Getting started with Skupper

Overview

To show Skupper in action, we need an application to work with. This guide uses an HTTP Hello World application with a frontend service and a backend service. The frontend uses the backend to process requests. In this scenario, the frontend is deployed in the west namespace, and the backend is deployed in the east namespace.

While these instructions use this particular application for demonstration purposes, the steps are the same for any Skupper deployment.

Prerequisites

You must have access to at least two Kubernetes namespaces. In the steps below, replace west and east with your chosen namespaces.

Each namespace can reside on any cluster you choose, and you are not limited to two. You can have one on your laptop, another on Amazon, another on Google, and so on. For convenience, you can have them all on one cluster.

Skupper works with any flavor of Kubernetes. Here are some of your options for setting up Kubernetes clusters:

These instructions require kubectl version 1.15 or later. See the kubectl installation guide for more information.

Step 1: Install the Skupper command-line tool in your environment

The skupper command-line tool is the primary entrypoint for installing and configuring the Skupper infrastructure. You need to install the skupper command only once for each development environment.

Use the install script to download and extract the command:

Linux or Mac
curl https://skupper.io/install.sh | sh

The script installs the command under your home directory. It prompts you to add the command to your path if necessary.

For Windows and other installation options, see Installing Skupper.

Step 2: Configure access to multiple namespaces

Skupper is designed for use with multiple namespaces, typically on different clusters. The skupper command uses your kubeconfig and current context to select the namespace where it operates.

Your kubeconfig is stored in a file in your home directory. The skupper and kubectl commands use the KUBECONFIG environment variable to locate it.

A single kubeconfig supports only one active context per user. Since you will be using two contexts at once in this exercise, you need to create two distinct kubeconfigs. You can then use the first kubeconfig in one console session, and the second kubeconfig in another.

Configure separate console sessions

Start a console session for each of your namespaces. Set the KUBECONFIG environment variable to a different path in each session.

Console for West
export KUBECONFIG=$HOME/.kube/config-west
Console for East
export KUBECONFIG=$HOME/.kube/config-east

Note: On Windows, use the set command instead of export:

Windows
set KUBECONFIG=%UserProfile%\.kube\config-<namespace>

Configure cluster access

The methods for logging in and accessing clusters vary by Kubernetes provider. Find the instructions for your chosen providers and use them to authenticate and establish access for each console session.

See the following links for more information:

Set the current namespaces

Use kubectl create namespace to create the namespaces you wish to use. Use kubectl config set-context to set the current namespace for each session.

Console for West
kubectl create namespace west
kubectl config set-context --current --namespace west
Console for East
kubectl create namespace east
kubectl config set-context --current --namespace east

Check your configurations

Once you have logged in and set the current namespaces, use the skupper status command to check that each namespace is correctly configured. You should see the following output:

Console for West
$ skupper status
Skupper is not enabled in namespace 'west'
Console for East
$ skupper status
Skupper is not enabled in namespace 'east'

Step 3: Install the Skupper router in each namespace

The skupper init command installs the Skupper router in the current namespace.

Note: If you are using Minikube, you need to start minikube tunnel before you install Skupper.

Install the router

Run the skupper init command in the West namespace.

West
$ skupper init
Skupper is now installed in namespace 'west'.  Use 'skupper status' to get more information.

Now run the skupper init command in the East namespace.

East
$ skupper init --ingress none
Skupper is now installed in namespace 'east'.  Use 'skupper status' to get more information.

Here we are using --ingress none in East simply to make local development with Minikube easier. (It's tricky to run two Minikube tunnels on one host.) The --ingress none option is not required if your two namespaces are on different hosts or on public clusters.

Check the installation

To check the status of each namespace, use the skupper status command.

West
$ skupper status
Skupper is enabled in namespace 'west'. It is not linked to any other sites.
East
$ skupper status
Skupper is enabled in namespace 'east'. It is not linked to any other sites.

After installation, you have the infrastructure you need, but your namespaces are not linked. Creating a link requires use of two skupper commands in conjunction, skupper token create and skupper link create.

The skupper token create command generates a secret token that signifies permission to create a link. The token also carries the link details. The skupper link create command then uses the link token to create a link to the namespace that generated it.

Note: The link token is truly a secret. Anyone who has the token can link to your namespace. Make sure that only those you trust have access to it.

In West, use the skupper token create command to generate a token.

West
skupper token create $HOME/secret.yaml

With the token in hand, you are ready to link the namespaces. Pass the token from West to the skupper link create command in East.

East
skupper link create $HOME/secret.yaml

If your console sessions are on different machines, you might need to use scp or a similar tool to transfer the token.

Use the skupper status command again to see if things have changed. If the link is made, you should see the following output:

West
$ skupper status
Skupper is enabled in namespace 'west'. It is linked to 1 other site.
East
$ skupper status
Skupper is enabled in namespace 'east'. It is linked to 1 other site.

Step 5: Expose your services

You now have a Skupper network capable of multi-cluster communication, but no services are attached to it. This step uses the skupper expose command to make a Kubernetes deployment on one namespace available on all the linked namespaces.

In the examples below, we use the Hello World application to demonstrate service exposure. The same steps apply for your own application.

Deploy the frontend and backend services

Use kubectl create deployment to start the frontend in West.

West
kubectl create deployment hello-world-frontend --image quay.io/skupper/hello-world-frontend

Likewise, use kubectl create deployment to start the backend in East.

East
kubectl create deployment hello-world-backend --image quay.io/skupper/hello-world-backend

Expose the backend service

At this point, we have the frontend and backend services running, but the frontend has no way to contact the backend. The frontend and backend are in different namespaces (and perhaps different clusters), and the backend has no public ingress.

Use the skupper expose command in East to make hello-world-backend available in West.

East
skupper expose deployment/hello-world-backend --port 8080

Check the backend service

Use kubectl get services in West to make sure the hello-world-backend service from East is represented. You should see output like this (along with some other services):

West
$ kubectl get services
NAME                   TYPE           CLUSTER-IP      EXTERNAL-IP     PORT(S)       AGE
hello-world-backend    ClusterIP      10.96.175.18    <none>          8080/TCP      1m30s

Test your application

To test our Hello World, we need external access to the frontend (not the backend). Use kubectl expose with --type LoadBalancer to make the frontend accessible using a conventional Kubernetes ingress.

West
kubectl expose deployment hello-world-frontend --port 8080 --type LoadBalancer

It takes a moment for the external IP to become available.

Now use curl to see it in action. The embedded kubectl get command below looks up the IP address for the frontend service and generates a URL for use with curl.

West
curl $(kubectl get service hello-world-frontend -o jsonpath='http://{.status.loadBalancer.ingress[0].ip}:8080/')

Note: If the embedded kubectl get command fails to get the IP, you can find it manually by running kubectl get services and looking up the external IP of the hello-world-frontend service.

You should see output like this:

I am the frontend.  The backend says 'Hello from hello-world-backend-869cd94f69-wh6zt (1)'.

Summary

Our simple HTTP application has two services. We deployed each service to a different Kubernetes cluster.

Ordinarily, a multi-cluster deployment of this sort means that the services have no way to communicate unless they are exposed to the public internet.

By introducing Skupper into each namespace, we were able to create a virtual application network that connects the services across cluster boundaries.

See the Hello World example for more detail.

The condensed version

Skupper command installation
curl https://skupper.io/install.sh | sh
West: Setup
export KUBECONFIG=~/.kube/config-west
[Configure cluster access]
kubectl create namespace west
kubectl config set-context --current --namespace west
skupper init
skupper token create ~/secret.yaml
kubectl create deployment hello-world-frontend --image quay.io/skupper/hello-world-frontend
kubectl expose deployment/hello-world-frontend --port 8080 --type LoadBalancer
East: Setup
export KUBECONFIG=~/.kube/config-east
[Configure cluster access]
kubectl create namespace east
kubectl config set-context --current --namespace east
skupper init --ingress none
skupper link create ~/secret.yaml
kubectl create deployment hello-world-backend --image quay.io/skupper/hello-world-backend
skupper expose deployment/hello-world-backend --port 8080
West: Testing
curl $(kubectl get service hello-world-frontend -o jsonpath='http://{.status.loadBalancer.ingress[0].ip}:8080/')

Cleaning up

To remove Skupper and the other resources from this exercise, use the following commands:

West
skupper delete
kubectl delete service/hello-world-frontend
kubectl delete deployment/hello-world-frontend
East
skupper delete
kubectl delete deployment/hello-world-backend

Next steps

Now that you know how to connect services running on multiple clusters, here are a few more things to look at: