Red Hat SummitChapter 8. Using Skupper Podman
Using the skupper command-line interface (CLI) allows you to create and manage Skupper sites from the context of the current Linux user. Skupper Podman allows you to create a site using containers, without requiring Kubernetes.
A typical workflow is to create a site, link sites together, and expose services to the service network.
8.1. About Skupper Podman
Skupper Podman is available with the following precedence:
skupper --platform podman <command>- Use this option to avoid changing mode, for example, if you are working on Kubernetes and Podman simultaneously.
export SKUPPER_PLATFORM=podmanUse this command to use Skupper Podman for the current session, for example, if you have two terminals set to different contexts. To set the environment to target Kubernetes sites:
export SKUPPER_PLATFORM=kubernetes
$ export SKUPPER_PLATFORM=kubernetesCopy to Clipboard Copied! Toggle word wrap Toggle overflow skupper switch podman- If you enter this command, all subsequent command target Podman rather than Kubernetes for all terminal sessions.
To determine which mode is currently active:
skupper switch
$ skupper switch
podman
To switch back to target Kubernetes sites: skupper switch kubernetes
Services exposed on remote sites are not automatically available to Podman sites. This is the equivalent to Kubernetes sites created using skupper init --enable-service-sync false.
To consume an exposed service on a Podman site, check that it exists using skupper service status on the original site and use that information to create the service on the Podman site:
skupper service create <name> <port>
$ skupper service create <name> <port>8.2. Creating a site using Skupper podman
A service network consists of Skupper sites. This section describes how to create a site in on a Linux host using the default settings. See Using the Skupper CLI for information about using the Skupper CLI to create Podman sites.
Prerequisites
-
The latest
skupperCLI is installed. - Podman is installed, see https://podman.io/
netavarkis configured as the podman network backend.To check if
netavarkis configured as the podman network backend:podman info --format {{.Host.NetworkBackend}}$ podman info --format {{.Host.NetworkBackend}}Copy to Clipboard Copied! Toggle word wrap Toggle overflow If the output is something other than
netavark, see link:{networkbackend-link}.Podman service endpoint.
Use
systemctl --user status podman.socketto make sure the Podman API Socket is running.If the socket isn’t running, use
systemctl --user enable --now podman.socketto start it.See Podman socket activation for information about enabling this endpoint.
Procedure
Set your session to use Skupper Podman:
export SKUPPER_PLATFORM=podman
$ export SKUPPER_PLATFORM=podmanCopy to Clipboard Copied! Toggle word wrap Toggle overflow To verify the
skuppermode:skupper switch
$ skupper switch podmanCopy to Clipboard Copied! Toggle word wrap Toggle overflow Create a Skupper site:
Use the following command to create a site where tokens are created to link on any network interface:
skupper init
$ skupper initCopy to Clipboard Copied! Toggle word wrap Toggle overflow NoteBy default, this command times out after 2 minutes for podman sites. You can increase the time with the
--timeoutoption.The following output is displayed:
It is recommended to enable lingering for <username>, otherwise Skupper may not start on boot. Skupper is now installed for user '<username>'. Use 'skupper status' to get more information.
It is recommended to enable lingering for <username>, otherwise Skupper may not start on boot. Skupper is now installed for user '<username>'. Use 'skupper status' to get more information.Copy to Clipboard Copied! Toggle word wrap Toggle overflow Use the following command to start the site service at system start and persist over logouts:
loginctl enable-linger <username>
# loginctl enable-linger <username>Copy to Clipboard Copied! Toggle word wrap Toggle overflow By default,
skupper inittries to include all IP addresses associated with local network interfaces as valid ingress hosts. You can use--ingress-host <IP/Hostname>to restrict token ingress to a specific network context:skupper init --ingress-host my-cloud-vm.example.com
$ skupper init --ingress-host my-cloud-vm.example.comCopy to Clipboard Copied! Toggle word wrap Toggle overflow If you do not require that other sites can link to the site you are creating:
skupper init --ingress none
$ skupper init --ingress noneCopy to Clipboard Copied! Toggle word wrap Toggle overflow In this guide we assume you have enabled ingress using the first command. This allows you create tokens that allow links from every network interface on the host.
NoteWhen creating a token you can specify the ingress host.
You can also restrict ingress to an IP address or hostname when initializing as described in the Skupper Podman CLI reference documentation.
Check the status of your site:
skupper status
$ skupper status Skupper is enabled for "<username>" with site name "<machine-name>-<username>" in interior mode. It is not connected to any other sites. It has no exposed services.Copy to Clipboard Copied! Toggle word wrap Toggle overflow NoteYou can only create one site per user. If you require a host to support many sites, create a user for each site.
8.3. Linking sites using Skupper Podman
A service network consists of Skupper sites. This section describes how to link sites to form a service network.
Linking two sites requires a single initial directional connection. However:
- Communication between the two sites is bidirectional, only the initial linking is directional.
- The choice of direction for linking is typically determined by accessibility. For example, if you are linking a virtual machine running in the cloud with a Linux host running behind a firewall, you must link from the Linux host to the cloud virtual machine because that route is accessible.
Procedure
Generate a token on one site:
skupper token create <filename>
$ skupper token create <filename>Copy to Clipboard Copied! Toggle word wrap Toggle overflow If you created the site without specifying an
ingress-host, the token is valid for all network contexts. You can use--ingress-host <IP/Hostname>to restrict token ingress to a specific network context:skupper token create <filename> --ingress-host <IP/Hostname>
$ skupper token create <filename> --ingress-host <IP/Hostname>Copy to Clipboard Copied! Toggle word wrap Toggle overflow Create a link from the other site:
skupper link create <filename>
$ skupper link create <filename>Copy to Clipboard Copied! Toggle word wrap Toggle overflow
After you have linked to a network, you can check the link status:
skupper link status
$ skupper link status
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}