Skip to content

skupperproject/skupper-example-public-to-private

Repository files navigation

Skupper Hello World public to private

main

Connect from the cloud to services running on-prem

This example is part of a suite of examples showing the different ways you can use Skupper to connect services across cloud providers, data centers, and edge sites.

Contents

Overview

This example is a basic multi-service HTTP application deployed across one Kubernetes cluster in the public cloud and another Kubernetes cluster in a private data center.

It contains two services:

  • A backend service that exposes an /api/hello endpoint. It returns greetings of the form Hi, <your-name>. I am <my-name> (<pod>).

  • A frontend service that connects to the backend. It sends greetings to the backend and fetches new greetings in response.

The backend service runs in the private on-prem cluster, and the frontend service runs in the public cloud. Skupper enables the frontend to connect to the backend over a secure dedicated application network.

Prerequisites

Step 1: Install the Skupper command-line tool

This example uses the Skupper command-line tool to deploy Skupper. You need to install the skupper command only once for each development environment.

On Linux or Mac, you can use the install script (inspect it here) to download and extract the command:

curl https://skupper.io/install.sh | sh

The script installs the command under your home directory. It prompts you to add the command to your path if necessary.

For Windows and other installation options, see Installing Skupper.

Step 2: Set up your clusters

Skupper is designed for use with multiple Kubernetes clusters. The skupper and kubectl commands use your kubeconfig and current context to select the cluster and namespace where they operate.

Your kubeconfig is stored in a file in your home directory. The skupper and kubectl commands use the KUBECONFIG environment variable to locate it.

A single kubeconfig supports only one active context per user. Since you will be using multiple contexts at once in this exercise, you need to create distinct kubeconfigs.

For each namespace, open a new terminal window. In each terminal, set the KUBECONFIG environment variable to a different path and log in to your cluster. Then create the namespace you wish to use and set the namespace on your current context.

Note: The login procedure varies by provider. See the documentation for yours:

Public:

export KUBECONFIG=~/.kube/config-public
# Enter your provider-specific login command
kubectl create namespace public
kubectl config set-context --current --namespace public

Private:

export KUBECONFIG=~/.kube/config-private
# Enter your provider-specific login command
kubectl create namespace private
kubectl config set-context --current --namespace private

Step 3: Deploy the frontend and backend

This example runs the frontend and the backend in separate Kubernetes namespaces, on different clusters.

Use kubectl create deployment to deploy the frontend in Public and the backend in Private.

Public:

kubectl create deployment frontend --image quay.io/skupper/hello-world-frontend

Private:

kubectl create deployment backend --image quay.io/skupper/hello-world-backend --replicas 3

Step 4: Create your sites

A Skupper site is a location where components of your application are running. Sites are linked together to form a network for your application. In Kubernetes, a site is associated with a namespace.

For each namespace, use skupper init to create a site. This deploys the Skupper router and controller. Then use skupper status to see the outcome.

Note: If you are using Minikube, you need to start minikube tunnel before you run skupper init.

Public:

skupper init
skupper status

Sample output:

$ skupper init
Waiting for LoadBalancer IP or hostname...
Waiting for status...
Skupper is now installed in namespace 'public'.  Use 'skupper status' to get more information.

$ skupper status
Skupper is enabled for namespace "public". It is not connected to any other sites. It has no exposed services.

Private:

skupper init
skupper status

Sample output:

$ skupper init
Waiting for LoadBalancer IP or hostname...
Waiting for status...
Skupper is now installed in namespace 'private'.  Use 'skupper status' to get more information.

$ skupper status
Skupper is enabled for namespace "private". It is not connected to any other sites. It has no exposed services.

As you move through the steps below, you can use skupper status at any time to check your progress.

Step 5: Link your sites

A Skupper link is a channel for communication between two sites. Links serve as a transport for application connections and requests.

Creating a link requires use of two skupper commands in conjunction, skupper token create and skupper link create.

The skupper token create command generates a secret token that signifies permission to create a link. The token also carries the link details. Then, in a remote site, The skupper link create command uses the token to create a link to the site that generated it.

Note: The link token is truly a secret. Anyone who has the token can link to your site. Make sure that only those you trust have access to it.

First, use skupper token create in Public to generate the token. Then, use skupper link create in Private to link the sites.

Public:

skupper token create ~/secret.token

Sample output:

$ skupper token create ~/secret.token
Token written to ~/secret.token

Private:

skupper link create ~/secret.token

Sample output:

$ skupper link create ~/secret.token
Site configured to link to https://10.105.193.154:8081/ed9c37f6-d78a-11ec-a8c7-04421a4c5042 (name=link1)
Check the status of the link using 'skupper link status'.

If your terminal sessions are on different machines, you may need to use scp or a similar tool to transfer the token securely. By default, tokens expire after a single use or 15 minutes after creation.

Step 6: Expose the backend

We now have our sites linked to form a Skupper network, but no services are exposed on it. Skupper uses the skupper expose command to select a service from one site for exposure in all the linked sites.

Use skupper expose to expose the backend service in Private to the frontend in Public.

Private:

skupper expose deployment/backend --port 8080

Sample output:

$ skupper expose deployment/backend --port 8080
deployment backend exposed as backend

Step 7: Access the frontend

In order to use and test the application, we need external access to the frontend.

Use kubectl port-forward to make the frontend available at localhost:8080.

Public:

kubectl port-forward deployment/frontend 8080:8080

You can now access the web interface by navigating to http://localhost:8080 in your browser.

Cleaning up

To remove Skupper and the other resources from this exercise, use the following commands:

Public:

skupper delete
kubectl delete deployment/frontend

Private:

skupper delete
kubectl delete deployment/backend

Next steps

Check out the other examples on the Skupper website.

About this example

This example was produced using Skewer, a library for documenting and testing Skupper examples.

Skewer provides utility functions for generating the README and running the example steps. Use the ./plano command in the project root to see what is available.

To quickly stand up the example using Minikube, try the ./plano demo command.

About

Connect from the cloud to services running on-prem

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Languages