Chapter 3. Exposing services on the service network from a local machine


After creating a service network, you can expose services from a local machine on the service network.

For example, if you run a database on a server in your data center, you can deploy a front end in a cluster that can access the data as if the database was running in the cluster.

Note

This documentation describes creating a gateway from a local host to a cluster site. An alternative approach is to create a site on the local host and link to the cluster site. See Using Skupper Podman for information about using the Skupper CLI to create Podman sites.

3.1. Exposing simple local services to the service network

This section shows how to expose a single service running locally on a service network.

Prerequisites

  • A service network. Only one site is required.
  • Access to the service network.

Procedure

  1. Run your service locally.
  2. Log into your cluster and change to the namespace for your site.
  3. Expose the service on the service network:

    $ skupper gateway expose <service> localhost <port>
    • <service> - the name of the service on the service network.
    • <port> - the port that runs the service locally.
    Note

    You can also expose services from other machines on your local network, for example if MySQL is running on a dedicated server (with an IP address of 192.168.1.200), but you are accessing the cluster from a machine in the same network:

    $ skupper gateway expose mysql 192.168.1.200 3306
  4. Check the status of Skupper gateways:

    $ skupper gateway status
    
    Gateway Definition:
    ╰─ machine-user type:service version:1.8
       ╰─ Bindings:
          ╰─ mydb:3306 tcp mydb:3306 localhost 3306

    This shows that there is only one exposed service and that service is only exposing a single port (BIND). There are no ports forwarded to the local host.

    The URL field shows the underlying communication and can be ignored.

3.2. Working with complex local services on the service network

This section shows more advanced usage of skupper gateway.

  1. If you want to create a service type gateway on Linux, you need the skrouterd binary in your path.

    Use the yum or dnf command to install the skupper-router package:

    $ sudo dnf install skupper-router

    For podman or docker type gateways, you can skip this step.

  2. Create a Skupper gateway:

    $ skupper gateway init --type <gateway-type>

    By default a service type gateway is created, however you can also specify:

    • podman
    • docker
  3. Create a service that can communicate on the service network:

    $ skupper service create <name> <port>

    where

    • <name> is the name of the service you want to create
    • <port> is the port the service uses

    For example:

    $ skupper service create mydb 3306
  4. Bind the service on the service network:

    $ skupper gateway bind <service> <host> <port>
    • <service> - the name of the service on the service network, mydb in the example above.
    • <host> - the host that runs the service.
    • <port> - the port the service is running on, 3306 from the example above.
  5. Check the status of Skupper gateways:

    $ skupper gateway status

    The output looks similar to the following:

    Gateway Definitions Summary
    
    Gateway Definition:
    ╰─ machine-user type:service version:1.8
       ╰─ Bindings:
          ╰─ mydb:3306 tcp mydb:3306 localhost 3306

    This shows that there is only one exposed service and that service is only exposing a single port (BIND). There are no ports forwarded to the local host.

    The URL field shows the underlying communication and can be ignored.

    You can create more services in the service network and bind more local services to expose those services on the service network.

  6. Forward a service from the service network to the local machine.

    $ skupper gateway forward <service> <port>

    where

    • <service> is the name of an existing service on the service network.
    • <port> is the port on the local machine that you want to use.

3.3. Creating a gateway and applying it on a different machine

If you have access to a cluster from one machine but want to create a gateway to the service network from a different machine, you can create the gateway definition bundle on the first machine and later apply that definition bundle on a second machine as described in this procedure. For example, if you want to expose a local database service to the service network, but you never want to access the cluster from the database server, you can use this procedure to create the definition bundle and apply it on the database server.

Procedure

  1. Log into your cluster from the first machine and change to the namespace for your site.
  2. Create a service that can communicate on the service network:

    $ skupper service create <name> <port>

    where

    • <name> is the name of the service you want to create
    • <port> is the port the service uses

    For example:

    $ skupper service create database 5432
  3. Create a YAML file to represent the service you want to expose, for example:

    name: database 1
    bindings:
        - name: database 2
          host: localhost 3
          service:
            address: database:5432 4
            protocol: tcp 5
            ports:
                - 5432 6
          target_ports:
            - 5432 7
    qdr-listeners:
        - name: amqp
          host: localhost
          port: 5672
    1
    Gateway name, useful for reference only.
    2
    Binding name, useful to track multiple bindings.
    3
    Name of host providing the service you want to expose.
    4
    Service name and port on service network. You created the service in a previous step.
    5
    The protocol you want to use to expose the service, tcp, http or http2.
    6
    The port on the service network that you want this service to be available on.
    7
    The port of the service running on the host specified in point 3.
  4. Save the YAML file using the name of the gateway, for example, gateway.yaml.
  5. Generate a bundle that can be applied to the machine that hosts the service you want to expose on the service network:

    $ skupper gateway generate-bundle <config-filename> <destination-directory>

    where:

    • <config-filename> - the name of the YAML file, including suffix, that you generated in the previous step.
    • <destination-directory> - the location where you want to save the resulting gateway bundle, for example ~/gateways.

    For example:

    $ skupper gateway generate-bundle database.yaml ./

    This bundle contains the gateway definition YAML and a certificate that allow access to the service network.

  6. Copy the gateway definition file, for example, mylaptop-jdoe.tar.gz to the machine that hosts the service you want to expose on the service network.
  7. From the machine that hosts the service you want to expose:

    $ mkdir gateway
    
    $ tar -xvf <gateway-definition-file> --directory gateway
    $ cd gateway
    $ sh ./launch.py
    Note

    Use ./launch.py -t podman or ./launch.py -t docker to run the Skupper router in a container.

    Running the gateway bundle uses the gateway definition YAML and a certificate to access and expose the service on the service network.

  8. Check the status of the gateway service:

    To check a service type gateway:

    $ systemctl --user status <gateway-definition-name>

    To check a podman type gateway:

    $ podman inspect

    To check a docker type gateway:

    $ docker inspect
    Note

    You can later remove the gateway using ./remove.py.

  9. From the machine with cluster access, check the status of Skupper gateways:

    $ skupper gateway status
    Gateway Definition:
    ╰─ machine-user type:service version:1.8
       ╰─ Bindings:
          ╰─ mydb:3306 tcp mydb:3306 localhost 3306

    This shows that there is only one exposed service and that service is only exposing a single port (BIND). There are no ports forwarded to the local host.

Note

If you need to change the gateway definition, for example to change port, you need to remove the existing gateway and repeat this procedure from the start to redefine the gateway.

3.4. Gateway YAML reference

The Section 3.3, “Creating a gateway and applying it on a different machine” describes how to create a gateway to apply on a separate machine using a gateway definition YAML file.

The following are valid entries in a gateway definition YAML file.

name
Name of gateway
bindings.name
Name of binding for a single host.
bindings.host
Hostname of local service.
bindings.service
Definition of service you want to be available on service network.
bindings.service.address
Address on the service network, name and port.
bindings.service.protocol
Skupper protocol, tcp, http or http2.
bindings.service.ports
A single port that becomes available on the service network.
bindings.service.exposeIngress
(optional) The traffic direction, ingress or egress.
bindings.service.tlscredentials
(optional) The TLS certificate and key for the service.
bindings.service.tlscertauthority
(optional) The TLS public certificate.
bindings.target_ports
A single port that you want to expose on the service network.
Note

If the local service requires more than one port, create separate bindings for each port.

forwards.name
Name of forward for a single host.
forwards.host
Hostname of local service.
forwards.service
Definition of service you want to be available locally.
forwards.service.address
Address on the service network that you want to use locally, name and port.
forwards.service.protocol
Skupper protocol, tcp, http or http2.
forwards.service.ports
A single port that is available on the service network.
forwards.target_ports
A single port that you want to use locally.
Note

If the network service requires more than one port, create separate forwards for each port.

qdr-listeners
Definition of skupper router listeners
qdr-listeners.name
Name of skupper router, typically amqp.
qdr-listeners.host
Hostname for skupper router, typically localhost.
qdr-listeners.port
Port for skupper router, typically 5672.
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.