms of how Meshery manages entities - a Semantic relationship - or are simply annotations to aid in the comprehension of you as the designer of the relationship - a Non-Semantic relationship.

Semantic Relationships

Semantic relationships are those that are meaningful in the context of the application or infrastructure. For example, a Service in Kubernetes is semantically related to a Deployment or a Pod. These relationships are meaningful and are managed by Meshery.

Non-Semantic Relationships

Non-semantic relationships are those that are meaningful to you as a user and your mental representation of your infrastructure and applications, but are not meaningful in terms of how Meshery evaluates the design or manages these relationships and their associated components. Non-sematic relationships are ignored by Meshery’s lifecycle management engine. For example, a Rectangle shape that encloses other components (has a parent relationship with other child components) is not semantically meaningful to the way in which Meshery manages these resources. While the Rectangle shape might have a parent-child relationship with any number of Meshery-managed components, such a relationship does not implicate any management that Meshery might perform; they are not managed by Meshery.

Identifiying Non-Semantic Relationships

The isAnnotation attribute of a Relationship or Component determines whether the given Relationship or Component represents a management concern for Meshery; whether the given Relationship or Component is sematically meaningful, and whose lifecycle is managed by Meshery.

Core Constructs of Relationships

  • Kinds
  • Subtypes
  • Selectors

Kind and Subtypes of Relationships

The combination of kind and subType uniquely determines the visual paradigm for a given relationship i.e., relationships with the same kind and subType will share an identical visual representation regardless of the specific components involved in the relationship.

1. Edge - Network

This Relationship type configures the networking between one or more components.

Examples: Relationships between a Service and a Deployment, or between a Service and a Pod, or between an Ingress and a Service.

  • Example 1) Service –> Deployment
  • Example 2) Service –> Pod
  • Example 3) IngressController –> Ingress –> Service
Visual Representation of Edge-Network Relationships
1. Edge - Network: Ingress to Service (open in playground)
Edge - Network
2. Edge - Network: Service to Pod (open in playground)
Edge - Network: Ingress to Service
3. Edge - Network: Service to Service (open in playground)
Edge - Network
4. Edge - Network: Service to Endpoint (open in playground)
Edge - Network
5. Edge - Network: Service to Deployment (open in playground)
Edge - Network

2. Edge - Mount

Example: Assignment of PersistentVolumes to Pods via PersistenVolumeClaim.

  • Example 1) Pod –> PersistenVolumeClaim –> PersistentVolume
Visual Representation of Edge-Mount Relationship

1. Edge - Mount: Pod and Persistent volume via Persistent volume claim (open in playground)

Edge - Mount

3. Edge - Permission

Example: The set of Service Accounts that are entitled with the one or more Roles/ClusterRoles bound via Role/ClusterRoleBinding.

  • Example 1) ClusterRole –> CluserRoleBinding –> ServiceAccount
  • Example 2) Role –> RoleBinding –> ServiceAccount
Visual Representation of Edge-Permission Relationship
1. Edge - Permission: Cluster Role to Service Account (open in playground)
Edge - Permission

4. Edge - Firewall

Kubernetes Network Policy for controlling ingress and egress traffic from Pod-to-Pod

  • Example 1) Pod –> NetworkPolicy –> Pod
Visual Representation of Edge-Firewall Relationship
1. Edge - Firewall: Pod to Pod (open in playground)
Edge - Firewall

5. Heirarchical - Inventory

Example

  • Example 1) (binary and configuration) –> IstioWASMPlugin
  • Example 2) WASMFilter (binary and configuration) –> IstioEnvoyFilter
Visual Representation of Hierarchical-Inventory Relationship

1. Hierarchical - Inventory: Namespace and ConfigMap (open in playground)
Hierarchical Inventory Relationship

6. Heirarchical - Parent

Example:

  • Example 1) Any namespaced Kubernetes component –> Kubernetes Namespace
Visual Representation of Hierarchical-Parent Relationship

1. Hierarchical - Parent: Namespace (Parent) and ConfigMap (child), Role (Child) (open in playground)
Hierarchical Parent Relationship

Selectors in Relationships

In Meshery, a selector is a way to specify which set of components a certain other component should affect or interact with. Selectors provide a flexible and powerful way to manage and orchestrate resources within a under Meshery’s management.

Selectors can be applied to various components, enabling a wide range of relationship definitions. Here are some examples:

Model Component Relationship Kind Relationship SubType Model Component
Kubernetes ConfigMap Hierarchical Inventory Kubernetes Pod
Kubernetes ConfigMap Hierarchical Inventory Kubernetes Deployment
Meshery WASMFilter Hierarchical Inventory Istio EnvoyFilter

The above relationships pairs have hierarchical inventory relationships, and visual paradigm remain consistent across different components. A snippet of the selector backing this relationship is listed below.

"selector": {
    "allow": {
        "from": [
          {
            "kind": "ConfigMap",
            "model": "kubernetes",
            "patch": {
              "patchStrategy": "replace",
              "mutatorRef": [
                [
                  "name"
                ]
              ],
              "description": "In Kubernetes, ConfigMaps are a versatile resource that can be referenced by various other resources to provide configuration data to applications or other Kubnernetes resources.\n\nBy referencing ConfigMaps in these various contexts, you can centralize and manage configuration data more efficiently, allowing for easier updates, versioning, and maintenance of configurations in a Kubernetes environment."
            }
          }
        ],
        "to": [
          {
            "kind": "Pod",
            "model": "kubernetes",
            "patch": {
              "patchStrategy": "replace",
              "mutatedRef": [
                [
                  "settings",
                  "spec",
                  "containers",
                  "_",
                  "envFrom",
                  "0",
                  "configMapRef",
                  "name"
                ]
              ],
              "description": "ConfigMaps can be referenced in the Pod specification to inject configuration data into the Pod's environment.\n\nThe keys from the ConfigMap will be exposed as environment variables to the container within the Pod."
            }
          }
        ]
    }
}

The above snippet defines a selector configuration for allowing relationships between Kubernetes ConfigMap and Kubernetes Pod.

Relationship Evaluation

Meshery Relationship

How Relationships are formed?

  1. You can create relationships manually by using the edge handles, bringing related components to close proximity or dragging a component inside other component. It may happen that, you created a relationship from the UI, but the Policy Engine rejected or overrode the decision if all the constraints for a particular relationship are not satisfied.

  2. Relationships are automatically created when a component’s configuration is modified in a way that relationship criteria is satisfied.

Explore an example relationship

To explore an example of this behavior, see the Example Edge-Permission Relationship and follow the steps written in its description.

When the relationships are created by the user, almost in all cases the config of the involved components are patched. To see the specific of patching refer Patch Strategies

Designs are evaluated by the Policy Engine for potential relationships

Patch Strategies

Patches in Meshery relationships utilize strategies and references (mutatorRef/mutatedRef) for the from and to fields. These convey the property path that will be updated as the relationship is created.

Itemizing your Relationship Definitions in your Meshery deployment

In any given Meshery deployment, you can reference and search the full set of registered relationships (in Meshery’s internal registry) in using either of Meshery’s client interfaces.

Meshery UI

  • Visit Setttings –> Registry

Meshery CLI

  • Run mesheryctl relationship list