This example is part of a suite of examples showing the different ways you can use Skupper to connect services across cloud providers, data centers, and edge sites.
- Overview
- Prerequisites
- Step 1: Access your Kubernetes clusters
- Step 2: Create your Kubernetes namespaces
- Step 3: Deploy the frontend and backend
- Step 4: Install Skupper on your Kubernetes clusters
- Step 5: Install the Skupper command-line tool
- Step 6: Create your sites
- Step 7: Link your sites
- Step 8: Expose the backend service
- Step 9: Access the frontend service
- Cleaning up
- Next steps
- About this example
This example is a basic multi-service HTTP application deployed across one Kubernetes cluster in the public cloud and another Kubernetes cluster in a private data center.
It contains two services:
-
A backend service that exposes an
/api/helloendpoint. It returns greetings of the formHi, <your-name>. I am <my-name> (<pod>). -
A frontend service that connects to the backend. It sends greetings to the backend and fetches new greetings in response.
The backend service runs in the private on-prem cluster, and the frontend service runs in the public cloud. Skupper enables the frontend to connect to the backend over a secure dedicated application network.
-
Access to at least one Kubernetes cluster, from any provider you choose.
-
The
kubectlcommand-line tool, version 1.15 or later (installation guide).
Skupper is designed for use with multiple Kubernetes clusters.
The skupper and kubectl commands use your
kubeconfig and current context to select the cluster
and namespace where they operate.
This example uses multiple cluster contexts at once. The
KUBECONFIG environment variable tells skupper and kubectl
which kubeconfig to use.
For each cluster, open a new terminal window. In each terminal,
set the KUBECONFIG environment variable to a different path and
log in to your cluster.
Public:
export KUBECONFIG=~/.kube/config-public
<provider-specific login command>Private:
export KUBECONFIG=~/.kube/config-private
<provider-specific login command>Note: The login procedure varies by provider.
The example application has different components deployed to different Kubernetes namespaces. To set up our example, we need to create the namespaces.
For each cluster, use kubectl create namespace and kubectl config set-context to create the namespace you wish to use and
set the namespace on your current context.
Public:
kubectl create namespace public
kubectl config set-context --current --namespace publicPrivate:
kubectl create namespace private
kubectl config set-context --current --namespace privateDeploy the Hello World components, placing the frontend on one cluster and the backend on the other.
Use kubectl create deployment to deploy the frontend in Public
and the backend in Private.
Public:
kubectl create deployment frontend --image quay.io/skupper/hello-world-frontendPrivate:
kubectl create deployment backend --image quay.io/skupper/hello-world-backend --replicas 3Using Skupper on Kubernetes requires the installation of the Skupper custom resource definitions (CRDs) and the Skupper controller.
For each cluster, use kubectl apply with the Skupper
installation YAML to install the CRDs and controller.
Public:
kubectl apply -f https://skupper.io/v2/install.yamlPrivate:
kubectl apply -f https://skupper.io/v2/install.yamlThis example uses the Skupper command-line tool to create Skupper
resources. You need to install the skupper command only once
for each development environment.
On Linux or Mac, you can use the install script (inspect it here) to download and extract the command:
curl https://skupper.io/v2/install.sh | shThe script installs the command under your home directory. It prompts you to add the command to your path if necessary.
For Windows and other installation options, see Installing Skupper.
A Skupper site is a location where your application workloads are running. Sites are linked together to form a network for your application.
For each namespace, use skupper site create with a site name of
your choice. This creates the site resource and deploys the
Skupper router to the namespace.
Note: If you are using Minikube, you need to start minikube
tunnel before you run skupper site create.
Public:
skupper site create public --enable-link-accessSample output:
$ skupper site create public --enable-link-access
Waiting for status...
Site "public" is configured. Check the status to see when it is readyPrivate:
skupper site create privateSample output:
$ skupper site create private
Waiting for status...
Site "private" is configured. Check the status to see when it is readyYou can use skupper site status at any time to check the status
of your site.
A Skupper link is a channel for communication between two sites. Links serve as a transport for application connections and requests.
Creating a link requires the use of two Skupper commands in
conjunction: skupper token issue and skupper token redeem.
The skupper token issue command generates a secret token that
can be transferred to a remote site and redeemed for a link to the
issuing site. The skupper token redeem command uses the token
to create the link.
Note: The link token is truly a secret. Anyone who has the token can link to your site. Make sure that only those you trust have access to it.
First, use skupper token issue in Public to generate the token.
Then, use skupper token redeem in Private to link the sites.
Public:
skupper token issue ~/secret.tokenSample output:
$ skupper token issue ~/secret.token
Waiting for token status ...
Grant "west-cad4f72d-2917-49b9-ab66-cdaca4d6cf9c" is ready
Token file /run/user/1000/skewer/secret.token created
Transfer this file to a remote site. At the remote site,
create a link to this site using the "skupper token redeem" command:
skupper token redeem <file>
The token expires after 1 use(s) or after 15m0s.Private:
skupper token redeem ~/secret.tokenSample output:
$ skupper token redeem ~/secret.token
Waiting for token status ...
Token "west-cad4f72d-2917-49b9-ab66-cdaca4d6cf9c" has been redeemed
You can now safely delete /run/user/1000/skewer/secret.tokenIf your terminal sessions are on different machines, you may need
to use scp or a similar tool to transfer the token securely. By
default, tokens expire after a single use or 15 minutes after
being issued.
We now have our sites linked to form a Skupper network, but no services are exposed on it.
Skupper uses listeners and connectors to expose services across sites inside a Skupper network. A listener is a local endpoint for client connections, configured with a routing key. A connector exists in a remote site and binds a routing key to a particular set of servers. Skupper routers forward client connections from local listeners to remote connectors with matching routing keys.
In Public, use the skupper listener create command to create a
listener for the backend. In Private, use the skupper connector create command to create a matching connector.
Public:
skupper listener create backend 8080Sample output:
$ skupper listener create backend 8080
Waiting for create to complete...
Listener "backend" is readyPrivate:
skupper connector create backend 8080Sample output:
$ skupper connector create backend 8080
Waiting for create to complete...
Connector "backend" is readyThe commands shown above use the name argument, backend, to also
set the default routing key and pod selector. You can use the
--routing-key and --selector options to set specific values.
In order to use and test the application, we need external access to the frontend.
Use kubectl port-forward to make the frontend available at
localhost:8080.
Public:
kubectl port-forward deployment/frontend 8080:8080You can now access the web interface by navigating to http://localhost:8080 in your browser.
To remove Skupper and the other resources from this exercise, use the following commands:
Public:
skupper site delete --all
kubectl delete deployment/frontendPrivate:
skupper site delete --all
kubectl delete deployment/backendCheck out the other examples on the Skupper website.
This example was produced using Skewer, a library for documenting and testing Skupper examples.
Skewer provides utility functions for generating the README and
running the example steps. Use the ./plano command in the project
root to see what is available.
To quickly stand up the example using Minikube, try the ./plano demo
command.