Using Service Interconnect
Creating an application network with the CLI and YAML
Abstract
Chapter 1. Skupper overview Copy linkLink copied to clipboard!
Hybrid clouds enable organizations to combine on-premises, private cloud, and public cloud resources. While such a solution provides many benefits, it also presents a unique challenge: enabling these resources to communicate with each other.
Skupper provides a solution to this challenge with an Application Network that simply and securely connects applications running in different network locations.
1.1. Application Networks Copy linkLink copied to clipboard!
Skupper solves multi-cluster communication challenges through something called a Virtual Application Network or just application network. To understand the value of Skupper, it is helpful to first understand what an application network is.
An application network connects the applications and services in your hybrid cloud into a virtual network so that they can communicate with each other as if they were all running in the same site. In this diagram, an application network connects three services, each of which is running in a different cloud:
In essence, the application network connects the services in a distributed application with a microservice architecture.
Application networks are able to provide connectivity across the hybrid cloud because they operate at Layer 7 (the application layer). They use Layer 7 application routers to route communication between Layer 7 application services.
1.2. Layer 7 application routers Copy linkLink copied to clipboard!
Layer 7 application routers form the backbone of an application network in the same way that conventional network routers form the backbone of a VPN. However, instead of routing IP packets between network endpoints, Layer 7 application routers route messages between application endpoints (called Layer 7 application services).
Layer 7 application services
A Layer 7 application service represents an endpoint, or destination in the application network. When an application sends a communication to an service, the Layer 7 application routers distribute the communication to any other application in the application network that has the same service.
For example, in this diagram, Service B sends a message with an application service to its local application router. Service A and Service C are subscribed to the same service, so the application router routes copies of the message through the application network until they arrive at each destination.
Application networks provide multiple routing patterns, so communications can be distributed in anycast (balanced or closest) or multicast patterns.
1.3. Skupper Copy linkLink copied to clipboard!
Skupper is an open source tool for creating application networks in Kubernetes or Linux. By using Skupper, you can create a distributed application consisting of microservices running in different sites.
This diagram illustrates a Skupper network that connects three services running in three different sites:
In a Skupper network, each namespace contains a Skupper instance. When these Skupper instances connect, they continually share information about the services that each instance exposes. This means that each Skupper instance is always aware of every service that has been exposed to the Skupper network, regardless of the namespace in which each service resides.
Once a Skupper network is formed across Kubernetes namespaces, any of the services in those namespaces can be exposed (through annotation) to the Skupper network. When a service is exposed, Skupper creates proxy endpoints to make that service available on each namespace in the Skupper network.
Chapter 2. Skupper security Copy linkLink copied to clipboard!
Skupper securely connects your services with TLS authentication and encryption. See how Skupper enables you to deploy your application securely across Kubernetes clusters.
Security challenges in the cloud
Moving an application to the cloud raises security risks. Either your services must be exposed to the public internet, or you must adopt complex layer 3 network controls like VPNs, firewall rules, and access policies.
Increasing the challenge, layer 3 network controls do not extend easily to multiple clusters. These network controls must be duplicated for each cluster.
Built-in network isolation
Skupper provides default, built-in security that scales across clusters and clouds. In a Skupper network, the connections between Skupper routers are secured with mutual TLS using a private, dedicated certificate authority (CA). Each router is uniquely identified by its own certificate.
This means that the Skupper network is isolated from external access, preventing security risks such as lateral attacks, malware infestations, and data exfiltration.
Chapter 3. Skupper connectivity Copy linkLink copied to clipboard!
Skupper represents a new approach to connecting services across multiple Kubernetes clusters. See how Skupper can give you the flexibility to deploy your services where you need them.
One cluster
Kubernetes services provide a virtual network address for each element of your distributed application. Service "A" can contact service "B", "B" can contact "C", and so on.
But if you want to deploy your application across multiple clusters, your options are limited. You have to either expose your services to the public internet or set up a VPN.
Skupper offers a third way. It connects clusters to a secure layer 7 network. It uses that network to forward local service traffic to remote clusters.
Secure hybrid cloud communication
Deploy your application across public and private clusters.
You can host your database on a private cluster and retain full connectivity with services running on the public cloud. All communication is secured by mutual TLS authentication and encryption.
Edge-to-edge connectivity
Distribute application services across geographic regions.
You can connect multiple retail sites to a central office. Once connected, each edge location can contact any other edge. You can add and remove sites on demand.
Scale up and out
Build large, robust networks of connected clusters.
Chapter 4. Skupper routing Copy linkLink copied to clipboard!
Skupper uses layer 7 addressing and routing to connect services. See how the power of application-layer addressing can bring new capabilities to your applications.
Multi-cluster services
Deploy a single logical service across multiple clusters.
Skupper can route requests to instances of a single service running on multiple clusters. If a provider or data center fails, the service instances running at unaffected sites can scale to meet the need and maintain availability.
Dynamic load balancing
Balance requests across clusters according to service capacity.
The Skupper network has cross-cluster visibility. It can see which services are already loaded and which have spare capacity, and it directs requests accordingly.
You can assign a cost to each inter-cluster connection. This enables you to configure a preference for one resource over another. If demand is normal, you can keep all traffic on your private cloud. If demand peaks, you can dynamically spill over to public cloud resources.
Reliable networks
Skupper uses redundant network paths and smart routing to provide highly available connectivity at scale.
Chapter 5. Overview of Skupper CLI on Kubernetes Copy linkLink copied to clipboard!
You can use the skupper
CLI on Kubernetes after installing the Skupper controller to configure sites, links and services.
The Skupper CLI is designed to generate and consume standard resources, ensuring that a sites, links and services configured using the CLI are identical to those configured directly through YAML.
- Create sites
- Link sites (requires that one site has link access enabled)
- Expose and consume services
Chapter 6. Creating a site on Kubernetes using the Skupper CLI Copy linkLink copied to clipboard!
Using the skupper command-line interface (CLI) allows you to create and manage sites from the context of the current namespace.
A typical workflow is to create a site, link sites together, and expose services to the service network.
6.1. Checking the Skupper CLI Copy linkLink copied to clipboard!
Installing the skupper command-line interface (CLI) provides a simple method to get started with Skupper.
- Follow the instructions for Installing Skupper.
Verify the installation.
skupper version
$ skupper version COMPONENT VERSION cli {skupper_cli_version}
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
6.2. Creating a simple site using the CLI on Kubernetes Copy linkLink copied to clipboard!
Prerequisites
-
The
skupper
CLI is installed. - The Skupper controller is running on the Kubernetes cluster you are running or you are running on a platform.
Procedure
Check that the
SKUPPER_PLATFORM
environment is unset or set tokubernetes
.-
kubernetes
- default -
podman
-
docker
-
linux
-
Create a site on Kubernetes:
skupper site create <site-name> --namespace <namespace>
$ skupper site create <site-name> --namespace <namespace>
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Specifying the namespace is not required if the context is set to the namespace where you want to create the site. For example:
skupper site create my-site
$ skupper site create my-site Waiting for status... Site "my-site" is ready.
Copy to Clipboard Copied! Toggle word wrap Toggle overflow There are many options to consider when creating sites using the CLI, see CLI Reference, including frequently used options.
For example
--enable-link-access
If enabled, this option allows you create tokens and link to this site. By default, this option is disabled but you can change the setting later
skupper site update --enable-link-access
.--timeout <time>
You can add the timeout option to specify the maximum time for the CLI wait for the site status to report
ready
.skupper site create my-site --timeout 2m
skupper site create my-site --timeout 2m
Copy to Clipboard Copied! Toggle word wrap Toggle overflow The timeout option does not stop the site from being created, but if the site is not ready, the following is output:
Site "my-site" is not yet ready: Pending
Site "my-site" is not yet ready: Pending
Copy to Clipboard Copied! Toggle word wrap Toggle overflow You can check the status of the site at any time using
skupper site status
.
6.3. Deleting a site using the CLI on Kubernetes Copy linkLink copied to clipboard!
Prerequisites
-
The
skupper
CLI is installed.
Procedure
Change context to the namespace where the site was created, for example:
kubectl config set-context --current --namespace west
kubectl config set-context --current --namespace west
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Enter the following command to delete a site:
skupper site delete
skupper site delete
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
Chapter 7. Linking sites on Kubernetes using the Skupper CLI Copy linkLink copied to clipboard!
Using the Skupper command-line interface (CLI) allows you to create links between sites. The link direction is not significant, and is typically determined by ease of connectivity. For example, if east is behind a firewall, linking from east to west is the easiest option.
Once sites are linked, services can be exposed and consumed across the application network without the need to open ports or manage inter-site connectivity.
7.1. Linking sites using a token Copy linkLink copied to clipboard!
A token provides a secure method to link sites. By default, a token can only be used once and must be used within 15 minutes to link sites. This procedure describes how to issue a token from one site and redeem that token on another site to create a link.
Prerequisites
- Two sites
-
At least one site with
enable-link-access
enabled.
To link sites, you create a token on one site and redeem that token on the other site to create the link.
Procedure
On the site where you want to issue the token, make sure link access is enabled:
skupper site update --enable-link-access
skupper site update --enable-link-access
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Create a token:
skupper token issue <filename>
skupper token issue <filename>
Copy to Clipboard Copied! Toggle word wrap Toggle overflow where
<filename>
is the name of a YAML file that is saved on your local filesystem.This file contains a key and the location of the site that created it.
📌 NOTE Access to this file provides access to the application network. Protect it appropriately. A token can be restricted by any combination of:
Time - prevents token reuse after a specified period.
For example, to allow a token to be used for 1 hour after it is issued:
skupper token issue build/west.yaml --expiration-window 60m
skupper token issue build/west.yaml --expiration-window 60m
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Usage - prevents creating multiple links from a single token.
For example, to allow a token to be used 3 times:
skupper token issue output/west.yaml --redemptions-allowed 3
skupper token issue output/west.yaml --redemptions-allowed 3
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
All inter-site traffic is protected by mutual TLS using a private, dedicated certificate authority (CA). A token is not a certificate, but is securely exchanged for a certificate during the linking process.
Redeem the token on a different site to create a link:
skupper token redeem <filename>
skupper token redeem <filename>
Copy to Clipboard Copied! Toggle word wrap Toggle overflow where
<filename>
is the name of a YAML file that is saved on your local filesystem.Check the status of the link:
skupper link status
skupper link status
Copy to Clipboard Copied! Toggle word wrap Toggle overflow You might need to issue the command multiple times before the link is ready:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow You can now expose services on the application network.
There are many options to consider when linking sites using the CLI, see CLI Reference, including frequently used options.
7.2. Linking sites using a link resource Copy linkLink copied to clipboard!
An alternative approach to linking sites using tokens is to create a link
resource YAML file using the CLI, and to apply that resource to another site.
Prerequisites
- Two sites
-
At least one site with
enable-link-access
enabled.
To link sites, you create a link
resource YAML file on one site and apply that resource on the other site to create the link.
Procedure
On the site where you want to create a link , make sure link access is enabled:
skupper site update --enable-link-access
skupper site update --enable-link-access
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Create a
link
resource YAML file:skupper link generate > <filename>
skupper link generate > <filename>
Copy to Clipboard Copied! Toggle word wrap Toggle overflow where
<filename>
is the name of a YAML file that is saved on your local filesystem.Apply the
link
resource YAML file on a different site to create a link:kubectl apply -f <filename>
kubectl apply -f <filename>
Copy to Clipboard Copied! Toggle word wrap Toggle overflow where
<filename>
is the name of a YAML file that is saved on your local filesystem.Check the status of the link:
skupper link status
skupper link status
Copy to Clipboard Copied! Toggle word wrap Toggle overflow You might need to issue the command multiple times before the link is ready:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow You can now expose services on the application network.
There are many options to consider when linking sites using the CLI, see CLI Reference, including frequently used options.
Chapter 8. Exposing services on the application network using the CLI Copy linkLink copied to clipboard!
After creating an application network by linking sites, you can expose services from one site using connectors and consume those services on other sites using listeners. A routing key is a string that matches one or more connectors with one or more listeners. For example, if you create a connector with the routing key backend
, you need to create a listener with the routing key backend
to consume that service.
This section assumes you have created and linked at least two sites.
8.1. Creating a connector using the CLI Copy linkLink copied to clipboard!
A connector binds a local workload to listeners in remote sites. Listeners and connectors are matched using routing keys.
For more information about connectors, see Connector concept.
Procedure
Create a workload that you want to expose on the network, for example:
kubectl create deployment backend --image quay.io/skupper/hello-world-backend --replicas 3
kubectl create deployment backend --image quay.io/skupper/hello-world-backend --replicas 3
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Create a connector:
skupper connector create <name> <port> [--routing-key <name>]
skupper connector create <name> <port> [--routing-key <name>]
Copy to Clipboard Copied! Toggle word wrap Toggle overflow For example:
skupper connector create backend 8080 --workload deployment/backend
skupper connector create backend 8080 --workload deployment/backend
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Check the connector status:
skupper connector status
skupper connector status
Copy to Clipboard Copied! Toggle word wrap Toggle overflow For example:
skupper connector status
$ skupper connector status NAME STATUS ROUTING-KEY SELECTOR HOST PORT HAS MATCHING LISTENER MESSAGE backend Pending backend app=backend 8080 false No matching listeners
Copy to Clipboard Copied! Toggle word wrap Toggle overflow 📌 NOTE By default, the routing key name is set to the name of the connector. If you want to use a custom routing key, set the
--routing-key
to your custom name.
There are many options to consider when creating connectors using the CLI, see CLI Reference, including frequently used options.
Additional information
If you need to expose a service from another namespace, you must use YAML as described in Creating a connector for a different namespace using YAML.
8.2. Creating a listener using the CLI Copy linkLink copied to clipboard!
A listener binds a local connection endpoint to connectors in remote sites. Listeners and connectors are matched using routing keys.
For more information about listeners. see Listener concept.
Procedure
- Identify a connector that you want to use. Note the routing key of that connector.
Create a listener:
skupper connector create <name> <port> [--routing-key <name>]
skupper connector create <name> <port> [--routing-key <name>]
Copy to Clipboard Copied! Toggle word wrap Toggle overflow For example:
skupper listener create backend 8080
$ skupper listener create backend 8080 Waiting for create to complete... Listener "backend" is ready
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Check the listener status:
skupper listener status
skupper listener status
Copy to Clipboard Copied! Toggle word wrap Toggle overflow For example:
skupper listener status
$ skupper listener status NAME STATUS ROUTING-KEY HOST PORT MATCHING-CONNECTOR MESSAGE backend Ready backend backend 8080 true OK
Copy to Clipboard Copied! Toggle word wrap Toggle overflow 📌 NOTE There must be a
MATCHING-CONNECTOR
for the service to operate. By default, the routing key name is the listener name. If you want to use a custom routing key, set the--routing-key
to your custom name.
There are many options to consider when creating connectors using the CLI, see CLI Reference, including frequently used options.
Chapter 9. Overview of using YAML CLI on Kubernetes Copy linkLink copied to clipboard!
You can use YAML on Kubernetes after installing the Skupper controller to
- Create sites
- Link sites (requires that one site has link access enabled)
- Expose and consume services
Chapter 10. Creating a site on Kubernetes using YAML Copy linkLink copied to clipboard!
Using YAML allows you to create and manage sites from the context of the current namespace.
A typical workflow is to create a site, link sites together, and expose services to the service network.
10.1. Creating a simple site on Kubernetes using YAML Copy linkLink copied to clipboard!
You can use YAML to create and manage Skupper sites.
Prerequisites
- The Skupper controller is running on the Kubernetes cluster you are running or you are running on a platform.
Procedure
Create a site CR YAML file named
my-site.yaml
, for example:apiVersion: skupper.io/v2alpha1 kind: Site metadata: name: my-site namespace: west
apiVersion: skupper.io/v2alpha1 kind: Site metadata: name: my-site namespace: west
Copy to Clipboard Copied! Toggle word wrap Toggle overflow This YAML creates a site named
my-site
in thewest
namespace. Specifying the namespace is not required if the context is set to the namespace where you want to create the site.Create the site:
kubectl apply -f my-site.yaml
kubectl apply -f my-site.yaml
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Check the status of the site:
kubectl get site
kubectl get site
Copy to Clipboard Copied! Toggle word wrap Toggle overflow You might need to issue the command multiple times before the site is ready:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow You can now link this site to another site to create an application network.
There are many options to consider when creating sites using YAML, see YAML Reference, including frequently used options.
Chapter 11. Exposing services on the application network using YAML Copy linkLink copied to clipboard!
After creating an application network by linking sites, you can expose services from one site using connectors and consume those services on other sites using listeners. A routing key is a string that matches one or more connectors with one or more listeners. For example, if you create a connector with the routing key backend
, you need to create a listener with the routing key backend
to consume that service.
This section assumes you have created and linked at least two sites.
11.1. Creating a connector using YAML Copy linkLink copied to clipboard!
A connector binds a local workload to listeners in remote sites. Listeners and connectors are matched using routing keys.
There are many options to consider when creating connectors using YAML, see Connector resource.
Procedure
Create a workload that you want to expose on the network, for example:
kubectl create deployment backend --image quay.io/skupper/hello-world-backend --replicas 3
kubectl create deployment backend --image quay.io/skupper/hello-world-backend --replicas 3
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Create a connector resource YAML file:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow This creates a connector in the
east
site and exposes thebackend
deployment on the network on port 8080. You can create a listener on a different site using the matching routing keybackend
to address this service.To create the connector resource:
kubectl apply -f <filename>
kubectl apply -f <filename>
Copy to Clipboard Copied! Toggle word wrap Toggle overflow where
<filename>
is the name of a YAML file that is saved on your local filesystem.Check the connector status:
kubectl get connector
kubectl get connector
Copy to Clipboard Copied! Toggle word wrap Toggle overflow For example:
NAME STATUS ROUTING-KEY SELECTOR HOST PORT HAS MATCHING LISTENER MESSAGE backend Pending backend app=backend 8080 false No matching listeners
NAME STATUS ROUTING-KEY SELECTOR HOST PORT HAS MATCHING LISTENER MESSAGE backend Pending backend app=backend 8080 false No matching listeners
Copy to Clipboard Copied! Toggle word wrap Toggle overflow 📌 NOTE By default, the routing key name is set to the name of the connector. If you want to use a custom routing key, set the
--routing-key
to your custom name.
There are many options to consider when creating connectors using YAML, see CLI Reference, including frequently used options.
11.2. Creating a listener using YAML Copy linkLink copied to clipboard!
A listener binds a local connection endpoint to connectors in remote sites. Listeners and connectors are matched using routing keys.
For more information about listeners. see Listener concept.
Procedure
- Identify a connector that you want to use. Note the routing key of that connector.
Create a listener resource YAML file:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow This creates a listener in the
west
site and matches with the connector that uses the routing keybackend
. It also creates a service namedeast-backend
exposed on port 8080 in the current namespace.To create the connector resource:
kubectl apply -f <filename>
kubectl apply -f <filename>
Copy to Clipboard Copied! Toggle word wrap Toggle overflow where
<filename>
is the name of a YAML file that is saved on your local filesystem.Check the listener status:
kubectl get listener
kubectl get listener
Copy to Clipboard Copied! Toggle word wrap Toggle overflow For example:
NAME ROUTING KEY PORT HOST STATUS HAS MATCHING CONNECTOR MESSAGE backend backend 8080 east-backend Ready true OK
NAME ROUTING KEY PORT HOST STATUS HAS MATCHING CONNECTOR MESSAGE backend backend 8080 east-backend Ready true OK
Copy to Clipboard Copied! Toggle word wrap Toggle overflow 📌 NOTE There must be a
MATCHING-CONNECTOR
for the service to operate.
There are many options to consider when creating listeners using YAML, see Listener resource.
11.3. Creating a connector for a different namespace using YAML Copy linkLink copied to clipboard!
A connector binds a local workload to listeners in remote sites.
If you create a site in one namespace and need to expose a service in a different namespace, use this procedure to create an attached connector in the other namespace and an AttachedConnectorBinding in the site namespace.
- An attached connector is a connector in a peer namespace, that is, not the site namespace.
- The AttachedConnectorBinding is a binding to an attached connector in a peer namespace and is created in the site namespace.
Procedure
Create a workload that you want to expose on the network in a non-site namespace, for example:
kubectl create deployment backend --image quay.io/skupper/hello-world-backend --replicas 3
kubectl create deployment backend --image quay.io/skupper/hello-world-backend --replicas 3
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Create an AttachedConnector resource YAML file in the same namespace:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow To create the AttachedConnector resource:
kubectl apply -f <filename>
kubectl apply -f <filename>
Copy to Clipboard Copied! Toggle word wrap Toggle overflow where
<filename>
is the name of a YAML file that is saved on your local filesystem.Create an AttachedConnectorBinding resource YAML file in the site namespace:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow To create the AttachedConnectorBinding resource:
kubectl apply -f <filename>
kubectl apply -f <filename>
Copy to Clipboard Copied! Toggle word wrap Toggle overflow where
<filename>
is the name of a YAML file that is saved on your local filesystem.Check the AttachedConnectorBinding status from the context of the site namespace:
kubectl get AttachedConnectorBinding
kubectl get AttachedConnectorBinding
Copy to Clipboard Copied! Toggle word wrap Toggle overflow For example:
NAME ROUTING KEY CONNECTOR NAMESPACE STATUS HAS MATCHING LISTENER backend backend attached Ready true
NAME ROUTING KEY CONNECTOR NAMESPACE STATUS HAS MATCHING LISTENER backend backend attached Ready true
Copy to Clipboard Copied! Toggle word wrap Toggle overflow 📌 NOTE By default, the routing key name is set to the name of the connector. If you want to use a custom routing key, set the
--routing-key
to your custom name.
There are many options to consider when creating connectors using YAML, see Connector resource.
Chapter 12. Overview of Skupper CLI on local systems Copy linkLink copied to clipboard!
This is a Technology Preview feature.
Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process. For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope.
- Create sites
- Link sites (requires that one site has link access enabled)
- Expose and consume services
Chapter 13. Creating a site on a local system using the Skupper CLI Copy linkLink copied to clipboard!
Using the skupper command-line interface (CLI) allows you to create and manage Skupper sites from the context of the current user.
A typical workflow is to create a site, link sites together, and expose services to the service network.
A local system includes Docker, Podman or Linux system.
If you require more than one site, specify a unique namespace when using skupper
, for example skupper --namespace second-site ...
.
13.1. Checking the Skupper CLI and environment Copy linkLink copied to clipboard!
Installing the skupper command-line interface (CLI) provides a simple method to get started with Skupper.
- Follow the instructions for Installing Skupper.
Verify the installation.
skupper version
$ skupper version COMPONENT VERSION cli {skupper_cli_version}
Copy to Clipboard Copied! Toggle word wrap Toggle overflow For podman sites:
Make sure the Podman socket is available. To enable it:
systemctl --user enable --now podman.socket
systemctl --user enable --now podman.socket
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Enable lingering to ensure the site persists over logouts:
loginctl enable-linger <username>
loginctl enable-linger <username>
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
13.2. Creating a simple site using the CLI on local systems Copy linkLink copied to clipboard!
Prerequisites
-
The
skupper
CLI is installed.
Procedure
Set the
SKUPPER_PLATFORM
for type of site you want to install:-
podman
-
docker
-
linux
-
Create a site:
skupper site create <site-name>
$ skupper site create <site-name>
Copy to Clipboard Copied! Toggle word wrap Toggle overflow For example:
skupper site create my-site
$ skupper site create my-site Waiting for status... Site "my-site" is ready.
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
📌 NOTE: On non-Kubernetes sites, you can create multiple sites per-user by specifying a namespace.
13.3. Deleting a site using the CLI on local systems Copy linkLink copied to clipboard!
Prerequisites
-
The
skupper
CLI is installed.
Procedure
Enter the following command to delete a site:
skupper system teardown
skupper system teardown
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
Chapter 14. Linking sites on local systems using the Skupper CLI Copy linkLink copied to clipboard!
Using the Skupper command-line interface (CLI) allows you to create links between sites. The link direction is not significant, and is typically determined by ease of connectivity. For example, if east is behind a firewall, linking from east to west is the easiest option.
Once sites are linked, services can be exposed and consumed across the application network without the need to open ports or manage inter-site connectivity.
A local system includes Docker, Podman or Linux system.
In this release, the CLI does not support issuing or redeeming tokens. In this release, the CLI does not support generating link
resource files.
To link a local system site to a Kubernetes site, see Linking sites on local systems using YAML
Chapter 15. Exposing services on the application network using the CLI Copy linkLink copied to clipboard!
After creating an application network by linking sites, you can expose services from one site using connectors and consume those services on other sites using listeners. A routing key is a string that matches one or more connectors with one or more listeners. For example, if you create a connector with the routing key backend
, you need to create a listener with the routing key backend
to consume that service.
This section assumes you have created and linked at least two sites.
15.1. Creating a connector using the CLI Copy linkLink copied to clipboard!
A connector binds a local workload to listeners in remote sites. Listeners and connectors are matched using routing keys.
For more information about connectors see Connector concept
Prerequisites
-
The
skupper
CLI is installed. -
The
SKUPPER_PLATFORM
environment variable is set to one of *podman
,docker
orlinux
.
Procedure
- Create a server that you want to expose on the network. For example, run a HTTP server on port 8080.
Create a connector:
skupper connector create <name> <port> [--routing-key <name>]
skupper connector create <name> <port> [--routing-key <name>]
Copy to Clipboard Copied! Toggle word wrap Toggle overflow For example:
skupper connector create my-server 8080 --host localhost
skupper connector create my-server 8080 --host localhost
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Check the connector status:
skupper connector status
skupper connector status
Copy to Clipboard Copied! Toggle word wrap Toggle overflow For example:
skupper connector status
$ skupper connector status NAME STATUS ROUTING-KEY HOST PORT my-server Ok my-server localhost 8081
Copy to Clipboard Copied! Toggle word wrap Toggle overflow 📌 NOTE By default, the routing key name is set to the name of the connector. If you want to use a custom routing key, set the
--routing-key
to your custom name.Apply the configuration using:
skupper system reload
skupper system reload
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
There are many options to consider when creating connectors using the CLI, see CLI Reference, including frequently used options.
15.2. Creating a listener using the CLI Copy linkLink copied to clipboard!
A listener binds a local connection endpoint to connectors in remote sites. Listeners and connectors are matched using routing keys.
Prerequisites
-
The
skupper
CLI is installed. -
The
SKUPPER_PLATFORM
environment variable is set to one of *podman
,docker
orlinux
.
Procedure
- Identify a connector that you want to use. Note the routing key of that connector.
Create a listener:
skupper connector create <name> <port> [--routing-key <name>]
skupper connector create <name> <port> [--routing-key <name>]
Copy to Clipboard Copied! Toggle word wrap Toggle overflow For example:
skupper listener create my-server 8080
$ skupper listener create my-server 8080 File written to /home/user/.local/share/skupper/namespaces/default/input/resources/Listener-backend.yaml
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Apply the configuration using:
skupper system reload
skupper system reload
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Check the listener status:
skupper listener status
skupper listener status
Copy to Clipboard Copied! Toggle word wrap Toggle overflow For example:
skupper listener status
$ skupper listener status NAME STATUS ROUTING-KEY HOST PORT my-server Ok my-server localhost 8081
Copy to Clipboard Copied! Toggle word wrap Toggle overflow 📌 NOTE There must be a matching connector for the service to operate. By default, the routing key name is the listener name. If you want to use a custom routing key, set the
--routing-key
to your custom name.
There are many options to consider when creating connectors using the CLI, see CLI Reference, including frequently used options.
Chapter 16. Overview of using YAML on local systems Copy linkLink copied to clipboard!
This is a Technology Preview feature.
Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process. For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope.
- Create sites
- Link sites (requires that one site has link access enabled)
- Expose and consume services
Chapter 17. Creating a site on local systems using YAML Copy linkLink copied to clipboard!
Using YAML allows you to create and manage sites on Docker, Podman and Linux.
A typical workflow is to create a site, link sites together, and expose services to the service network.
If you require more than one site, specify a unique namespace when using skupper
, for example skupper --namespace second-site ...
.
17.1. Creating a simple site on local systems using YAML Copy linkLink copied to clipboard!
You can use YAML to create and manage Skupper sites.
Prerequisites
-
The
skupper
CLI is installed.
Procedure
Create a site CR YAML file named
my-site.yaml
in an empty directory, for example,local
:apiVersion: skupper.io/v2alpha1 kind: Site metadata: name: my-site
apiVersion: skupper.io/v2alpha1 kind: Site metadata: name: my-site
Copy to Clipboard Copied! Toggle word wrap Toggle overflow This YAML creates a site named
my-site
in thedefault
namespace.Create the site:
skupper system setup --path ./local
skupper system setup --path ./local
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Skupper attempts to process any files in the
local
directory. Typically, you create all resources you require for a site before runningskupper system setup
.Check the status of the site:
skupper site status
skupper site status
Copy to Clipboard Copied! Toggle word wrap Toggle overflow You might need to issue the command multiple times before the site is ready:
NAME STATUS MESSAGE default Ready OK
NAME STATUS MESSAGE default Ready OK
Copy to Clipboard Copied! Toggle word wrap Toggle overflow You can now link this site to another site to create an application network.
There are many options to consider when creating sites using YAML, see YAML Reference, including frequently used options.
Chapter 18. Linking sites on local systems using YAML Copy linkLink copied to clipboard!
Using a link
resource YAML file allows you to create links between sites. The link direction is not significant, and is typically determined by ease of connectivity. For example, if east is behind a firewall, linking from east to west is the easiest option.
Once sites are linked, services can be exposed and consumed across the application network without the need to open ports or manage inter-site connectivity.
The procedures below describe linking an existing site. Typically, it is easier to configure a site, links and services in a set of files and then create a configured site by placing all the YAML files in a directory, for example local
and then using the following command to
18.1. Linking sites using a link resource Copy linkLink copied to clipboard!
An alternative approach to linking sites using tokens is to create a link
resource YAML file using the CLI, and to apply that resource to another site.
Prerequisites
- A local system site
-
A Kubernetes site with
enable-link-access
enabled.
To link sites, you create a link
resource YAML file on one site and apply that resource on the other site to create the link.
Procedure
On the site where you want to create a link , make sure link access is enabled:
skupper site update --enable-link-access
skupper site update --enable-link-access
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Create a
link
resource YAML file:skupper link generate > <filename>
skupper link generate > <filename>
Copy to Clipboard Copied! Toggle word wrap Toggle overflow where
<filename>
is the name of a YAML file that is saved on your local filesystem.Apply the
link
resource YAML file on a local system site to create a link:mv <filename> ~/.local/share/skupper/namespaces/default/input/resources/ skupper system setup --force
mv <filename> ~/.local/share/skupper/namespaces/default/input/resources/ skupper system setup --force
Copy to Clipboard Copied! Toggle word wrap Toggle overflow where
<filename>
is the name of a YAML file that is saved on your local filesystem.The path shown is specific to the
default
namespace. If you are configuring a different namespace, use that name instead.The site is recreated and you see some of the internal resources that are not affected, for example:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Check the status of the link:
skupper link status
skupper link status
Copy to Clipboard Copied! Toggle word wrap Toggle overflow The output shows the link name:
skupper link status
$ skupper link status NAME STATUS link-west Ok
Copy to Clipboard Copied! Toggle word wrap Toggle overflow You can now expose services on the application network.
Chapter 19. Exposing services on the application network using YAML Copy linkLink copied to clipboard!
After creating an application network by linking sites, you can expose services from one site using connectors and consume those services on other sites using listeners. A routing key is a string that matches one or more connectors with one or more listeners. For example, if you create a connector with the routing key backend
, you need to create a listener with the routing key backend
to consume that service.
This section assumes you have created and linked at least two sites.
19.1. Creating a connector using YAML Copy linkLink copied to clipboard!
A connector binds a local workload to listeners in remote sites. Listeners and connectors are matched using routing keys.
For more information about connectors see Connector concept
Procedure
Create a workload that you want to expose on the network, for example:
kubectl create deployment backend --image quay.io/skupper/hello-world-backend --replicas 3
kubectl create deployment backend --image quay.io/skupper/hello-world-backend --replicas 3
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Create a connector resource YAML file:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow This creates a connector in the
east
site and exposes thebackend
deployment on the network on port 8080. You can create a listener on a different site using the matching routing keybackend
to address this service.To create the connector resource:
kubectl apply -f <filename>
kubectl apply -f <filename>
Copy to Clipboard Copied! Toggle word wrap Toggle overflow where
<filename>
is the name of a YAML file that is saved on your local filesystem.Check the connector status:
kubectl get connector
kubectl get connector
Copy to Clipboard Copied! Toggle word wrap Toggle overflow For example:
NAME STATUS ROUTING-KEY SELECTOR HOST PORT HAS MATCHING LISTENER MESSAGE backend Pending backend app=backend 8080 false No matching listeners
NAME STATUS ROUTING-KEY SELECTOR HOST PORT HAS MATCHING LISTENER MESSAGE backend Pending backend app=backend 8080 false No matching listeners
Copy to Clipboard Copied! Toggle word wrap Toggle overflow 📌 NOTE By default, the routing key name is set to the name of the connector. If you want to use a custom routing key, set the
--routing-key
to your custom name.
There are many options to consider when creating connectors using YAML, see CLI Reference, including frequently used options.
19.2. Creating a listener using YAML Copy linkLink copied to clipboard!
A listener binds a local connection endpoint to connectors in remote sites. Listeners and connectors are matched using routing keys.
Procedure
- Identify a connector that you want to use. Note the routing key of that connector.
Create a listener resource YAML file:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow This creates a listener in the
west
site and matches with the connector that uses the routing keybackend
. It also creates a service namedeast-backend
exposed on port 8080 in the current namespace.To create the connector resource:
kubectl apply -f <filename>
kubectl apply -f <filename>
Copy to Clipboard Copied! Toggle word wrap Toggle overflow where
<filename>
is the name of a YAML file that is saved on your local filesystem.Check the listener status:
kubectl get listener
kubectl get listener
Copy to Clipboard Copied! Toggle word wrap Toggle overflow For example:
NAME ROUTING KEY PORT HOST STATUS HAS MATCHING CONNECTOR MESSAGE backend backend 8080 east-backend Ready true OK
NAME ROUTING KEY PORT HOST STATUS HAS MATCHING CONNECTOR MESSAGE backend backend 8080 east-backend Ready true OK
Copy to Clipboard Copied! Toggle word wrap Toggle overflow 📌 NOTE There must be a
MATCHING-CONNECTOR
for the service to operate.
There are many options to consider when creating connectors using YAML, see CLI Reference, including frequently used options.
Chapter 20. Service Interconnect reference Copy linkLink copied to clipboard!
20.1. Reference Copy linkLink copied to clipboard!
20.1.1. Skupper concepts Copy linkLink copied to clipboard!
20.1.1.1. Site concept Copy linkLink copied to clipboard!
A site is a place on the network where application workloads are running. Sites are joined by links.
A site is associated with one platform and one network. Each site has zero or more workloads and zero or more links.
Sites operate on multiple platforms. One site corresponds to one namespace in a platform instance. Sites can be added to a network and removed from a network dynamically.
Each site has a Skupper router which is responsible for communicating with the local workloads and forwarding traffic to routers in remote sites.
20.1.1.2. Workload concept Copy linkLink copied to clipboard!
A workload is a set of processes running on a platform. A process is a pod, container, or system process. Workloads in a site are exposed as services on the network using connectors.
A platform has zero or more workloads. A site also has zero or more workloads. Each workload has zero or more processes and zero or more connectors.
A workload implements one part of an application by providing a network interface (for example, an API) that other parts of the application use. A workload can be both a client and a server.
On Kubernetes, a workload is a Deployment, StatefulSet, or DaemonSet. On Docker or Podman, a workload is a set of containers. On Linux, a workload is a set of system processes.
20.1.1.3. Platform concept Copy linkLink copied to clipboard!
A platform is a system for running application workloads. A platform hosts sites. Skupper supports Kubernetes, Docker, Podman, and Linux. Each site in a network can run on any supported platform.
Platforms provide namespaces for related workloads and resources. Skupper uses namespaces to host multiple independent sites on one instance of a platform. Each site on a platform can belong to a distinct application network.
A platform has zero or more namespaces. Each namespace is associated with zero or more workloads. A namespace may be associated with a site.
20.1.1.4. Network concept Copy linkLink copied to clipboard!
A network is a set of sites joined by links. A Skupper network is also known as an application network or virtual application network (VAN).
A network has one or more sites. Each site belongs to only one network.
Each site in the network can expose services to other sites in the network. In turn, each site in the network can access those exposed services. Each network is meant for one distributed application. This provides isolation from other applications and networks.
20.1.1.5. Link concept Copy linkLink copied to clipboard!
A link is a channel for communication between sites. Links carry application connections and requests. A set of linked sites constitutes a network.
To create a link to a remote site, the remote site must enable link access. Link access provides an external access point for accepting links.
A site has zero or more links. Each link has a host, port, and TLS credentials for making a mutual TLS connection to a remote site. In addition, a site has zero or more link accesses. Usually only one is needed per site. Each link access has a host, port, and TLS credentials for exposing a TLS endpoint that accepts connections from remote sites.
Application connections and requests flow across links in both directions. A linked site can communicate with any other site in the network, even if it is not linked directly. Links can be added and removed dynamically.
You can use access tokens to securely exchange the connection details required to create a link.
20.1.1.6. Access token concept Copy linkLink copied to clipboard!
An access token is a short-lived credential used to create a link. An access token contains the URL and secret code of a corresponding access grant.
Access tokens are issued from access grants. A grant issues zero or more tokens. Tokens are redeemed for links.
Access tokens have limited redemptions and limited lifespans. By default, they can be redeemed only once, and they expire 15 minutes after being issued. You can set custom limits by configuring the access grant.
- A site wishing to accept a link (site 1) creates an access grant.
- It uses the access grant to issue a corresponding access token and transfers it to a remote site (site 2).
- Site 2 submits the access token to site 1 for redemption.
- If the token is valid, site 1 sends site 2 the TLS host, port, and credentials required to create a link to site 1.
20.1.1.7. Listener concept Copy linkLink copied to clipboard!
A listener binds a local connection endpoint to connectors in remote sites. Listeners and connectors are matched using routing keys.
A site has zero or more listeners. Each listener has an associated connection endpoint and routing key. The connection endpoint exposes a host and port for accepting connections from local clients. The routing key is a string identifier that binds the listener to connectors in remote sites.
On Kubernetes, a listener is implemented as a Service. On Docker, Podman, and Linux, it is a listening socket bound to a local network interface.
Skupper routers forward client connections across the network from listeners to connectors with matching routing keys. The connectors then forward the client connections to the workload servers.
20.1.1.8. Connector concept Copy linkLink copied to clipboard!
A connector binds a local workload to listeners in remote sites. Listeners and connectors are matched using routing keys.
A site has zero or more connectors. Each connector has an associated workload and routing key. The workload can be specified as a Kubernetes pod selector or as the host and port of a local network service. The routing key is a string identifier that binds the connector to listeners in remote sites.
On Kubernetes, the workload is usually specified using a pod selector. On Docker, Podman, and Linux, it is specified using a host and port.
Skupper routers forward client connections across the network from listeners to connectors with matching routing keys. The connectors then forward the client connections to the workload servers.
20.1.1.9. Routing key concept Copy linkLink copied to clipboard!
A routing key is a string identifier for matching listeners and connectors.
A routing key has zero or more listeners and zero or more connectors. A service is exposed on the application network when it has at least one listener and one connector, matched by routing key.
20.1.1.10. Application concept Copy linkLink copied to clipboard!
An application is a set of components that work together. A Skupper network is dedicated to one application.
An application has one or more components.
20.1.1.11. Component concept Copy linkLink copied to clipboard!
A component is a logical part of an application. Each component has a set of responsibilities in achieving the goals of the application. Components provide and require interfaces such as REST APIs or database listeners. A component is implemented by workloads.
An application has one or more components. Each component provides and requires zero or more interfaces. Each component is implemented by zero or more workloads.
20.1.2. Skupper resources Copy linkLink copied to clipboard!
20.1.2.1. Site resource Copy linkLink copied to clipboard!
A site is a place on the network where application workloads are running. Sites are joined by links.
The Site resource is the basis for site configuration. It is the parent of all Skupper resources in its namespace. There can be only one active Site resource per namespace.
Examples
A minimal site:
apiVersion: skupper.io/v2alpha1 kind: Site metadata: name: east namespace: hello-world-east
apiVersion: skupper.io/v2alpha1
kind: Site
metadata:
name: east
namespace: hello-world-east
A site configured to accept links:
name Type: string
The name of the resource.
See also: Kubernetes object names
namespace Type: string
The namespace of the resource.
See also: Platform concept, Kubernetes namespaces, System namespaces
linkAccess Type: string
Configure external access for links from remote sites.
Sites and links are the basis for creating application networks. In a simple two-site network, at least one of the sites must have link access enabled.
- Default
- none
- Choices:: none
- No linking to this site is permitted.
- default
-
Use the default link access for the current platform. On OpenShift, the default is
route
. For other Kubernetes flavors, the default isloadbalancer
. - route
- Use an OpenShift route. OpenShift only.
- loadbalancer
- Use a Kubernetes load balancer.
- Updatable
- True See also: Link concept, Site linking
ha Type: boolean
Configure the site for high availability (HA). HA sites have two active routers.
Note that Skupper routers are stateless, and they restart after failure. This already provides a high level of availability. Enabling HA goes further and reduces the window of downtime caused by restarts.
- Default
- False Updatable:: True See also: High availability
defaultIssuer Type: string
The name of a Kubernetes secret containing the signing CA used to generate a certificate from a token. A secret is generated if none is specified.
This issuer is used by AccessGrant and RouterAccess if a specific issuer is not set.
- Default
- skupper-site-ca
- Updatable
- True See also: Router TLS, Kubernetes TLS secrets
edge Type: boolean
Configure the site to operate in edge mode. Edge sites cannot accept links from remote sites.
Edge mode can help you scale your network to large numbers of sites. However, for networks with 16 or fewer sites, there is little benefit.
Currently, edge sites cannot also have HA enabled.
- Default
- False See also: Large networks
serviceAccount Type: string
The name of the Kubernetes service account under which to run the Skupper router. A service account is generated if none is specified.
- Default
- Generated
See also: Kubernetes service accounts
settings Type: object
A map containing additional settings. Each map entry has a string name and a string value.
In general, we recommend not changing settings from their default values.
-
routerDataConnections
: Set the number of data connections the router uses when linking to other routers. + Default: Computed based on the number of router worker threads. Minimum 2. -
routerLogging
: Set the router logging level. + Default:info
. Choices:info
,warning
,error
.
See also: Resource settings
status Type: string
The current state of the resource.
-
Pending
: The resource is being processed. -
Error
: There was an error processing the resource. Seemessage
for more information. -
Ready
: The resource is ready to use.
See also: Resource status
message Type: string
A human-readable status message. Error messages are reported here.
See also: Resource status
conditions Type: array
A set of named conditions describing the current state of the resource.
-
Configured
: The output resources for this resource have been created. -
Running
: There is at least one router pod running. -
Resolved
: The hostname or IP address for link access is available. -
Ready
: The site is ready for use. All other conditions are true.
See also: Resource status, Kubernetes conditions
defaultIssuer Type: string
The name of the Kubernetes secret containing the active default signing CA.
See also: Router TLS, Kubernetes TLS secrets
endpoints Type: array
An array of connection endpoints. Each item has a name, host, port, and group.
These include connection endpoints for link access.
See also: Link concept, Site linking
20.1.2.2. Link resource Copy linkLink copied to clipboard!
sitesInNetwork Type: integer
See also: Network concept
A link is a channel for communication between sites. Links carry application connections and requests. A set of linked sites constitutes a network.
A Link resource specifies remote connection endpoints and TLS credentials for establishing a mutual TLS connection to a remote site. To create an active link, the remote site must first enable link access. Link access provides an external access point for accepting links.
Links are not usually created directly. Instead, you can use an access token to obtain a link.
name Type: string
The name of the resource.
See also: Kubernetes object names
namespace Type: string
The namespace of the resource.
See also: Platform concept, Kubernetes namespaces, System namespaces
endpoints Type: array
An array of connection endpoints. Each item has a name, host, port, and group.
cost Type: integer
The configured routing cost of sending traffic over the link.
- Default
- 1 See also: Load balancing
tlsCredentials Type: string
The name of a bundle of certificates used for mutual TLS router-to-router communication. The bundle contains the client certificate and key and the trusted server certificate (usually a CA).
On Kubernetes, the value is the name of a Secret in the current namespace.
On Docker, Podman, and Linux, the value is the name of a directory under input/certs/
in the current namespace.
See also: Router TLS, Kubernetes TLS secrets, System TLS credentials
settings Type: object
A map containing additional settings. Each map entry has a string name and a string value.
In general, we recommend not changing settings from their default values.
See also: Resource settings
status Type: string
The current state of the resource.
-
Pending
: The resource is being processed. -
Error
: There was an error processing the resource. Seemessage
for more information. -
Ready
: The resource is ready to use.
See also: Resource status
message Type: string
A human-readable status message. Error messages are reported here.
See also: Resource status
remoteSiteId Type: string
The unique ID of the site linked to.
remoteSiteName Type: string
The name of the site linked to.
conditions Type: array
A set of named conditions describing the current state of the resource.
-
Configured
: The link configuration has been applied to the router. -
Operational
: The link to the remote site is active. -
Ready
: The link is ready to use. All other conditions are true.
See also: Resource status, Kubernetes conditions
20.1.2.3. Listener resource Copy linkLink copied to clipboard!
A listener binds a local connection endpoint to connectors in remote sites. Listeners and connectors are matched by routing key.
A Listener resource specifies a host and port for accepting connections from local clients. To expose a multi-port service, create multiple listeners with the same host value.
Examples
A listener in site West for the Hello World backend service in site East:
name Type: string
The name of the resource.
See also: Kubernetes object names
namespace Type: string
The namespace of the resource.
See also: Platform concept, Kubernetes namespaces, System namespaces
routingKey Type: string
The identifier used to route traffic from listeners to connectors. To enable connecting to a service at a remote site, the local listener and the remote connector must have matching routing keys.
- Updatable
- True See also: Routing key concept
host Type: string
The hostname or IP address of the local listener. Clients at this site use the listener host and port to establish connections to the remote service.
- Updatable
- True
port Type: integer
The port of the local listener. Clients at this site use the listener host and port to establish connections to the remote service.
- Updatable
- True
exposePodsByName Type: boolean
If true, expose each pod as an individual service.
- Default
- False See also: Individual pod services
tlsCredentials Type: string
The name of a bundle of TLS certificates used for secure client-to-router communication. The bundle contains the server certificate and key. It optionally includes the trusted client certificate (usually a CA) for mutual TLS.
On Kubernetes, the value is the name of a Secret in the current namespace. On Docker, Podman, and Linux, the value is the name of a directory under input/certs/
in the current namespace.
See also: Application TLS, Kubernetes TLS secrets, System TLS credentials
settings Type: object
A map containing additional settings. Each map entry has a string name and a string value.
In general, we recommend not changing settings from their default values.
-
observer
: Set the protocol observer used to generate traffic metrics. + Default:auto
. Choices:auto
,none
,http1
,http2
.
See also: Resource settings
status Type: string
The current state of the resource.
-
Pending
: The resource is being processed. -
Error
: There was an error processing the resource. Seemessage
for more information. -
Ready
: The resource is ready to use.
See also: Resource status
message Type: string
A human-readable status message. Error messages are reported here.
See also: Resource status
hasMatchingConnector Type: boolean
True if there is at least one connector with a matching routing key (usually in a remote site).
- Default
- False See also: Routing key concept
conditions Type: array
A set of named conditions describing the current state of the resource.
-
Configured
: The listener configuration has been applied to the router. -
Matched
: There is at least one connector corresponding to this listener. -
Ready
: The listener is ready to use. All other conditions are true.
See also: Resource status, Kubernetes conditions
20.1.2.4. Connector resource Copy linkLink copied to clipboard!
A connector binds a local workload to listeners in remote sites. Listeners and connectors are matched by routing key.
On Kubernetes, a Connector resource has a selector and port for specifying workload pods.
On Docker, Podman, and Linux, a Connector resource has a host and port for specifying a local server. Optionally, Kubernetes can also use a host and port.
Examples
A connector in site East for the Hello World backend service:
name Type: string
The name of the resource.
See also: Kubernetes object names
namespace Type: string
The namespace of the resource.
See also: Platform concept, Kubernetes namespaces, System namespaces
routingKey Type: string
The identifier used to route traffic from listeners to connectors. To expose a local workload to a remote site, the remote listener and the local connector must have matching routing keys.
- Updatable
- True See also: Routing key concept
port Type: integer
The port on the target server to connect to.
- Updatable
- True
selector Type: string
A Kubernetes label selector for specifying target server pods. It uses <label-name>=<label-value>
syntax.
On Kubernetes, either selector
or host
is required.
- Updatable
- True See also: Kubernetes label selectors
host Type: string
The hostname or IP address of the server. This is an alternative to selector
for specifying the target server.
On Kubernetes, either selector
or host
is required.
On Docker, Podman, or Linux, host
is required.
- Updatable
- True
includeNotReadyPods Type: boolean
If true, include server pods in the NotReady
state.
- Default
- False
exposePodsByName Type: boolean
If true, expose each pod as an individual service.
- Default
- False See also: Individual pod services
tlsCredentials Type: string
The name of a bundle of TLS certificates used for secure router-to-server communication. The bundle contains the trusted server certificate (usually a CA). It optionally includes a client certificate and key for mutual TLS.
On Kubernetes, the value is the name of a Secret in the current namespace. On Docker, Podman, and Linux, the value is the name of a directory under input/certs/
in the current namespace.
See also: Application TLS, Kubernetes TLS secrets, System TLS credentials
useClientCert Type: boolean
Send the client certificate when connecting in order to enable mutual TLS.
- Default
- False See also: Application TLS
verifyHostname Type: boolean
If true, require that the hostname of the server connected to matches the hostname in the server’s certificate.
- Default
- False See also: Application TLS
settings Type: object
A map containing additional settings. Each map entry has a string name and a string value.
In general, we recommend not changing settings from their default values.
See also: Resource settings
status Type: string
The current state of the resource.
-
Pending
: The resource is being processed. -
Error
: There was an error processing the resource. Seemessage
for more information. -
Ready
: The resource is ready to use.
See also: Resource status
message Type: string
A human-readable status message. Error messages are reported here.
See also: Resource status
hasMatchingListener Type: boolean
True if there is at least one listener with a matching routing key (usually in a remote site).
- Default
- False See also: Routing key concept
conditions Type: array
A set of named conditions describing the current state of the resource.
-
Configured
: The connector configuration has been applied to the router. -
Matched
: There is at least one listener corresponding to this connector. -
Ready
: The connector is ready to use. All other conditions are true.
20.1.2.5. Site resource Copy linkLink copied to clipboard!
selectedPods Type: array
A site is a place on the network where application workloads are running. Sites are joined by links.
The Site resource is the basis for site configuration. It is the parent of all Skupper resources in its namespace. There can be only one active Site resource per namespace.
Examples
A minimal site:
apiVersion: skupper.io/v2alpha1 kind: Site metadata: name: east namespace: hello-world-east
apiVersion: skupper.io/v2alpha1
kind: Site
metadata:
name: east
namespace: hello-world-east
A site configured to accept links:
name Type: string
The name of the resource.
See also: Kubernetes object names
namespace Type: string
The namespace of the resource.
See also: Platform concept, Kubernetes namespaces, System namespaces
linkAccess Type: string
Configure external access for links from remote sites.
Sites and links are the basis for creating application networks. In a simple two-site network, at least one of the sites must have link access enabled.
- Default
- none
- Choices:: none
- No linking to this site is permitted.
- default
-
Use the default link access for the current platform. On OpenShift, the default is
route
. For other Kubernetes flavors, the default isloadbalancer
. - route
- Use an OpenShift route. OpenShift only.
- loadbalancer
- Use a Kubernetes load balancer.
- Updatable
- True See also: Link concept, Site linking
ha Type: boolean
Configure the site for high availability (HA). HA sites have two active routers.
Note that Skupper routers are stateless, and they restart after failure. This already provides a high level of availability. Enabling HA goes further and reduces the window of downtime caused by restarts.
- Default
- False Updatable:: True See also: High availability
defaultIssuer Type: string
The name of a Kubernetes secret containing the signing CA used to generate a certificate from a token. A secret is generated if none is specified.
This issuer is used by AccessGrant and RouterAccess if a specific issuer is not set.
- Default
- skupper-site-ca
- Updatable
- True See also: Router TLS, Kubernetes TLS secrets
edge Type: boolean
Configure the site to operate in edge mode. Edge sites cannot accept links from remote sites.
Edge mode can help you scale your network to large numbers of sites. However, for networks with 16 or fewer sites, there is little benefit.
Currently, edge sites cannot also have HA enabled.
- Default
- False See also: Large networks
serviceAccount Type: string
The name of the Kubernetes service account under which to run the Skupper router. A service account is generated if none is specified.
- Default
- Generated
See also: Kubernetes service accounts
settings Type: object
A map containing additional settings. Each map entry has a string name and a string value.
In general, we recommend not changing settings from their default values.
-
routerDataConnections
: Set the number of data connections the router uses when linking to other routers. + Default: Computed based on the number of router worker threads. Minimum 2. -
routerLogging
: Set the router logging level. + Default:info
. Choices:info
,warning
,error
.
See also: Resource settings
status Type: string
The current state of the resource.
-
Pending
: The resource is being processed. -
Error
: There was an error processing the resource. Seemessage
for more information. -
Ready
: The resource is ready to use.
See also: Resource status
message Type: string
A human-readable status message. Error messages are reported here.
See also: Resource status
conditions Type: array
A set of named conditions describing the current state of the resource.
-
Configured
: The output resources for this resource have been created. -
Running
: There is at least one router pod running. -
Resolved
: The hostname or IP address for link access is available. -
Ready
: The site is ready for use. All other conditions are true.
See also: Resource status, Kubernetes conditions
defaultIssuer Type: string
The name of the Kubernetes secret containing the active default signing CA.
See also: Router TLS, Kubernetes TLS secrets
endpoints Type: array
An array of connection endpoints. Each item has a name, host, port, and group.
These include connection endpoints for link access.
See also: Link concept, Site linking
20.1.2.6. Link resource Copy linkLink copied to clipboard!
sitesInNetwork Type: integer
See also: Network concept
A link is a channel for communication between sites. Links carry application connections and requests. A set of linked sites constitutes a network.
A Link resource specifies remote connection endpoints and TLS credentials for establishing a mutual TLS connection to a remote site. To create an active link, the remote site must first enable link access. Link access provides an external access point for accepting links.
Links are not usually created directly. Instead, you can use an access token to obtain a link.
name Type: string
The name of the resource.
See also: Kubernetes object names
namespace Type: string
The namespace of the resource.
See also: Platform concept, Kubernetes namespaces, System namespaces
endpoints Type: array
An array of connection endpoints. Each item has a name, host, port, and group.
cost Type: integer
The configured routing cost of sending traffic over the link.
- Default
- 1 See also: Load balancing
tlsCredentials Type: string
The name of a bundle of certificates used for mutual TLS router-to-router communication. The bundle contains the client certificate and key and the trusted server certificate (usually a CA).
On Kubernetes, the value is the name of a Secret in the current namespace.
On Docker, Podman, and Linux, the value is the name of a directory under input/certs/
in the current namespace.
See also: Router TLS, Kubernetes TLS secrets, System TLS credentials
settings Type: object
A map containing additional settings. Each map entry has a string name and a string value.
In general, we recommend not changing settings from their default values.
See also: Resource settings
status Type: string
The current state of the resource.
-
Pending
: The resource is being processed. -
Error
: There was an error processing the resource. Seemessage
for more information. -
Ready
: The resource is ready to use.
See also: Resource status
message Type: string
A human-readable status message. Error messages are reported here.
See also: Resource status
remoteSiteId Type: string
The unique ID of the site linked to.
remoteSiteName Type: string
The name of the site linked to.
conditions Type: array
A set of named conditions describing the current state of the resource.
-
Configured
: The link configuration has been applied to the router. -
Operational
: The link to the remote site is active. -
Ready
: The link is ready to use. All other conditions are true.
See also: Resource status, Kubernetes conditions
20.1.2.7. AccessGrant resource Copy linkLink copied to clipboard!
Permission to redeem access tokens for links to the local site. A remote site can use a token containing the grant URL and secret code to obtain a certificate signed by the grant’s certificate authority (CA), within a certain expiration window and for a limited number of redemptions.
The code
, url
, and ca
properties of the resource status are used to generate access tokens from the grant.
name Type: string
The name of the resource.
See also: Kubernetes object names
namespace Type: string
The namespace of the resource.
See also: Platform concept, Kubernetes namespaces, System namespaces
redemptionsAllowed Type: integer
The number of times an access token for this grant can be redeemed.
- Default
- 1
expirationWindow Type: string (duration)
The period of time in which an access token for this grant can be redeemed.
- Default
- 15m
code Type: string
The secret code to use to authenticate access tokens submitted for redemption.
If not set, a value is generated and placed in the code
status property.
issuer Type: string
The name of a Kubernetes secret used to generate a certificate when redeeming a token for this grant.
If not set, defaultIssuer
on the Site rsource is used.
See also: Router TLS, Kubernetes TLS secrets
settings Type: object
A map containing additional settings. Each map entry has a string name and a string value.
In general, we recommend not changing settings from their default values.
See also: Resource settings
status Type: string
The current state of the resource.
-
Pending
: The resource is being processed. -
Error
: There was an error processing the resource. Seemessage
for more information. -
Ready
: The resource is ready to use.
See also: Resource status
message Type: string
A human-readable status message. Error messages are reported here.
See also: Resource status
redemptions Type: integer
The number of times a token for this grant has been redeemed.
expirationTime Type: string (date-time)
The point in time when the grant expires.
url Type: string
The URL of the token-redemption service for this grant.
ca Type: string
The trusted server certificate of the token-redemption service for this grant.
code Type: string
The secret code used to authenticate access tokens submitted for redemption.
- Default
- Generated
conditions Type: array
A set of named conditions describing the current state of the resource.
-
Processed
: The controller has accepted the grant. -
Resolved
: The grant service is available to process tokens for this grant. -
Ready
: The grant is ready to use. All other conditions are true.
See also: Resource status, Kubernetes conditions
20.1.2.8. AccessToken resource Copy linkLink copied to clipboard!
A short-lived credential used to create a link. An access token contains the URL and secret code of a corresponding access grant.
name Type: string
The name of the resource.
See also: Kubernetes object names
namespace Type: string
The namespace of the resource.
See also: Platform concept, Kubernetes namespaces, System namespaces
url Type: string
The URL of the grant service at the remote site.
code Type: string
The secret code used to authenticate the token when submitted for redemption.
ca Type: string
The trusted server certificate of the grant service at the remote site.
linkCost Type: integer
The link cost to use when creating the link.
- Default
- 1 See also: Load balancing
settings Type: object
A map containing additional settings. Each map entry has a string name and a string value.
In general, we recommend not changing settings from their default values.
See also: Resource settings
redeemed Type: boolean
True if the token has been redeemed. Once a token is redeemed, it cannot be used again.
- Default
- False
status Type: string
The current state of the resource.
-
Pending
: The resource is being processed. -
Error
: There was an error processing the resource. Seemessage
for more information. -
Ready
: The resource is ready to use.
See also: Resource status
message Type: string
A human-readable status message. Error messages are reported here.
See also: Resource status
conditions Type: array
A set of named conditions describing the current state of the resource.
-
Redeemed
: The token has been exchanged for a link.
See also: Resource status, Kubernetes conditions
20.1.2.9. Listener resource Copy linkLink copied to clipboard!
A listener binds a local connection endpoint to connectors in remote sites. Listeners and connectors are matched by routing key.
A Listener resource specifies a host and port for accepting connections from local clients. To expose a multi-port service, create multiple listeners with the same host value.
Examples
A listener in site West for the Hello World backend service in site East:
name Type: string
The name of the resource.
See also: Kubernetes object names
namespace Type: string
The namespace of the resource.
See also: Platform concept, Kubernetes namespaces, System namespaces
routingKey Type: string
The identifier used to route traffic from listeners to connectors. To enable connecting to a service at a remote site, the local listener and the remote connector must have matching routing keys.
- Updatable
- True See also: Routing key concept
host Type: string
The hostname or IP address of the local listener. Clients at this site use the listener host and port to establish connections to the remote service.
- Updatable
- True
port Type: integer
The port of the local listener. Clients at this site use the listener host and port to establish connections to the remote service.
- Updatable
- True
exposePodsByName Type: boolean
If true, expose each pod as an individual service.
- Default
- False See also: Individual pod services
tlsCredentials Type: string
The name of a bundle of TLS certificates used for secure client-to-router communication. The bundle contains the server certificate and key. It optionally includes the trusted client certificate (usually a CA) for mutual TLS.
On Kubernetes, the value is the name of a Secret in the current namespace. On Docker, Podman, and Linux, the value is the name of a directory under input/certs/
in the current namespace.
See also: Application TLS, Kubernetes TLS secrets, System TLS credentials
settings Type: object
A map containing additional settings. Each map entry has a string name and a string value.
In general, we recommend not changing settings from their default values.
-
observer
: Set the protocol observer used to generate traffic metrics. + Default:auto
. Choices:auto
,none
,http1
,http2
.
See also: Resource settings
status Type: string
The current state of the resource.
-
Pending
: The resource is being processed. -
Error
: There was an error processing the resource. Seemessage
for more information. -
Ready
: The resource is ready to use.
See also: Resource status
message Type: string
A human-readable status message. Error messages are reported here.
See also: Resource status
hasMatchingConnector Type: boolean
True if there is at least one connector with a matching routing key (usually in a remote site).
- Default
- False See also: Routing key concept
conditions Type: array
A set of named conditions describing the current state of the resource.
-
Configured
: The listener configuration has been applied to the router. -
Matched
: There is at least one connector corresponding to this listener. -
Ready
: The listener is ready to use. All other conditions are true.
See also: Resource status, Kubernetes conditions
20.1.2.10. Connector resource Copy linkLink copied to clipboard!
A connector binds a local workload to listeners in remote sites. Listeners and connectors are matched by routing key.
On Kubernetes, a Connector resource has a selector and port for specifying workload pods.
On Docker, Podman, and Linux, a Connector resource has a host and port for specifying a local server. Optionally, Kubernetes can also use a host and port.
Examples
A connector in site East for the Hello World backend service:
name Type: string
The name of the resource.
See also: Kubernetes object names
namespace Type: string
The namespace of the resource.
See also: Platform concept, Kubernetes namespaces, System namespaces
routingKey Type: string
The identifier used to route traffic from listeners to connectors. To expose a local workload to a remote site, the remote listener and the local connector must have matching routing keys.
- Updatable
- True See also: Routing key concept
port Type: integer
The port on the target server to connect to.
- Updatable
- True
selector Type: string
A Kubernetes label selector for specifying target server pods. It uses <label-name>=<label-value>
syntax.
On Kubernetes, either selector
or host
is required.
- Updatable
- True See also: Kubernetes label selectors
host Type: string
The hostname or IP address of the server. This is an alternative to selector
for specifying the target server.
On Kubernetes, either selector
or host
is required.
On Docker, Podman, or Linux, host
is required.
- Updatable
- True
includeNotReadyPods Type: boolean
If true, include server pods in the NotReady
state.
- Default
- False
exposePodsByName Type: boolean
If true, expose each pod as an individual service.
- Default
- False See also: Individual pod services
tlsCredentials Type: string
The name of a bundle of TLS certificates used for secure router-to-server communication. The bundle contains the trusted server certificate (usually a CA). It optionally includes a client certificate and key for mutual TLS.
On Kubernetes, the value is the name of a Secret in the current namespace. On Docker, Podman, and Linux, the value is the name of a directory under input/certs/
in the current namespace.
See also: Application TLS, Kubernetes TLS secrets, System TLS credentials
useClientCert Type: boolean
Send the client certificate when connecting in order to enable mutual TLS.
- Default
- False See also: Application TLS
verifyHostname Type: boolean
If true, require that the hostname of the server connected to matches the hostname in the server’s certificate.
- Default
- False See also: Application TLS
settings Type: object
A map containing additional settings. Each map entry has a string name and a string value.
In general, we recommend not changing settings from their default values.
See also: Resource settings
status Type: string
The current state of the resource.
-
Pending
: The resource is being processed. -
Error
: There was an error processing the resource. Seemessage
for more information. -
Ready
: The resource is ready to use.
See also: Resource status
message Type: string
A human-readable status message. Error messages are reported here.
See also: Resource status
hasMatchingListener Type: boolean
True if there is at least one listener with a matching routing key (usually in a remote site).
- Default
- False See also: Routing key concept
conditions Type: array
A set of named conditions describing the current state of the resource.
-
Configured
: The connector configuration has been applied to the router. -
Matched
: There is at least one listener corresponding to this connector. -
Ready
: The connector is ready to use. All other conditions are true.
20.1.2.11. AttachedConnector resource Copy linkLink copied to clipboard!
selectedPods Type: array
A connector in a peer namespace.
name Type: string
The name of the resource.
The name must be the same as that of the associated AttachedConnectorBinding resource in the site namespace.
See also: Kubernetes object names
namespace Type: string
The namespace of the resource.
See also: Platform concept, Kubernetes namespaces, System namespaces
siteNamespace Type: string
The name of the namespace in which the site this connector should be attached to is defined.
port Type: integer
The port on the target server to connect to.
- Updatable
- True
selector Type: string
A Kubernetes label selector for specifying target server pods. It uses <label-name>=<label-value>
syntax.
On Kubernetes, either selector
or host
is required.
- Updatable
- True See also: Kubernetes label selectors
includeNotReadyPods Type: boolean
If true, include server pods in the NotReady
state.
- Default
- False
tlsCredentials Type: string
The name of a bundle of TLS certificates used for secure router-to-server communication. The bundle contains the trusted server certificate (usually a CA). It optionally includes a client certificate and key for mutual TLS.
On Kubernetes, the value is the name of a Secret in the current namespace. On Docker, Podman, and Linux, the value is the name of a directory under input/certs/
in the current namespace.
See also: Application TLS, Kubernetes TLS secrets, System TLS credentials
settings Type: object
A map containing additional settings. Each map entry has a string name and a string value.
In general, we recommend not changing settings from their default values.
See also: Resource settings
status Type: string
The current state of the resource.
-
Pending
: The resource is being processed. -
Error
: There was an error processing the resource. Seemessage
for more information. -
Ready
: The resource is ready to use.
See also: Resource status
conditions Type: array
A set of named conditions describing the current state of the resource.
See also: Resource status, Kubernetes conditions
20.1.2.12. AttachedConnectorBinding resource Copy linkLink copied to clipboard!
selectedPods Type: array
A binding to an attached connector in a peer namespace.
name Type: string
The name of the resource.
The name must be the same as that of the associated AttachedConnector resource in the connector namespace.
See also: Kubernetes object names
namespace Type: string
The namespace of the resource.
See also: Platform concept, Kubernetes namespaces, System namespaces
connectorNamespace Type: string
The name of the namespace where the associated AttachedConnector is located.
routingKey Type: string
The identifier used to route traffic from listeners to connectors. To expose a local workload to a remote site, the remote listener and the local connector must have matching routing keys.
- Updatable
- True See also: Routing key concept
exposePodsByName Type: boolean
If true, expose each pod as an individual service.
- Default
- False See also: Individual pod services
settings Type: object
A map containing additional settings. Each map entry has a string name and a string value.
In general, we recommend not changing settings from their default values.
See also: Resource settings
status Type: string
The current state of the resource.
-
Pending
: The resource is being processed. -
Error
: There was an error processing the resource. Seemessage
for more information. -
Ready
: The resource is ready to use.
See also: Resource status
hasMatchingListener Type: boolean
True if there is at least one listener with a matching routing key (usually in a remote site).
- Default
- False See also: Routing key concept
conditions Type: array
A set of named conditions describing the current state of the resource.
See also: Resource status, Kubernetes conditions
20.1.3. Skupper commands Copy linkLink copied to clipboard!
20.1.4. CLI Group: Site operations Copy linkLink copied to clipboard!
20.1.4.1. Using Site Copy linkLink copied to clipboard!
20.1.4.1.1. Site command Copy linkLink copied to clipboard!
skupper site [subcommand] [options]
skupper site [subcommand] [options]
Field | Value |
---|---|
Platforms | Kubernetes, Docker, Podman, Linux |
Command | Description |
---|---|
Create a site | |
Change site settings | |
Delete a site | |
Display the status of a site | |
Generate a Site resource |
20.1.4.1.2. Site create command Copy linkLink copied to clipboard!
skupper site create <name> [options]
skupper site create <name> [options]
Create a site.
Field | Value |
---|---|
Platforms | Kubernetes, Docker, Podman, Linux |
Waits for | Ready |
Examples
Primary options
<name> required
A name of your choice for the Skupper site. This name is displayed in the console and CLI output.
See also: Kubernetes object names
--enable-link-access frequently used
Allow external access for links from remote sites.
Sites and links are the basis for creating application networks. In a simple two-site network, at least one of the sites must have link access enabled.
See also: Link concept, Site linking
--link-access-type
Configure external access for links from remote sites.
Sites and links are the basis for creating application networks. In a simple two-site network, at least one of the sites must have link access enabled.
- Default
- default
- Choices:: default
-
Use the default link access. On OpenShift, the default is
route
. For other Kubernetes flavors, the default isloadbalancer
. - route
- Use an OpenShift route. OpenShift only.
- loadbalancer
- Use a Kubernetes load balancer. Kubernetes only.
- Platforms:: Kubernetes Updatable
- True See also: Site linking
--enable-ha
Configure the site for high availability (HA). HA sites have two active routers.
Note that Skupper routers are stateless, and they restart after failure. This already provides a high level of availability. Enabling HA goes further and reduces the window of downtime caused by restarts.
- Default
- False Platforms:: Kubernetes Updatable:: True See also: High availability
--timeout
Raise an error if the operation does not complete in the given period of time.
- Default
- 60s
- Platforms
- Kubernetes See also: Duration format
--wait
Wait for the given status before exiting.
- Default
- ready
- Choices:: none
- Do not wait.
- configured
- Wait until the configuration is applied.
- ready
- Wait until the resource is ready to use.
- Platforms
- Kubernetes See also: Resource status
Global options
--context global
Set the kubeconfig context.
- Platforms
- Kubernetes See also: Kubernetes kubeconfigs
--kubeconfig global
Set the path to the kubeconfig file.
- Platforms
- Kubernetes See also: Kubernetes kubeconfigs
--namespace global
Set the current namespace.
See also: Kubernetes namespaces, System namespaces
--platform global
Set the Skupper platform.
- Default
- kubernetes
- Choices:: kubernetes
- Kubernetes
- docker
- Docker
- podman
- Podman
- linux
- Linux
See also: Platform concept
--help global
Display help and exit.
Errors
A site resource already exists
There is already a site resource defined for the namespace.
20.1.4.1.3. Site update command Copy linkLink copied to clipboard!
skupper site update [name] [options]
skupper site update [name] [options]
Change site settings.
Field | Value |
---|---|
Platforms | Kubernetes, Docker, Podman, Linux |
Waits for | Ready |
Examples
Primary options
[name] optional
The name of the site resource.
If not specified, the name is that of the site associated with the current namespace.
See also: Kubernetes object names
--enable-link-access frequently used
Allow external access for links from remote sites.
Sites and links are the basis for creating application networks. In a simple two-site network, at least one of the sites must have link access enabled.
See also: Link concept, Site linking
--link-access-type
Configure external access for links from remote sites.
Sites and links are the basis for creating application networks. In a simple two-site network, at least one of the sites must have link access enabled.
- Default
- default
- Choices:: default
-
Use the default link access. On OpenShift, the default is
route
. For other Kubernetes flavors, the default isloadbalancer
. - route
- Use an OpenShift route. OpenShift only.
- loadbalancer
- Use a Kubernetes load balancer. Kubernetes only.
- Platforms:: Kubernetes Updatable
- True See also: Site linking
--enable-ha
Configure the site for high availability (HA). HA sites have two active routers.
Note that Skupper routers are stateless, and they restart after failure. This already provides a high level of availability. Enabling HA goes further and reduces the window of downtime caused by restarts.
- Default
- False Platforms:: Kubernetes Updatable:: True See also: High availability
--timeout
Raise an error if the operation does not complete in the given period of time.
- Default
- 60s
- Platforms
- Kubernetes
--wait
Wait for the given status before exiting.
- Default
- ready
- Choices:: none
- Do not wait
- configured
- Configured
- ready
- Ready
- Platforms
- Kubernetes See also: Resource status
Global options
--context global
Set the kubeconfig context.
- Platforms
- Kubernetes See also: Kubernetes kubeconfigs
--kubeconfig global
Set the path to the kubeconfig file.
- Platforms
- Kubernetes See also: Kubernetes kubeconfigs
--namespace global
Set the current namespace.
See also: Kubernetes namespaces, System namespaces
--platform global
Set the Skupper platform.
- Default
- kubernetes
- Choices:: kubernetes
- Kubernetes
- docker
- Docker
- podman
- Podman
- linux
- Linux
See also: Platform concept
--help global
Display help and exit.
Errors
No site resource exists
There is no existing Skupper site resource to update.
20.1.4.1.4. Site delete command Copy linkLink copied to clipboard!
skupper site delete [name] [options]
skupper site delete [name] [options]
Delete a site.
Field | Value |
---|---|
Platforms | Kubernetes, Docker, Podman, Linux |
Waits for | Deletion |
Examples
Primary options
[name] optional
The name of the site resource.
If not specified, the name is that of the site associated with the current namespace.
See also: Kubernetes object names
--all frequently used
In addition the site resource, delete all of the Skupper resources associated with the site in the current namespace.
--timeout
Raise an error if the operation does not complete in the given period of time.
- Default
- 60s
- Platforms
- Kubernetes
--wait
Wait for deletion to complete before exiting.
- Default
- true Platforms:: Kubernetes
Global options
--context global
Set the kubeconfig context.
- Platforms
- Kubernetes See also: Kubernetes kubeconfigs
--kubeconfig global
Set the path to the kubeconfig file.
- Platforms
- Kubernetes See also: Kubernetes kubeconfigs
--namespace global
Set the current namespace.
See also: Kubernetes namespaces, System namespaces
--platform global
Set the Skupper platform.
- Default
- kubernetes
- Choices:: kubernetes
- Kubernetes
- docker
- Docker
- podman
- Podman
- linux
- Linux
See also: Platform concept
--help global
Display help and exit.
Errors
No site resource exists
There is no existing Skupper site resource to delete.
20.1.4.1.5. Site status command Copy linkLink copied to clipboard!
skupper site status [name] [options]
skupper site status [name] [options]
Display the status of a site.
Field | Value |
---|---|
Platforms | Kubernetes, Docker, Podman, Linux |
Examples
Show the status of the current site skupper site status
# Show the status of the current site
$ skupper site status
Name: west
Status: Ready
Message: -
Primary options
[name] optional
The name of the site resource.
If not specified, the name is that of the site associated with the current namespace.
See also: Kubernetes object names
--timeout
Raise an error if the operation does not complete in the given period of time.
- Default
- 60s
- Platforms
- Kubernetes See also: Duration format
--output
Print status to the console in a structured output format.
- Choices
- json:: Produce JSON output
- yaml
- Produce YAML output
Global options
--context global
Set the kubeconfig context.
- Platforms
- Kubernetes See also: Kubernetes kubeconfigs
--kubeconfig global
Set the path to the kubeconfig file.
- Platforms
- Kubernetes See also: Kubernetes kubeconfigs
--namespace global
Set the current namespace.
See also: Kubernetes namespaces, System namespaces
--platform global
Set the Skupper platform.
- Default
- kubernetes
- Choices:: kubernetes
- Kubernetes
- docker
- Docker
- podman
- Podman
- linux
- Linux
See also: Platform concept
--help global
Display help and exit.
20.1.4.1.6. Site generate command Copy linkLink copied to clipboard!
skupper site generate <name> [options]
skupper site generate <name> [options]
Generate a Site resource.
Field | Value |
---|---|
Platforms | Kubernetes, Docker, Podman, Linux |
Examples
Primary options
<name> required
The name of the resource to be generated.
See also: Kubernetes object names
--enable-link-access frequently used
Allow external access for links from remote sites.
Sites and links are the basis for creating application networks. In a simple two-site network, at least one of the sites must have link access enabled.
See also: Link concept, Site linking
--output
Select the output format.
- Default
- yaml
- Choices:: json
- Produce JSON output
- yaml
- Produce YAML output
--link-access-type
Configure external access for links from remote sites.
Sites and links are the basis for creating application networks. In a simple two-site network, at least one of the sites must have link access enabled.
- Default
- default
- Choices:: default
-
Use the default link access. On OpenShift, the default is
route
. For other Kubernetes flavors, the default isloadbalancer
. - route
- Use an OpenShift route. OpenShift only.
- loadbalancer
- Use a Kubernetes load balancer. Kubernetes only.
- Platforms:: Kubernetes Updatable
- True See also: Site linking
--enable-ha
Configure the site for high availability (HA). HA sites have two active routers.
Note that Skupper routers are stateless, and they restart after failure. This already provides a high level of availability. Enabling HA goes further and reduces the window of downtime caused by restarts.
- Default
- False Platforms:: Kubernetes Updatable:: True See also: High availability
Global options
--platform global
Set the Skupper platform.
- Default
- kubernetes
- Choices:: kubernetes
- Kubernetes
- docker
- Docker
- podman
- Podman
- linux
- Linux
See also: Platform concept
--help global
Display help and exit.
20.1.5. CLI Group: Site linking Copy linkLink copied to clipboard!
20.1.5.1. Using Token Copy linkLink copied to clipboard!
20.1.5.1.1. Token command Copy linkLink copied to clipboard!
skupper token [subcommand] [options]
skupper token [subcommand] [options]
Field | Value |
---|---|
Platforms | Kubernetes, Docker, Podman, Linux |
Command | Description |
---|---|
Issue a token file redeemable for a link to the current site | |
Redeem a token file in order to create a link to a remote site |
20.1.5.1.2. Token issue command Copy linkLink copied to clipboard!
skupper token issue <file> [options]
skupper token issue <file> [options]
Issue a token file redeemable for a link to the current site.
This command first creates an access grant in order to issue the token.
Issuing a token requires a site with link access enabled. The command waits for the site to enter the ready state before producing the token.
Field | Value |
---|---|
Platforms | Kubernetes |
Waits for | Ready |
Examples
Primary options
<file> required
The name of the token file to create.
- Platforms
- Kubernetes, Docker, Podman, Linux
--timeout
Raise an error if the operation does not complete in the given period of time.
- Default
- 60s
- Platforms
- Kubernetes, Docker, Podman, Linux
--expiration-window
The period of time in which an access token for this grant can be redeemed.
- Default
- 15m
- Platforms
- Kubernetes, Docker, Podman, Linux
--redemptions-allowed
The number of times an access token for this grant can be redeemed.
- Default
- 1 Platforms:: Kubernetes, Docker, Podman, Linux
--grant advanced
Use the named access grant instead of creating a new one.
- Platforms
- Kubernetes, Docker, Podman, Linux
Global options
--context global
Set the kubeconfig context.
See also: Kubernetes kubeconfigs
--kubeconfig global
Set the path to the kubeconfig file.
See also: Kubernetes kubeconfigs
--namespace global
Set the current namespace.
- Platforms
- Kubernetes, Docker, Podman, Linux See also: Kubernetes namespaces, System namespaces
--platform global
Set the Skupper platform.
- Default
- kubernetes
- Choices:: kubernetes
- Kubernetes
- docker
- Docker
- podman
- Podman
- linux
- Linux
- Platforms
- Kubernetes, Docker, Podman, Linux See also: Platform concept
--help global
Display help and exit.
- Platforms
- Kubernetes, Docker, Podman, Linux
Errors
Link access is not enabled
Link access at this site is not currently enabled. You can use "skupper site update --enable-link-access" to enable it.
20.1.5.1.3. Token redeem command Copy linkLink copied to clipboard!
skupper token redeem <file> [options]
skupper token redeem <file> [options]
Redeem a token file in order to create a link to a remote site.
Field | Value |
---|---|
Platforms | Kubernetes, Docker, Podman, Linux |
Examples
Redeem an access token skupper token redeem ~/token.yaml
# Redeem an access token
$ skupper token redeem ~/token.yaml
Waiting for status...
Link "west-6bfn6" is active.
You can now safely delete /home/fritz/token.yaml.
Primary options
<file> required
The name of the token file to use.
--timeout
Raise an error if the operation does not complete in the given period of time.
- Default
- 60s
--link-cost
The link cost to use when creating the link.
- Default
- 1 See also: Load balancing
Global options
--context global
Set the kubeconfig context.
- Platforms
- Kubernetes See also: Kubernetes kubeconfigs
--kubeconfig global
Set the path to the kubeconfig file.
- Platforms
- Kubernetes See also: Kubernetes kubeconfigs
--namespace global
Set the current namespace.
See also: Kubernetes namespaces, System namespaces
--platform global
Set the Skupper platform.
- Default
- kubernetes
- Choices:: kubernetes
- Kubernetes
- docker
- Docker
- podman
- Podman
- linux
- Linux
See also: Platform concept
--help global
Display help and exit.
20.1.5.2. Using Link Copy linkLink copied to clipboard!
20.1.5.2.1. Link command Copy linkLink copied to clipboard!
skupper link [subcommand] [options]
skupper link [subcommand] [options]
Field | Value |
---|---|
Platforms | Kubernetes, Docker, Podman, Linux |
Command | Description |
---|---|
Change link settings | |
Delete a link | |
Display the status of links in the current site | |
Generate a Link resource for use in a remote site |
20.1.5.2.2. Link update command Copy linkLink copied to clipboard!
skupper link update <name> [options]
skupper link update <name> [options]
Change link settings.
Field | Value |
---|---|
Platforms | Kubernetes, Docker, Podman, Linux |
Waits for | Ready |
Examples
Change the link cost skupper link update west-6bfn6 --cost 10
# Change the link cost
$ skupper link update west-6bfn6 --cost 10
Waiting for status...
Link "west-6bfn6" is ready.
Primary options
<name> required
The name of the resource to be updated.
See also: Kubernetes object names
--cost
The configured routing cost of sending traffic over the link.
- Default
- 1 See also: Load balancing
--timeout
Raise an error if the operation does not complete in the given period of time.
- Default
- 60s
- Platforms
- Kubernetes
--wait
Wait for the given status before exiting.
- Default
- ready
- Choices:: none
- Do not wait
- configured
- Configured
- ready
- Ready
- Platforms
- Kubernetes See also: Resource status
Global options
--context global
Set the kubeconfig context.
- Platforms
- Kubernetes See also: Kubernetes kubeconfigs
--kubeconfig global
Set the path to the kubeconfig file.
- Platforms
- Kubernetes See also: Kubernetes kubeconfigs
--namespace global
Set the current namespace.
See also: Kubernetes namespaces, System namespaces
--platform global
Set the Skupper platform.
- Default
- kubernetes
- Choices:: kubernetes
- Kubernetes
- docker
- Docker
- podman
- Podman
- linux
- Linux
See also: Platform concept
--help global
Display help and exit.
20.1.5.2.3. Link delete command Copy linkLink copied to clipboard!
skupper link delete <name> [options]
skupper link delete <name> [options]
Delete a link.
Field | Value |
---|---|
Platforms | Kubernetes, Docker, Podman, Linux |
Waits for | Deletion |
Examples
Delete a link skupper link delete west-6bfn6
# Delete a link
$ skupper link delete west-6bfn6
Waiting for deletion...
Link "west-6bfn6" is deleted.
Primary options
<name> required
The name of the resource to be deleted.
See also: Kubernetes object names
--timeout
Raise an error if the operation does not complete in the given period of time.
- Default
- 60s
- Platforms
- Kubernetes
--wait
Wait for deletion to complete before exiting.
- Default
- true Platforms:: Kubernetes
Global options
--context global
Set the kubeconfig context.
- Platforms
- Kubernetes See also: Kubernetes kubeconfigs
--kubeconfig global
Set the path to the kubeconfig file.
- Platforms
- Kubernetes See also: Kubernetes kubeconfigs
--namespace global
Set the current namespace.
See also: Kubernetes namespaces, System namespaces
--platform global
Set the Skupper platform.
- Default
- kubernetes
- Choices:: kubernetes
- Kubernetes
- docker
- Docker
- podman
- Podman
- linux
- Linux
See also: Platform concept
--help global
Display help and exit.
20.1.5.2.4. Link status command Copy linkLink copied to clipboard!
skupper link status [name] [options]
skupper link status [name] [options]
Display the status of links in the current site.
Field | Value |
---|---|
Platforms | Kubernetes, Docker, Podman, Linux |
Examples
Primary options
[name] optional
An optional resource name. If set, the status command reports status for the named resource only.
See also: Kubernetes object names
--timeout
Raise an error if the operation does not complete in the given period of time.
- Default
- 60s
- Platforms
- Kubernetes See also: Duration format
--output
Print status to the console in a structured output format.
- Choices
- json:: Produce JSON output
- yaml
- Produce YAML output
Global options
--context global
Set the kubeconfig context.
- Platforms
- Kubernetes See also: Kubernetes kubeconfigs
--kubeconfig global
Set the path to the kubeconfig file.
- Platforms
- Kubernetes See also: Kubernetes kubeconfigs
--namespace global
Set the current namespace.
See also: Kubernetes namespaces, System namespaces
--platform global
Set the Skupper platform.
- Default
- kubernetes
- Choices:: kubernetes
- Kubernetes
- docker
- Docker
- podman
- Podman
- linux
- Linux
See also: Platform concept
--help global
Display help and exit.
20.1.5.2.5. Link generate command Copy linkLink copied to clipboard!
skupper link generate [name] [options]
skupper link generate [name] [options]
Generate a Link resource for use in a remote site.
Generating a link requires a site with link access enabled. The command waits for the site to enter the ready state before producing the link.
Field | Value |
---|---|
Platforms | Kubernetes, Docker, Podman, Linux |
Waits for | Site resource ready |
Examples
Primary options
[name] optional
The name of the resource to be generated. A name is generated if none is provided.
See also: Kubernetes object names
--cost
The configured routing cost of sending traffic over the link.
- Default
- 1 See also: Load balancing
--output
Select the output format.
- Default
- yaml
- Choices:: json
- Produce JSON output
- yaml
- Produce YAML output
Global options
--context global
Set the kubeconfig context.
- Platforms
- Kubernetes See also: Kubernetes kubeconfigs
--kubeconfig global
Set the path to the kubeconfig file.
- Platforms
- Kubernetes See also: Kubernetes kubeconfigs
--namespace global
Set the current namespace.
See also: Kubernetes namespaces, System namespaces
--platform global
Set the Skupper platform.
- Default
- kubernetes
- Choices:: kubernetes
- Kubernetes
- docker
- Docker
- podman
- Podman
- linux
- Linux
See also: Platform concept
--help global
Display help and exit.
20.1.6. CLI Group: Service exposure Copy linkLink copied to clipboard!
20.1.6.1. Using Listener Copy linkLink copied to clipboard!
20.1.6.1.1. Listener command Copy linkLink copied to clipboard!
skupper listener [subcommand] [options]
skupper listener [subcommand] [options]
Field | Value |
---|---|
Platforms | Kubernetes, Docker, Podman, Linux |
Command | Description |
---|---|
Create a listener | |
Update a listener | |
Delete a listener | |
Display the status of listeners in the current site | |
Generate a Listener resource |
20.1.6.1.2. Listener create command Copy linkLink copied to clipboard!
skupper listener create <name> <port> [options]
skupper listener create <name> <port> [options]
Create a listener.
Field | Value |
---|---|
Platforms | Kubernetes, Docker, Podman, Linux |
Waits for | Configured |
Examples
Primary options
<name> required
The name of the resource to be created.
The name is the default routing key and host if the --routing-key
and --host
options are not specified.
See also: Kubernetes object names
<port> required
The port of the local listener. Clients at this site use the listener host and port to establish connections to the remote service.
- Updatable
- True
--routing-key frequently used
The identifier used to route traffic from listeners to connectors. To enable connecting to a service at a remote site, the local listener and the remote connector must have matching routing keys.
- Default
- Value of name
- Updatable
- True
--host frequently used
The hostname or IP address of the local listener. Clients at this site use the listener host and port to establish connections to the remote service.
- Default
- Value of name
- Updatable
- True
--wait
Wait for the given status before exiting.
- Default
- ready
- Choices:: none
- Do not wait.
- configured
- Wait until the configuration is applied.
- ready
- Wait until the resource is ready to use.
- Platforms
- Kubernetes See also: Resource status
--timeout
Raise an error if the operation does not complete in the given period of time.
- Default
- 60s
- Platforms
- Kubernetes See also: Duration format
Global options
--context global
Set the kubeconfig context.
- Platforms
- Kubernetes See also: Kubernetes kubeconfigs
--kubeconfig global
Set the path to the kubeconfig file.
- Platforms
- Kubernetes See also: Kubernetes kubeconfigs
--namespace global
Set the current namespace.
See also: Kubernetes namespaces, System namespaces
--platform global
Set the Skupper platform.
- Default
- kubernetes
- Choices:: kubernetes
- Kubernetes
- docker
- Docker
- podman
- Podman
- linux
- Linux
See also: Platform concept
--help global
Display help and exit.
20.1.6.1.3. Listener update command Copy linkLink copied to clipboard!
skupper listener update <name> [options]
skupper listener update <name> [options]
Update a listener.
Field | Value |
---|---|
Platforms | Kubernetes, Docker, Podman, Linux |
Waits for | Configured |
Examples
Primary options
<name> required
The name of the resource to be updated.
See also: Kubernetes object names
--host frequently used
The hostname or IP address of the local listener. Clients at this site use the listener host and port to establish connections to the remote service.
- Default
- Value of name
- Updatable
- True
--port frequently used
The port of the local listener. Clients at this site use the listener host and port to establish connections to the remote service.
- Updatable
- True
--routing-key frequently used
The identifier used to route traffic from listeners to connectors. To enable connecting to a service at a remote site, the local listener and the remote connector must have matching routing keys.
- Default
- Value of name
- Updatable
- True
--wait
Wait for the given status before exiting.
- Default
- ready
- Choices:: none
- Do not wait
- configured
- Configured
- ready
- Ready
- Platforms
- Kubernetes See also: Resource status
--timeout
Raise an error if the operation does not complete in the given period of time.
- Default
- 60s
- Platforms
- Kubernetes
Global options
--context global
Set the kubeconfig context.
- Platforms
- Kubernetes See also: Kubernetes kubeconfigs
--kubeconfig global
Set the path to the kubeconfig file.
- Platforms
- Kubernetes See also: Kubernetes kubeconfigs
--namespace global
Set the current namespace.
See also: Kubernetes namespaces, System namespaces
--platform global
Set the Skupper platform.
- Default
- kubernetes
- Choices:: kubernetes
- Kubernetes
- docker
- Docker
- podman
- Podman
- linux
- Linux
See also: Platform concept
--help global
Display help and exit.
20.1.6.1.4. Listener delete command Copy linkLink copied to clipboard!
skupper listener delete <name> [options]
skupper listener delete <name> [options]
Delete a listener.
Field | Value |
---|---|
Platforms | Kubernetes, Docker, Podman, Linux |
Waits for | Deletion |
Examples
Delete a listener skupper listener delete database
# Delete a listener
$ skupper listener delete database
Waiting for deletion...
Listener "database" is deleted.
Primary options
<name> required
The name of the resource to be deleted.
See also: Kubernetes object names
--timeout
Raise an error if the operation does not complete in the given period of time.
- Default
- 60s
- Platforms
- Kubernetes
--wait
Wait for deletion to complete before exiting.
- Default
- true Platforms:: Kubernetes
Global options
--context global
Set the kubeconfig context.
- Platforms
- Kubernetes See also: Kubernetes kubeconfigs
--kubeconfig global
Set the path to the kubeconfig file.
- Platforms
- Kubernetes See also: Kubernetes kubeconfigs
--namespace global
Set the current namespace.
See also: Kubernetes namespaces, System namespaces
--platform global
Set the Skupper platform.
- Default
- kubernetes
- Choices:: kubernetes
- Kubernetes
- docker
- Docker
- podman
- Podman
- linux
- Linux
See also: Platform concept
--help global
Display help and exit.
20.1.6.1.5. Listener status command Copy linkLink copied to clipboard!
skupper listener status [name] [options]
skupper listener status [name] [options]
Display the status of listeners in the current site.
Field | Value |
---|---|
Platforms | Kubernetes, Docker, Podman, Linux |
Examples
Primary options
[name] optional
An optional resource name. If set, the status command reports status for the named resource only.
See also: Kubernetes object names
--timeout
Raise an error if the operation does not complete in the given period of time.
- Default
- 60s
- Platforms
- Kubernetes See also: Duration format
--output
Print status to the console in a structured output format.
- Choices
- json:: Produce JSON output
- yaml
- Produce YAML output
Global options
--context global
Set the kubeconfig context.
- Platforms
- Kubernetes See also: Kubernetes kubeconfigs
--kubeconfig global
Set the path to the kubeconfig file.
- Platforms
- Kubernetes See also: Kubernetes kubeconfigs
--namespace global
Set the current namespace.
See also: Kubernetes namespaces, System namespaces
--platform global
Set the Skupper platform.
- Default
- kubernetes
- Choices:: kubernetes
- Kubernetes
- docker
- Docker
- podman
- Podman
- linux
- Linux
See also: Platform concept
--help global
Display help and exit.
20.1.6.1.6. Listener generate command Copy linkLink copied to clipboard!
skupper listener generate <name> <port> [options]
skupper listener generate <name> <port> [options]
Generate a Listener resource.
Field | Value |
---|---|
Platforms | Kubernetes, Docker, Podman, Linux |
Examples
Primary options
<name> required
The name of the resource to be generated.
See also: Kubernetes object names
<port> required
The port of the local listener. Clients at this site use the listener host and port to establish connections to the remote service.
- Updatable
- True
--routing-key frequently used
The identifier used to route traffic from listeners to connectors. To enable connecting to a service at a remote site, the local listener and the remote connector must have matching routing keys.
- Default
- Value of name
- Updatable
- True
--host frequently used
The hostname or IP address of the local listener. Clients at this site use the listener host and port to establish connections to the remote service.
- Default
- Value of name
- Updatable
- True
--wait
Wait for the given status before exiting.
- Default
- configured
- Choices:: none
- Do not wait
- configured
- Configured
- ready
- Ready
--output
Select the output format.
- Default
- yaml
- Choices:: json
- Produce JSON output
- yaml
- Produce YAML output
Global options
--platform global
Set the Skupper platform.
- Default
- kubernetes
- Choices:: kubernetes
- Kubernetes
- docker
- Docker
- podman
- Podman
- linux
- Linux
See also: Platform concept
--help global
Display help and exit.
20.1.6.2. Using Connector Copy linkLink copied to clipboard!
20.1.6.2.1. Connector command Copy linkLink copied to clipboard!
skupper connector [subcommand] [options]
skupper connector [subcommand] [options]
Field | Value |
---|---|
Platforms | Kubernetes, Docker, Podman, Linux |
Command | Description |
---|---|
Create a connector | |
Update a connector | |
Delete a connector | |
Display the status of connectors in the current site | |
Generate a Connector resource |
20.1.6.2.2. Connector create command Copy linkLink copied to clipboard!
skupper connector create <name> <port> [options]
skupper connector create <name> <port> [options]
Create a connector.
Field | Value |
---|---|
Platforms | Kubernetes, Docker, Podman, Linux |
Waits for | Configured |
Examples
Primary options
<name> required
The name of the resource to be created.
The name is the default routing key if the --routing-key
option is not specified. On Kubernetes, the name defines the default pod selector if the --selector
and --workload
options are not specified.
See also: Kubernetes object names
<port> required
The port on the target server to connect to.
- Updatable
- True
--routing-key frequently used
The identifier used to route traffic from listeners to connectors. To expose a local workload to a remote site, the remote listener and the local connector must have matching routing keys.
- Default
- Value of name
- Updatable
- True
--workload frequently used
A Kubernetes resource name that identifies a workload. It uses <resource-type>/<resource-name>
syntax and resolves to an equivalent pod selector.
This is an alternative to setting the --selector
or --host
options.
- Platforms
- Kubernetes See also: Kubernetes workloads
--selector
A Kubernetes label selector for specifying target server pods. It uses <label-name>=<label-value>
syntax.
This is an alternative to setting the --workload
or --host
options.
- Default
- app=[value-of-name]
- Platforms:: Kubernetes Updatable
- True See also: Kubernetes label selectors
--host
The hostname or IP address of the server. This is an alternative to selector
for specifying the target server.
This is an alternative to setting the --selector
or --workload
options.
- Default
-
On Kubernetes: Value of name + On Docker, Podman, and Linux:
localhost
- Updatable
- True
--wait
Wait for the given status before exiting.
- Default
- ready
- Choices:: none
- Do not wait.
- configured
- Wait until the configuration is applied.
- ready
- Wait until the resource is ready to use.
- Platforms
- Kubernetes See also: Resource status
--timeout
Raise an error if the operation does not complete in the given period of time.
- Default
- 60s
- Platforms
- Kubernetes See also: Duration format
Global options
--context global
Set the kubeconfig context.
- Platforms
- Kubernetes See also: Kubernetes kubeconfigs
--kubeconfig global
Set the path to the kubeconfig file.
- Platforms
- Kubernetes See also: Kubernetes kubeconfigs
--namespace global
Set the current namespace.
See also: Kubernetes namespaces, System namespaces
--platform global
Set the Skupper platform.
- Default
- kubernetes
- Choices:: kubernetes
- Kubernetes
- docker
- Docker
- podman
- Podman
- linux
- Linux
See also: Platform concept
--help global
Display help and exit.
20.1.6.2.3. Connector update command Copy linkLink copied to clipboard!
skupper connector update <name> <port> [options]
skupper connector update <name> <port> [options]
Update a connector.
Field | Value |
---|---|
Platforms | Kubernetes, Docker, Podman, Linux |
Waits for | Configured |
Examples
Primary options
<name> required
The name of the resource to be updated.
See also: Kubernetes object names
<port> required
The port on the target server to connect to.
- Updatable
- True
--routing-key frequently used
The identifier used to route traffic from listeners to connectors. To expose a local workload to a remote site, the remote listener and the local connector must have matching routing keys.
- Default
- Value of name
- Updatable
- True
--workload frequently used
A Kubernetes resource name that identifies a workload. It uses <resource-type>/<resource-name>
syntax and resolves to an equivalent pod selector.
This is an alternative to setting the --selector
or --host
options.
- Platforms
- Kubernetes See also: Kubernetes workloads
--selector
A Kubernetes label selector for specifying target server pods. It uses <label-name>=<label-value>
syntax.
This is an alternative to setting the --workload
or --host
options.
- Default
- app=[value-of-name]
- Platforms:: Kubernetes Updatable
- True See also: Kubernetes label selectors
--host
The hostname or IP address of the server. This is an alternative to selector
for specifying the target server.
This is an alternative to setting the --selector
or --workload
options.
- Default
-
On Kubernetes: Value of name + On Docker, Podman, and Linux:
localhost
- Updatable
- True
--wait
Wait for the given status before exiting.
- Default
- ready
- Choices:: none
- Do not wait
- configured
- Configured
- ready
- Ready
- Platforms
- Kubernetes See also: Resource status
--timeout
Raise an error if the operation does not complete in the given period of time.
- Default
- 60s
- Platforms
- Kubernetes
Global options
--context global
Set the kubeconfig context.
- Platforms
- Kubernetes See also: Kubernetes kubeconfigs
--kubeconfig global
Set the path to the kubeconfig file.
- Platforms
- Kubernetes See also: Kubernetes kubeconfigs
--namespace global
Set the current namespace.
See also: Kubernetes namespaces, System namespaces
--platform global
Set the Skupper platform.
- Default
- kubernetes
- Choices:: kubernetes
- Kubernetes
- docker
- Docker
- podman
- Podman
- linux
- Linux
See also: Platform concept
--help global
Display help and exit.
20.1.6.2.4. Connector delete command Copy linkLink copied to clipboard!
skupper connector delete <name> [options]
skupper connector delete <name> [options]
Delete a connector.
Field | Value |
---|---|
Platforms | Kubernetes, Docker, Podman, Linux |
Waits for | Deletion |
Examples
Delete a connector skupper connector delete database
# Delete a connector
$ skupper connector delete database
Waiting for deletion...
Connector "database" is deleted.
Primary options
<name> required
The name of the resource to be deleted.
See also: Kubernetes object names
--timeout
Raise an error if the operation does not complete in the given period of time.
- Default
- 60s
- Platforms
- Kubernetes
--wait
Wait for deletion to complete before exiting.
- Default
- true Platforms:: Kubernetes
Global options
--context global
Set the kubeconfig context.
- Platforms
- Kubernetes See also: Kubernetes kubeconfigs
--kubeconfig global
Set the path to the kubeconfig file.
- Platforms
- Kubernetes See also: Kubernetes kubeconfigs
--namespace global
Set the current namespace.
See also: Kubernetes namespaces, System namespaces
--platform global
Set the Skupper platform.
- Default
- kubernetes
- Choices:: kubernetes
- Kubernetes
- docker
- Docker
- podman
- Podman
- linux
- Linux
See also: Platform concept
--help global
Display help and exit.
20.1.6.2.5. Connector status command Copy linkLink copied to clipboard!
skupper connector status [name] [options]
skupper connector status [name] [options]
Display the status of connectors in the current site.
Field | Value |
---|---|
Platforms | Kubernetes, Docker, Podman, Linux |
Examples
Primary options
[name] optional
An optional resource name. If set, the status command reports status for the named resource only.
See also: Kubernetes object names
--timeout
Raise an error if the operation does not complete in the given period of time.
- Default
- 60s
- Platforms
- Kubernetes See also: Duration format
--output
Print status to the console in a structured output format.
- Choices
- json:: Produce JSON output
- yaml
- Produce YAML output
Global options
--context global
Set the kubeconfig context.
- Platforms
- Kubernetes See also: Kubernetes kubeconfigs
--kubeconfig global
Set the path to the kubeconfig file.
- Platforms
- Kubernetes See also: Kubernetes kubeconfigs
--namespace global
Set the current namespace.
See also: Kubernetes namespaces, System namespaces
--platform global
Set the Skupper platform.
- Default
- kubernetes
- Choices:: kubernetes
- Kubernetes
- docker
- Docker
- podman
- Podman
- linux
- Linux
See also: Platform concept
--help global
Display help and exit.
20.1.6.2.6. Connector generate command Copy linkLink copied to clipboard!
skupper connector generate <name> <port> [options]
skupper connector generate <name> <port> [options]
Generate a Connector resource.
Field | Value |
---|---|
Platforms | Kubernetes, Docker, Podman, Linux |
Examples
Primary options
<name> required
The name of the resource to be generated.
See also: Kubernetes object names
<port> required
The port on the target server to connect to.
- Updatable
- True
--routing-key frequently used
The identifier used to route traffic from listeners to connectors. To expose a local workload to a remote site, the remote listener and the local connector must have matching routing keys.
- Default
- Value of name
- Updatable
- True
--workload frequently used
A Kubernetes resource name that identifies a workload. It uses <resource-type>/<resource-name>
syntax and resolves to an equivalent pod selector.
This is an alternative to setting the --selector
or --host
options.
- Platforms
- Kubernetes See also: Kubernetes workloads
--selector
A Kubernetes label selector for specifying target server pods. It uses <label-name>=<label-value>
syntax.
This is an alternative to setting the --workload
or --host
options.
- Default
- app=[value-of-name]
- Platforms:: Kubernetes Updatable
- True See also: Kubernetes label selectors
--host
The hostname or IP address of the server. This is an alternative to selector
for specifying the target server.
This is an alternative to setting the --selector
or --workload
options.
- Default
-
On Kubernetes: Value of name + On Docker, Podman, and Linux:
localhost
- Updatable
- True
--wait
Wait for the given status before exiting.
- Default
- configured
- Choices:: none
- Do not wait
- configured
- Configured
- ready
- Ready
--output
Select the output format.
- Default
- yaml
- Choices:: json
- Produce JSON output
- yaml
- Produce YAML output
Global options
--platform global
Set the Skupper platform.
- Default
- kubernetes
- Choices:: kubernetes
- Kubernetes
- docker
- Docker
- podman
- Podman
- linux
- Linux
See also: Platform concept
--help global
Display help and exit.
20.1.7. CLI Group: Other operations Copy linkLink copied to clipboard!
20.1.7.1. Using Version Copy linkLink copied to clipboard!
20.1.7.1.1. Version command Copy linkLink copied to clipboard!
skupper version [options]
skupper version [options]
Display versions of Skupper components.
Field | Value |
---|---|
Platforms | Kubernetes, Docker, Podman, Linux |
Examples
Primary options
--output
Produce verbose structured output.
- Choices
- json:: Produce JSON output
- yaml
- Produce YAML output
Global options
--context global
Set the kubeconfig context.
- Platforms
- Kubernetes See also: Kubernetes kubeconfigs
--kubeconfig global
Set the path to the kubeconfig file.
- Platforms
- Kubernetes See also: Kubernetes kubeconfigs
--namespace global
Set the current namespace.
See also: Kubernetes namespaces, System namespaces
--platform global
Set the Skupper platform.
- Default
- kubernetes
- Choices:: kubernetes
- Kubernetes
- docker
- Docker
- podman
- Podman
- linux
- Linux
See also: Platform concept
--help global
Display help and exit.