docs/static/v0.8/concepts/logical/relationships/index.html
Meshery Relationships characterize how components are connected and interact with each other. Relationships are defined within models to aid in structuring the interrelationships between one or more components in a design to further aid in comprehending the overall structure and dependencies within managed systems.
Meshery recognizes that relationships exist in various forms and that the existence of a relationship might be interdependent upon the existence (or absence) of another relationship. To support this complexity, Meshery relationships are highly expressive, characterizing the nature of interaction of interconnected components no matter their genealogy.
Benefits of Using Meshery Relationships
If you want to create a new relationship definition or modify existing relationship definitions, see the Contributing to Meshery Relationships guide.
Meshery supports different types of relationships to cater to various use cases:
Relationships are categorized into different kinds, types, and subtypes, so that they can be expressive of the specific manner in which one or more components relate to one another. Each type of relationship can be interpreted by Meshery UI (or other extensions) and mapped to a specific visual paradigm for the given kind relationship. Let’s look at some examples of these visual paradigms; let’s explore examples of ways in which relationships are represented in Meshery.
#Example Visual RepresentationsKind: Hierarchical subType: Parent | Namespace (Parent) and ConfigMap (child), Role (Child) (open in playground)
subType: Inventory | Namespace and ConfigMap (open in playground)
Kind: Edge
Type: Non-Binding, subType: Permission: Cluster Role with Cluster Role Binding to Service Account (open in playground)
Type: Binding, subType: Mount: Pod to Persistent volume via Persistent volume claim (open in playground)
Type: Non-Binding, subType: Network: Ingress to Service (open in playground)
Type: Non-Binding, subType: Network: Service to Pod (open in playground)
Type: Non-Binding, subType: Network: Service to Service (open in playground)
Type: Non-Binding, subType: Network: Service to Endpoint (open in playground)
Type: Non-Binding, subType: Network: Service to Deployment (open in playground)
type:non-binding, subType: Network: Network Policy (Pod to Pod) (open in playground)
Meshery supports a variety of relationships between components. These relationships are categorized into two types: Semantic and Non-Semantic. Relationships are categorized by whether they are meaningful in terms of how Meshery manages entities - a Semantic relationship - or are simply annotations to aid in the comprehension for you as the designer of the relationship - a Non-Semantic relationship.
Semantic relationships are those that are meaningful in the context of the application or infrastructure. For example, a Service in Kubernetes is semantically related to a Deployment or a Pod. These relationships are meaningful and are managed by Meshery.
Non-semantic relationships are those that are meaningful to you as a user and your mental representation of your infrastructure and applications, but are not meaningful in terms of how Meshery evaluates the design or manages these relationships and their associated components. Non-semantic relationships are ignored by Meshery’s lifecycle management engine. For example, a Rectangle shape that encloses other components (has a parent relationship with other child components) is not semantically meaningful to the way in which Meshery manages these resources. While the Rectangle shape might have a parent-child relationship with any number of Meshery-managed components, such a relationship does not implicate any management that Meshery might perform; they are not managed by Meshery.
The isAnnotation attribute of a Relationship or Component determines whether the given Relationship or Component represents a management concern for Meshery; whether the given Relationship or Component is semantically meaningful, and whose lifecycle is managed by Meshery.
The combination of kind, type, and subType uniquely determines the visual paradigm for a given relationship; i.e., relationships with the same kind, type, and subType will share an identical visual representation regardless of the specific components involved in the relationship.
This Relationship type configures the networking between one or more components.
Examples : An edge-network relationship between a Service and a Deployment or an edge-binding relationship between an Ingress and a Service.
#Visual Representation of Edge-Network Relationships
1. Edge - Network: Ingress to Service (open in playground)
2. Edge - Network: Service to Pod (open in playground)
3. Edge - Network: Service to Service (open in playground)
4. Edge - Network: Service to Endpoint (open in playground)
5. Edge - Network: Service to Deployment (open in playground)
Example : Assignment of PersistentVolumes to Pods via PersistentVolumeClaim.
#Visual Representation of Edge-Mount Relationship
Edge - Mount: Pod and Persistent volume via Persistent volume claim(open in playground)
Example : The set of Service Accounts that are entitled with the one or more Roles/ClusterRoles bound via Role/ClusterRoleBinding.
#Visual Representation of Edge-Permission Relationship
1. Edge - Permission: Cluster Role to Service Account (open in playground)
Kubernetes Network Policy for controlling ingress and egress traffic from Pod-to-Pod
#Visual Representation of Edge-Firewall Relationship
Edge - Firewall: Pod to Pod (open in playground)
Logical or declarative links between components where one component refers to another by name, identifier, type, or scope.
#Visual Representation of Edge-Reference Relationship
The Edge-Reference relationship type represents a logical or declarative link between two components, where one component refers to another by name, identifier, type, or scope. This relationship allows components to dynamically locate, associate with, or depend on other components without being tightly coupled to them. It forms the basis for indirect communication, configuration reuse, ownership tracking, and dependency resolution in distributed systems.
This type of relationship does not directly provide communication, access, or permission , but enables such interactions by declaring intent or pointing to another component.
Edge - Reference: Pod to ConfigMap and Secret (open in playground)
Example
#Visual Representation of Hierarchical-Parent-Wallet Relationship 1. Hierarchical-Parent-Wallet: WASMFilter and IstioEnvoyFilter (open in playground)
Example :
#Visual Representation of Hierarchical-Parent Relationship 1. Hierarchical - Parent: Namespace (Parent) and ConfigMap (child), Role (Child) (open in playground)
This relationship type defines the associations between components based on shared Labels or Annotations.
Example : A label-based tag-set relationship between a NodePort service and an application.
#Visual Representation of Tag-Sets Relationship
Tag-Set: Service and Deployment that share the same label (open in playground)
This relationship depicts connections between components without conveying specific semantic meaning.
Example : Demonstration of connections between AWS components.
#Visual Representation of Edge - Annotation Relationship Edge - Annotation: Relationship between AWS components (open in playground)
In Meshery, a selector is a way to specify which set of components a certain other component should affect or interact with. Selectors provide a flexible and powerful way to manage and orchestrate resources under Meshery’s management.
Selectors can be applied to various components, enabling a wide range of relationship definitions. Here are some examples:
| Model Component | Relationship Kind | Relationship SubType | Model Component |
|---|---|---|---|
| Kubernetes ConfigMap | Hierarchical | Inventory | Kubernetes Pod |
| Kubernetes ConfigMap | Hierarchical | Inventory | Kubernetes Deployment |
| Meshery WASMFilter | Hierarchical | Inventory | Istio EnvoyFilter |
The above relationships pairs have hierarchical inventory relationships, and visual paradigm remain consistent across different components. A snippet of the selector backing this relationship is listed below.
#Example Relationship Selector"selector": { "allow": { "from": [ { "kind": "ConfigMap", "model": "kubernetes", "patch": { "patchStrategy": "replace", "mutatorRef": [ [ "name" ] ], "description": "In Kubernetes, ConfigMaps are a versatile resource that can be referenced by various other resources to provide configuration data to applications or other Kubernetes resources.\n\nBy referencing ConfigMaps in these various contexts, you can centralize and manage configuration data more efficiently, allowing for easier updates, versioning, and maintenance of configurations in a Kubernetes environment." } } ], "to": [ { "kind": "Pod", "model": "kubernetes", "patch": { "patchStrategy": "replace", "mutatedRef": [ [ "settings", "spec", "containers", "_", "envFrom", "0", "configMapRef", "name" ] ], "description": "ConfigMaps can be referenced in the Pod specification to inject configuration data into the Pod's environment.\n\nThe keys from the ConfigMap will be exposed as environment variables to the container within the Pod." } } ] } }
The above snippet defines a selector configuration for allowing relationships between Kubernetes ConfigMap and Kubernetes Pod.
Meshery employs a policy-driven approach to evaluate relationships between components. This evaluation helps in:
Each invocation of the evaluation process attempts to recursively evaluate the design until it reaches a stable state—i.e., no further changes are detected. If a bug in the evaluation policies causes non-terminating behavior (such as endlessly generating new components), the evaluation will be forcibly stopped after a configurable maximum depth (e.g., 5 iterations), and an error will be raised.
During evaluation, in addition to the input design, the evaluation engine has access to all relationships stored in the registry. These relationships serve as the source of truth for policies to validate existing relationships or identify new ones. Since relationships can be associated with different models, not all of them are relevant to a given design. To ensure efficiency, the evaluation process intelligently filters the registered relationships, retaining only those that directly impact the design.
Currently, the filtering logic includes only relationships from models that are already part of the design. For example, if the design consists solely of Kubernetes components, relationships from the AWS model will not be loaded for evaluation.
Beyond this automatic filtering, relationship evaluation can also be selectively disabled within the design. This is achieved by setting preferences to false for specific relationship categories, defined by their kind, type, and subtype.
You can create relationships manually by using the edge handles, bringing related components to close proximity or dragging a component inside other component. It may happen that, you created a relationship from the UI, but the Policy Engine rejected or overrode the decision if all the constraints for a particular relationship are not satisfied.
Relationships are automatically created when a component’s configuration is modified in a way that relationship criteria is satisfied.
To explore an example of this behavior, see the Example Edge-Permission Relationship and follow the steps written in its description.
When the relationships are created by the user, almost in all cases the config of the involved components are patched. To see the specifics of patching refer Patch Strategies.
Designs are evaluated by the Policy Engine for potential relationships.
Patches in Meshery relationships utilize strategies and references (mutatorRef/mutatedRef) for the from and to fields. These convey the property path that will be updated as the relationship is created.
Hierarchical Inventory relationship between Pod, Job, and any other high-level Kubernetes resources like Deployment, StatefulSet, or CronJobs, after the relationship has been established unfortunately, there’s no system to remove the extra pod configuration automatically. If the design is not configured with labels selectors and replicas appropriately, there’s a possibility of additional resources getting provisioned when deployed. e.g., The relationship between a Pod and deployment can result in 2 Pods (1 pod coming as part of deployment resource) and 1 Deployment. It’s important to be aware of this possibility and manage configurations carefully to avoid unexpected issues during deploymentIn any given Meshery deployment, you can reference and search the full set of registered relationships (in Meshery’s internal registry) using either of Meshery’s client interfaces.
Meshery UI
Meshery CLI
mesheryctl relationship list