Este contenido no está disponible en el idioma seleccionado.

Chapter 20. Service Interconnect reference


20.1. Reference

20.1.1. Skupper concepts

20.1.1.1. Site concept

A site is a place on the network where application workloads are running. Sites are joined by links.

A site is associated with one platform and one network. Each site has zero or more workloads and zero or more links.

Sites operate on multiple platforms. One site corresponds to one namespace in a platform instance. Sites can be added to a network and removed from a network dynamically.

Each site has a Skupper router which is responsible for communicating with the local workloads and forwarding traffic to routers in remote sites.

20.1.1.2. Workload concept

A workload is a set of processes running on a platform. A process is a pod, container, or system process. Workloads in a site are exposed as services on the network using connectors.

A platform has zero or more workloads. A site also has zero or more workloads. Each workload has zero or more processes and zero or more connectors.

A workload implements one part of an application by providing a network interface (for example, an API) that other parts of the application use. A workload can be both a client and a server.

On Kubernetes, a workload is a Deployment, StatefulSet, or DaemonSet. On Docker or Podman, a workload is a set of containers. On Linux, a workload is a set of system processes.

20.1.1.3. Platform concept

A platform is a system for running application workloads. A platform hosts sites. Skupper supports Kubernetes, Docker, Podman, and Linux. Each site in a network can run on any supported platform.

Platforms provide namespaces for related workloads and resources. Skupper uses namespaces to host multiple independent sites on one instance of a platform. Each site on a platform can belong to a distinct application network.

A platform has zero or more namespaces. Each namespace is associated with zero or more workloads. A namespace may be associated with a site.

20.1.1.4. Network concept

A network is a set of sites joined by links. A Skupper network is also known as an application network or virtual application network (VAN).

A network has one or more sites. Each site belongs to only one network.

Each site in the network can expose services to other sites in the network. In turn, each site in the network can access those exposed services. Each network is meant for one distributed application. This provides isolation from other applications and networks.

20.1.1.6. Access token concept

An access token is a short-lived credential used to create a link. An access token contains the URL and secret code of a corresponding access grant.

Access tokens are issued from access grants. A grant issues zero or more tokens. Tokens are redeemed for links.

Access tokens have limited redemptions and limited lifespans. By default, they can be redeemed only once, and they expire 15 minutes after being issued. You can set custom limits by configuring the access grant.

  • A site wishing to accept a link (site 1) creates an access grant.
  • It uses the access grant to issue a corresponding access token and transfers it to a remote site (site 2).
  • Site 2 submits the access token to site 1 for redemption.
  • If the token is valid, site 1 sends site 2 the TLS host, port, and credentials required to create a link to site 1.

20.1.1.7. Listener concept

A listener binds a local connection endpoint to connectors in remote sites. Listeners and connectors are matched using routing keys.

A site has zero or more listeners. Each listener has an associated connection endpoint and routing key. The connection endpoint exposes a host and port for accepting connections from local clients. The routing key is a string identifier that binds the listener to connectors in remote sites.

On Kubernetes, a listener is implemented as a Service. On Docker, Podman, and Linux, it is a listening socket bound to a local network interface.

Skupper routers forward client connections across the network from listeners to connectors with matching routing keys. The connectors then forward the client connections to the workload servers.

20.1.1.8. Connector concept

A connector binds a local workload to listeners in remote sites. Listeners and connectors are matched using routing keys.

A site has zero or more connectors. Each connector has an associated workload and routing key. The workload can be specified as a Kubernetes pod selector or as the host and port of a local network service. The routing key is a string identifier that binds the connector to listeners in remote sites.

On Kubernetes, the workload is usually specified using a pod selector. On Docker, Podman, and Linux, it is specified using a host and port.

Skupper routers forward client connections across the network from listeners to connectors with matching routing keys. The connectors then forward the client connections to the workload servers.

20.1.1.9. Routing key concept

A routing key is a string identifier for matching listeners and connectors.

A routing key has zero or more listeners and zero or more connectors. A service is exposed on the application network when it has at least one listener and one connector, matched by routing key.

20.1.1.10. Application concept

An application is a set of components that work together. A Skupper network is dedicated to one application.

An application has one or more components.

20.1.1.11. Component concept

A component is a logical part of an application. Each component has a set of responsibilities in achieving the goals of the application. Components provide and require interfaces such as REST APIs or database listeners. A component is implemented by workloads.

An application has one or more components. Each component provides and requires zero or more interfaces. Each component is implemented by zero or more workloads.

20.1.2. Skupper resources

20.1.2.1. Site resource

A site is a place on the network where application workloads are running. Sites are joined by links.

The Site resource is the basis for site configuration. It is the parent of all Skupper resources in its namespace. There can be only one active Site resource per namespace.

Examples

A minimal site:

apiVersion: skupper.io/v2alpha1
kind: Site
metadata:
  name: east
  namespace: hello-world-east
Copy to Clipboard Toggle word wrap

A site configured to accept links:

apiVersion: skupper.io/v2alpha1
kind: Site
metadata:
  name: west
  namespace: hello-world-west
spec:
  linkAccess: default
Copy to Clipboard Toggle word wrap

name Type: string

The name of the resource.

See also: Kubernetes object names

namespace Type: string

The namespace of the resource.

See also: Platform concept, Kubernetes namespaces, System namespaces

linkAccess Type: string

Configure external access for links from remote sites.

Sites and links are the basis for creating application networks. In a simple two-site network, at least one of the sites must have link access enabled.

Default
none
Choices:: none
No linking to this site is permitted.
default
Use the default link access for the current platform. On OpenShift, the default is route. For other Kubernetes flavors, the default is loadbalancer.
route
Use an OpenShift route. OpenShift only.
loadbalancer
Use a Kubernetes load balancer.
Updatable
True See also: Link concept, Site linking

ha Type: boolean

Configure the site for high availability (HA). HA sites have two active routers.

Note that Skupper routers are stateless, and they restart after failure. This already provides a high level of availability. Enabling HA goes further and reduces the window of downtime caused by restarts.

Default
False Updatable:: True See also: High availability

defaultIssuer Type: string

The name of a Kubernetes secret containing the signing CA used to generate a certificate from a token. A secret is generated if none is specified.

This issuer is used by AccessGrant and RouterAccess if a specific issuer is not set.

Default
skupper-site-ca
Updatable
True See also: Router TLS, Kubernetes TLS secrets

edge Type: boolean

Configure the site to operate in edge mode. Edge sites cannot accept links from remote sites.

Edge mode can help you scale your network to large numbers of sites. However, for networks with 16 or fewer sites, there is little benefit.

Currently, edge sites cannot also have HA enabled.

Default
False See also: Large networks

serviceAccount Type: string

The name of the Kubernetes service account under which to run the Skupper router. A service account is generated if none is specified.

Default
Generated

See also: Kubernetes service accounts

settings Type: object

A map containing additional settings. Each map entry has a string name and a string value.

Note

In general, we recommend not changing settings from their default values.

  • routerDataConnections: Set the number of data connections the router uses when linking to other routers. + Default: Computed based on the number of router worker threads. Minimum 2.
  • routerLogging: Set the router logging level. + Default: info. Choices: info, warning, error.

See also: Resource settings

status Type: string

The current state of the resource.

  • Pending: The resource is being processed.
  • Error: There was an error processing the resource. See message for more information.
  • Ready: The resource is ready to use.

See also: Resource status

message Type: string

A human-readable status message. Error messages are reported here.

See also: Resource status

conditions Type: array

A set of named conditions describing the current state of the resource.

  • Configured: The output resources for this resource have been created.
  • Running: There is at least one router pod running.
  • Resolved: The hostname or IP address for link access is available.
  • Ready: The site is ready for use. All other conditions are true.

See also: Resource status, Kubernetes conditions

defaultIssuer Type: string

The name of the Kubernetes secret containing the active default signing CA.

See also: Router TLS, Kubernetes TLS secrets

endpoints Type: array

An array of connection endpoints. Each item has a name, host, port, and group.

These include connection endpoints for link access.

See also: Link concept, Site linking

20.1.2.3. Listener resource

A listener binds a local connection endpoint to connectors in remote sites. Listeners and connectors are matched by routing key.

A Listener resource specifies a host and port for accepting connections from local clients. To expose a multi-port service, create multiple listeners with the same host value.

Examples

A listener in site West for the Hello World backend service in site East:

apiVersion: skupper.io/v2alpha1
kind: Listener
metadata:
  name: backend
  namespace: hello-world-west
spec:
  routingKey: backend
  host: backend
  port: 8080
Copy to Clipboard Toggle word wrap

name Type: string

The name of the resource.

See also: Kubernetes object names

namespace Type: string

The namespace of the resource.

See also: Platform concept, Kubernetes namespaces, System namespaces

routingKey Type: string

The identifier used to route traffic from listeners to connectors. To enable connecting to a service at a remote site, the local listener and the remote connector must have matching routing keys.

Updatable
True See also: Routing key concept

host Type: string

The hostname or IP address of the local listener. Clients at this site use the listener host and port to establish connections to the remote service.

Updatable
True

port Type: integer

The port of the local listener. Clients at this site use the listener host and port to establish connections to the remote service.

Updatable
True

exposePodsByName Type: boolean

If true, expose each pod as an individual service.

Default
False See also: Individual pod services

tlsCredentials Type: string

The name of a bundle of TLS certificates used for secure client-to-router communication. The bundle contains the server certificate and key. It optionally includes the trusted client certificate (usually a CA) for mutual TLS.

On Kubernetes, the value is the name of a Secret in the current namespace. On Docker, Podman, and Linux, the value is the name of a directory under input/certs/ in the current namespace.

See also: Application TLS, Kubernetes TLS secrets, System TLS credentials

settings Type: object

A map containing additional settings. Each map entry has a string name and a string value.

Note

In general, we recommend not changing settings from their default values.

  • observer: Set the protocol observer used to generate traffic metrics. + Default: auto. Choices: auto, none, http1, http2.

See also: Resource settings

status Type: string

The current state of the resource.

  • Pending: The resource is being processed.
  • Error: There was an error processing the resource. See message for more information.
  • Ready: The resource is ready to use.

See also: Resource status

message Type: string

A human-readable status message. Error messages are reported here.

See also: Resource status

hasMatchingConnector Type: boolean

True if there is at least one connector with a matching routing key (usually in a remote site).

Default
False See also: Routing key concept

conditions Type: array

A set of named conditions describing the current state of the resource.

  • Configured: The listener configuration has been applied to the router.
  • Matched: There is at least one connector corresponding to this listener.
  • Ready: The listener is ready to use. All other conditions are true.

See also: Resource status, Kubernetes conditions

20.1.2.4. Connector resource

A connector binds a local workload to listeners in remote sites. Listeners and connectors are matched by routing key.

On Kubernetes, a Connector resource has a selector and port for specifying workload pods.

On Docker, Podman, and Linux, a Connector resource has a host and port for specifying a local server. Optionally, Kubernetes can also use a host and port.

Examples

A connector in site East for the Hello World backend service:

apiVersion: skupper.io/v2alpha1
kind: Connector
metadata:
  name: backend
  namespace: hello-world-east
spec:
  routingKey: backend
  selector: app=backend
  port: 8080
Copy to Clipboard Toggle word wrap

name Type: string

The name of the resource.

See also: Kubernetes object names

namespace Type: string

The namespace of the resource.

See also: Platform concept, Kubernetes namespaces, System namespaces

routingKey Type: string

The identifier used to route traffic from listeners to connectors. To expose a local workload to a remote site, the remote listener and the local connector must have matching routing keys.

Updatable
True See also: Routing key concept

port Type: integer

The port on the target server to connect to.

Updatable
True

selector Type: string

A Kubernetes label selector for specifying target server pods. It uses <label-name>=<label-value> syntax.

On Kubernetes, either selector or host is required.

Updatable
True See also: Kubernetes label selectors

host Type: string

The hostname or IP address of the server. This is an alternative to selector for specifying the target server.

On Kubernetes, either selector or host is required.

On Docker, Podman, or Linux, host is required.

Updatable
True

includeNotReadyPods Type: boolean

If true, include server pods in the NotReady state.

Default
False

exposePodsByName Type: boolean

If true, expose each pod as an individual service.

Default
False See also: Individual pod services

tlsCredentials Type: string

The name of a bundle of TLS certificates used for secure router-to-server communication. The bundle contains the trusted server certificate (usually a CA). It optionally includes a client certificate and key for mutual TLS.

On Kubernetes, the value is the name of a Secret in the current namespace. On Docker, Podman, and Linux, the value is the name of a directory under input/certs/ in the current namespace.

See also: Application TLS, Kubernetes TLS secrets, System TLS credentials

useClientCert Type: boolean

Send the client certificate when connecting in order to enable mutual TLS.

Default
False See also: Application TLS

verifyHostname Type: boolean

If true, require that the hostname of the server connected to matches the hostname in the server’s certificate.

Default
False See also: Application TLS

settings Type: object

A map containing additional settings. Each map entry has a string name and a string value.

Note

In general, we recommend not changing settings from their default values.

See also: Resource settings

status Type: string

The current state of the resource.

  • Pending: The resource is being processed.
  • Error: There was an error processing the resource. See message for more information.
  • Ready: The resource is ready to use.

See also: Resource status

message Type: string

A human-readable status message. Error messages are reported here.

See also: Resource status

hasMatchingListener Type: boolean

True if there is at least one listener with a matching routing key (usually in a remote site).

Default
False See also: Routing key concept

conditions Type: array

A set of named conditions describing the current state of the resource.

  • Configured: The connector configuration has been applied to the router.
  • Matched: There is at least one listener corresponding to this connector.
  • Ready: The connector is ready to use. All other conditions are true.

20.1.2.5. Site resource

selectedPods Type: array

A site is a place on the network where application workloads are running. Sites are joined by links.

The Site resource is the basis for site configuration. It is the parent of all Skupper resources in its namespace. There can be only one active Site resource per namespace.

Examples

A minimal site:

apiVersion: skupper.io/v2alpha1
kind: Site
metadata:
  name: east
  namespace: hello-world-east
Copy to Clipboard Toggle word wrap

A site configured to accept links:

apiVersion: skupper.io/v2alpha1
kind: Site
metadata:
  name: west
  namespace: hello-world-west
spec:
  linkAccess: default
Copy to Clipboard Toggle word wrap

name Type: string

The name of the resource.

See also: Kubernetes object names

namespace Type: string

The namespace of the resource.

See also: Platform concept, Kubernetes namespaces, System namespaces

linkAccess Type: string

Configure external access for links from remote sites.

Sites and links are the basis for creating application networks. In a simple two-site network, at least one of the sites must have link access enabled.

Default
none
Choices:: none
No linking to this site is permitted.
default
Use the default link access for the current platform. On OpenShift, the default is route. For other Kubernetes flavors, the default is loadbalancer.
route
Use an OpenShift route. OpenShift only.
loadbalancer
Use a Kubernetes load balancer.
Updatable
True See also: Link concept, Site linking

ha Type: boolean

Configure the site for high availability (HA). HA sites have two active routers.

Note that Skupper routers are stateless, and they restart after failure. This already provides a high level of availability. Enabling HA goes further and reduces the window of downtime caused by restarts.

Default
False Updatable:: True See also: High availability

defaultIssuer Type: string

The name of a Kubernetes secret containing the signing CA used to generate a certificate from a token. A secret is generated if none is specified.

This issuer is used by AccessGrant and RouterAccess if a specific issuer is not set.

Default
skupper-site-ca
Updatable
True See also: Router TLS, Kubernetes TLS secrets

edge Type: boolean

Configure the site to operate in edge mode. Edge sites cannot accept links from remote sites.

Edge mode can help you scale your network to large numbers of sites. However, for networks with 16 or fewer sites, there is little benefit.

Currently, edge sites cannot also have HA enabled.

Default
False See also: Large networks

serviceAccount Type: string

The name of the Kubernetes service account under which to run the Skupper router. A service account is generated if none is specified.

Default
Generated

See also: Kubernetes service accounts

settings Type: object

A map containing additional settings. Each map entry has a string name and a string value.

Note

In general, we recommend not changing settings from their default values.

  • routerDataConnections: Set the number of data connections the router uses when linking to other routers. + Default: Computed based on the number of router worker threads. Minimum 2.
  • routerLogging: Set the router logging level. + Default: info. Choices: info, warning, error.

See also: Resource settings

status Type: string

The current state of the resource.

  • Pending: The resource is being processed.
  • Error: There was an error processing the resource. See message for more information.
  • Ready: The resource is ready to use.

See also: Resource status

message Type: string

A human-readable status message. Error messages are reported here.

See also: Resource status

conditions Type: array

A set of named conditions describing the current state of the resource.

  • Configured: The output resources for this resource have been created.
  • Running: There is at least one router pod running.
  • Resolved: The hostname or IP address for link access is available.
  • Ready: The site is ready for use. All other conditions are true.

See also: Resource status, Kubernetes conditions

defaultIssuer Type: string

The name of the Kubernetes secret containing the active default signing CA.

See also: Router TLS, Kubernetes TLS secrets

endpoints Type: array

An array of connection endpoints. Each item has a name, host, port, and group.

These include connection endpoints for link access.

See also: Link concept, Site linking

20.1.2.7. AccessGrant resource

Permission to redeem access tokens for links to the local site. A remote site can use a token containing the grant URL and secret code to obtain a certificate signed by the grant’s certificate authority (CA), within a certain expiration window and for a limited number of redemptions.

The code, url, and ca properties of the resource status are used to generate access tokens from the grant.

name Type: string

The name of the resource.

See also: Kubernetes object names

namespace Type: string

The namespace of the resource.

See also: Platform concept, Kubernetes namespaces, System namespaces

redemptionsAllowed Type: integer

The number of times an access token for this grant can be redeemed.

Default
1

expirationWindow Type: string (duration)

The period of time in which an access token for this grant can be redeemed.

Default
15m

code Type: string

The secret code to use to authenticate access tokens submitted for redemption.

If not set, a value is generated and placed in the code status property.

issuer Type: string

The name of a Kubernetes secret used to generate a certificate when redeeming a token for this grant.

If not set, defaultIssuer on the Site rsource is used.

See also: Router TLS, Kubernetes TLS secrets

settings Type: object

A map containing additional settings. Each map entry has a string name and a string value.

Note

In general, we recommend not changing settings from their default values.

See also: Resource settings

status Type: string

The current state of the resource.

  • Pending: The resource is being processed.
  • Error: There was an error processing the resource. See message for more information.
  • Ready: The resource is ready to use.

See also: Resource status

message Type: string

A human-readable status message. Error messages are reported here.

See also: Resource status

redemptions Type: integer

The number of times a token for this grant has been redeemed.

expirationTime Type: string (date-time)

The point in time when the grant expires.

url Type: string

The URL of the token-redemption service for this grant.

ca Type: string

The trusted server certificate of the token-redemption service for this grant.

code Type: string

The secret code used to authenticate access tokens submitted for redemption.

Default
Generated

conditions Type: array

A set of named conditions describing the current state of the resource.

  • Processed: The controller has accepted the grant.
  • Resolved: The grant service is available to process tokens for this grant.
  • Ready: The grant is ready to use. All other conditions are true.

See also: Resource status, Kubernetes conditions

20.1.2.8. AccessToken resource

A short-lived credential used to create a link. An access token contains the URL and secret code of a corresponding access grant.

Note

Access tokens are often issued and redeemed using the Skupper CLI.

name Type: string

The name of the resource.

See also: Kubernetes object names

namespace Type: string

The namespace of the resource.

See also: Platform concept, Kubernetes namespaces, System namespaces

url Type: string

The URL of the grant service at the remote site.

code Type: string

The secret code used to authenticate the token when submitted for redemption.

ca Type: string

The trusted server certificate of the grant service at the remote site.

linkCost Type: integer

The link cost to use when creating the link.

Default
1 See also: Load balancing

settings Type: object

A map containing additional settings. Each map entry has a string name and a string value.

Note

In general, we recommend not changing settings from their default values.

See also: Resource settings

redeemed Type: boolean

True if the token has been redeemed. Once a token is redeemed, it cannot be used again.

Default
False

status Type: string

The current state of the resource.

  • Pending: The resource is being processed.
  • Error: There was an error processing the resource. See message for more information.
  • Ready: The resource is ready to use.

See also: Resource status

message Type: string

A human-readable status message. Error messages are reported here.

See also: Resource status

conditions Type: array

A set of named conditions describing the current state of the resource.

  • Redeemed: The token has been exchanged for a link.

See also: Resource status, Kubernetes conditions

20.1.2.9. Listener resource

A listener binds a local connection endpoint to connectors in remote sites. Listeners and connectors are matched by routing key.

A Listener resource specifies a host and port for accepting connections from local clients. To expose a multi-port service, create multiple listeners with the same host value.

Examples

A listener in site West for the Hello World backend service in site East:

apiVersion: skupper.io/v2alpha1
kind: Listener
metadata:
  name: backend
  namespace: hello-world-west
spec:
  routingKey: backend
  host: backend
  port: 8080
Copy to Clipboard Toggle word wrap

name Type: string

The name of the resource.

See also: Kubernetes object names

namespace Type: string

The namespace of the resource.

See also: Platform concept, Kubernetes namespaces, System namespaces

routingKey Type: string

The identifier used to route traffic from listeners to connectors. To enable connecting to a service at a remote site, the local listener and the remote connector must have matching routing keys.

Updatable
True See also: Routing key concept

host Type: string

The hostname or IP address of the local listener. Clients at this site use the listener host and port to establish connections to the remote service.

Updatable
True

port Type: integer

The port of the local listener. Clients at this site use the listener host and port to establish connections to the remote service.

Updatable
True

exposePodsByName Type: boolean

If true, expose each pod as an individual service.

Default
False See also: Individual pod services

tlsCredentials Type: string

The name of a bundle of TLS certificates used for secure client-to-router communication. The bundle contains the server certificate and key. It optionally includes the trusted client certificate (usually a CA) for mutual TLS.

On Kubernetes, the value is the name of a Secret in the current namespace. On Docker, Podman, and Linux, the value is the name of a directory under input/certs/ in the current namespace.

See also: Application TLS, Kubernetes TLS secrets, System TLS credentials

settings Type: object

A map containing additional settings. Each map entry has a string name and a string value.

Note

In general, we recommend not changing settings from their default values.

  • observer: Set the protocol observer used to generate traffic metrics. + Default: auto. Choices: auto, none, http1, http2.

See also: Resource settings

status Type: string

The current state of the resource.

  • Pending: The resource is being processed.
  • Error: There was an error processing the resource. See message for more information.
  • Ready: The resource is ready to use.

See also: Resource status

message Type: string

A human-readable status message. Error messages are reported here.

See also: Resource status

hasMatchingConnector Type: boolean

True if there is at least one connector with a matching routing key (usually in a remote site).

Default
False See also: Routing key concept

conditions Type: array

A set of named conditions describing the current state of the resource.

  • Configured: The listener configuration has been applied to the router.
  • Matched: There is at least one connector corresponding to this listener.
  • Ready: The listener is ready to use. All other conditions are true.

See also: Resource status, Kubernetes conditions

20.1.2.10. Connector resource

A connector binds a local workload to listeners in remote sites. Listeners and connectors are matched by routing key.

On Kubernetes, a Connector resource has a selector and port for specifying workload pods.

On Docker, Podman, and Linux, a Connector resource has a host and port for specifying a local server. Optionally, Kubernetes can also use a host and port.

Examples

A connector in site East for the Hello World backend service:

apiVersion: skupper.io/v2alpha1
kind: Connector
metadata:
  name: backend
  namespace: hello-world-east
spec:
  routingKey: backend
  selector: app=backend
  port: 8080
Copy to Clipboard Toggle word wrap

name Type: string

The name of the resource.

See also: Kubernetes object names

namespace Type: string

The namespace of the resource.

See also: Platform concept, Kubernetes namespaces, System namespaces

routingKey Type: string

The identifier used to route traffic from listeners to connectors. To expose a local workload to a remote site, the remote listener and the local connector must have matching routing keys.

Updatable
True See also: Routing key concept

port Type: integer

The port on the target server to connect to.

Updatable
True

selector Type: string

A Kubernetes label selector for specifying target server pods. It uses <label-name>=<label-value> syntax.

On Kubernetes, either selector or host is required.

Updatable
True See also: Kubernetes label selectors

host Type: string

The hostname or IP address of the server. This is an alternative to selector for specifying the target server.

On Kubernetes, either selector or host is required.

On Docker, Podman, or Linux, host is required.

Updatable
True

includeNotReadyPods Type: boolean

If true, include server pods in the NotReady state.

Default
False

exposePodsByName Type: boolean

If true, expose each pod as an individual service.

Default
False See also: Individual pod services

tlsCredentials Type: string

The name of a bundle of TLS certificates used for secure router-to-server communication. The bundle contains the trusted server certificate (usually a CA). It optionally includes a client certificate and key for mutual TLS.

On Kubernetes, the value is the name of a Secret in the current namespace. On Docker, Podman, and Linux, the value is the name of a directory under input/certs/ in the current namespace.

See also: Application TLS, Kubernetes TLS secrets, System TLS credentials

useClientCert Type: boolean

Send the client certificate when connecting in order to enable mutual TLS.

Default
False See also: Application TLS

verifyHostname Type: boolean

If true, require that the hostname of the server connected to matches the hostname in the server’s certificate.

Default
False See also: Application TLS

settings Type: object

A map containing additional settings. Each map entry has a string name and a string value.

Note

In general, we recommend not changing settings from their default values.

See also: Resource settings

status Type: string

The current state of the resource.

  • Pending: The resource is being processed.
  • Error: There was an error processing the resource. See message for more information.
  • Ready: The resource is ready to use.

See also: Resource status

message Type: string

A human-readable status message. Error messages are reported here.

See also: Resource status

hasMatchingListener Type: boolean

True if there is at least one listener with a matching routing key (usually in a remote site).

Default
False See also: Routing key concept

conditions Type: array

A set of named conditions describing the current state of the resource.

  • Configured: The connector configuration has been applied to the router.
  • Matched: There is at least one listener corresponding to this connector.
  • Ready: The connector is ready to use. All other conditions are true.

20.1.2.11. AttachedConnector resource

selectedPods Type: array

A connector in a peer namespace.

name Type: string

The name of the resource.

The name must be the same as that of the associated AttachedConnectorBinding resource in the site namespace.

See also: Kubernetes object names

namespace Type: string

The namespace of the resource.

See also: Platform concept, Kubernetes namespaces, System namespaces

siteNamespace Type: string

The name of the namespace in which the site this connector should be attached to is defined.

port Type: integer

The port on the target server to connect to.

Updatable
True

selector Type: string

A Kubernetes label selector for specifying target server pods. It uses <label-name>=<label-value> syntax.

On Kubernetes, either selector or host is required.

Updatable
True See also: Kubernetes label selectors

includeNotReadyPods Type: boolean

If true, include server pods in the NotReady state.

Default
False

tlsCredentials Type: string

The name of a bundle of TLS certificates used for secure router-to-server communication. The bundle contains the trusted server certificate (usually a CA). It optionally includes a client certificate and key for mutual TLS.

On Kubernetes, the value is the name of a Secret in the current namespace. On Docker, Podman, and Linux, the value is the name of a directory under input/certs/ in the current namespace.

See also: Application TLS, Kubernetes TLS secrets, System TLS credentials

settings Type: object

A map containing additional settings. Each map entry has a string name and a string value.

Note

In general, we recommend not changing settings from their default values.

See also: Resource settings

status Type: string

The current state of the resource.

  • Pending: The resource is being processed.
  • Error: There was an error processing the resource. See message for more information.
  • Ready: The resource is ready to use.

See also: Resource status

conditions Type: array

A set of named conditions describing the current state of the resource.

See also: Resource status, Kubernetes conditions

20.1.2.12. AttachedConnectorBinding resource

selectedPods Type: array

A binding to an attached connector in a peer namespace.

name Type: string

The name of the resource.

The name must be the same as that of the associated AttachedConnector resource in the connector namespace.

See also: Kubernetes object names

namespace Type: string

The namespace of the resource.

See also: Platform concept, Kubernetes namespaces, System namespaces

connectorNamespace Type: string

The name of the namespace where the associated AttachedConnector is located.

routingKey Type: string

The identifier used to route traffic from listeners to connectors. To expose a local workload to a remote site, the remote listener and the local connector must have matching routing keys.

Updatable
True See also: Routing key concept

exposePodsByName Type: boolean

If true, expose each pod as an individual service.

Default
False See also: Individual pod services

settings Type: object

A map containing additional settings. Each map entry has a string name and a string value.

Note

In general, we recommend not changing settings from their default values.

See also: Resource settings

status Type: string

The current state of the resource.

  • Pending: The resource is being processed.
  • Error: There was an error processing the resource. See message for more information.
  • Ready: The resource is ready to use.

See also: Resource status

hasMatchingListener Type: boolean

True if there is at least one listener with a matching routing key (usually in a remote site).

Default
False See also: Routing key concept

conditions Type: array

A set of named conditions describing the current state of the resource.

See also: Resource status, Kubernetes conditions

20.1.3. Skupper commands

20.1.4. CLI Group: Site operations

20.1.4.1. Using Site

20.1.4.1.1. Site command
skupper site [subcommand] [options]
Copy to Clipboard Toggle word wrap
Expand
FieldValue

Platforms

Kubernetes, Docker, Podman, Linux

Expand
Table 20.1. Subcommands
CommandDescription

Site create

Create a site

Site update

Change site settings

Site delete

Delete a site

Site status

Display the status of a site

Site generate

Generate a Site resource

20.1.4.1.2. Site create command
skupper site create <name> [options]
Copy to Clipboard Toggle word wrap

Create a site.

Expand
FieldValue

Platforms

Kubernetes, Docker, Podman, Linux

Waits for

Ready

Examples

# Create a site
$ skupper site create west
Waiting for status...
Site "west" is ready.

# Create a site that can accept links from remote sites
$ skupper site create west --enable-link-access
Copy to Clipboard Toggle word wrap

Primary options

<name> required

A name of your choice for the Skupper site. This name is displayed in the console and CLI output.

See also: Kubernetes object names

--enable-link-access frequently used

Allow external access for links from remote sites.

Sites and links are the basis for creating application networks. In a simple two-site network, at least one of the sites must have link access enabled.

See also: Link concept, Site linking

--link-access-type

Configure external access for links from remote sites.

Sites and links are the basis for creating application networks. In a simple two-site network, at least one of the sites must have link access enabled.

Default
default
Choices:: default
Use the default link access. On OpenShift, the default is route. For other Kubernetes flavors, the default is loadbalancer.
route
Use an OpenShift route. OpenShift only.
loadbalancer
Use a Kubernetes load balancer. Kubernetes only.
Platforms:: Kubernetes Updatable
True See also: Site linking

--enable-ha

Configure the site for high availability (HA). HA sites have two active routers.

Note that Skupper routers are stateless, and they restart after failure. This already provides a high level of availability. Enabling HA goes further and reduces the window of downtime caused by restarts.

Default
False Platforms:: Kubernetes Updatable:: True See also: High availability

--timeout

Raise an error if the operation does not complete in the given period of time.

Default
60s
Platforms
Kubernetes See also: Duration format

--wait

Wait for the given status before exiting.

Default
ready
Choices:: none
Do not wait.
configured
Wait until the configuration is applied.
ready
Wait until the resource is ready to use.
Platforms
Kubernetes See also: Resource status

Global options

--context global

Set the kubeconfig context.

Platforms
Kubernetes See also: Kubernetes kubeconfigs

--kubeconfig global

Set the path to the kubeconfig file.

Platforms
Kubernetes See also: Kubernetes kubeconfigs

--namespace global

Set the current namespace.

See also: Kubernetes namespaces, System namespaces

--platform global

Set the Skupper platform.

Default
kubernetes
Choices:: kubernetes
Kubernetes
docker
Docker
podman
Podman
linux
Linux

See also: Platform concept

--help global

Display help and exit.

Errors

  • A site resource already exists

    There is already a site resource defined for the namespace.

20.1.4.1.3. Site update command
skupper site update [name] [options]
Copy to Clipboard Toggle word wrap

Change site settings.

Expand
FieldValue

Platforms

Kubernetes, Docker, Podman, Linux

Waits for

Ready

Examples

# Update the current site to accept links
$ skupper site update --enable-link-access
Waiting for status...
Site "west" is ready.

# Update multiple settings
$ skupper site update --enable-link-access --enable-ha
Copy to Clipboard Toggle word wrap

Primary options

[name] optional

The name of the site resource.

If not specified, the name is that of the site associated with the current namespace.

See also: Kubernetes object names

--enable-link-access frequently used

Allow external access for links from remote sites.

Sites and links are the basis for creating application networks. In a simple two-site network, at least one of the sites must have link access enabled.

See also: Link concept, Site linking

--link-access-type

Configure external access for links from remote sites.

Sites and links are the basis for creating application networks. In a simple two-site network, at least one of the sites must have link access enabled.

Default
default
Choices:: default
Use the default link access. On OpenShift, the default is route. For other Kubernetes flavors, the default is loadbalancer.
route
Use an OpenShift route. OpenShift only.
loadbalancer
Use a Kubernetes load balancer. Kubernetes only.
Platforms:: Kubernetes Updatable
True See also: Site linking

--enable-ha

Configure the site for high availability (HA). HA sites have two active routers.

Note that Skupper routers are stateless, and they restart after failure. This already provides a high level of availability. Enabling HA goes further and reduces the window of downtime caused by restarts.

Default
False Platforms:: Kubernetes Updatable:: True See also: High availability

--timeout

Raise an error if the operation does not complete in the given period of time.

Default
60s
Platforms
Kubernetes

--wait

Wait for the given status before exiting.

Default
ready
Choices:: none
Do not wait
configured
Configured
ready
Ready
Platforms
Kubernetes See also: Resource status

Global options

--context global

Set the kubeconfig context.

Platforms
Kubernetes See also: Kubernetes kubeconfigs

--kubeconfig global

Set the path to the kubeconfig file.

Platforms
Kubernetes See also: Kubernetes kubeconfigs

--namespace global

Set the current namespace.

See also: Kubernetes namespaces, System namespaces

--platform global

Set the Skupper platform.

Default
kubernetes
Choices:: kubernetes
Kubernetes
docker
Docker
podman
Podman
linux
Linux

See also: Platform concept

--help global

Display help and exit.

Errors

  • No site resource exists

    There is no existing Skupper site resource to update.

20.1.4.1.4. Site delete command
skupper site delete [name] [options]
Copy to Clipboard Toggle word wrap

Delete a site.

Expand
FieldValue

Platforms

Kubernetes, Docker, Podman, Linux

Waits for

Deletion

Examples

# Delete the current site
$ skupper site delete
Waiting for deletion...
Site "west" is deleted.

# Delete the current site and all of its associated Skupper resources
$ skupper site delete --all
Copy to Clipboard Toggle word wrap

Primary options

[name] optional

The name of the site resource.

If not specified, the name is that of the site associated with the current namespace.

See also: Kubernetes object names

--all frequently used

In addition the site resource, delete all of the Skupper resources associated with the site in the current namespace.

--timeout

Raise an error if the operation does not complete in the given period of time.

Default
60s
Platforms
Kubernetes

--wait

Wait for deletion to complete before exiting.

Default
true Platforms:: Kubernetes

Global options

--context global

Set the kubeconfig context.

Platforms
Kubernetes See also: Kubernetes kubeconfigs

--kubeconfig global

Set the path to the kubeconfig file.

Platforms
Kubernetes See also: Kubernetes kubeconfigs

--namespace global

Set the current namespace.

See also: Kubernetes namespaces, System namespaces

--platform global

Set the Skupper platform.

Default
kubernetes
Choices:: kubernetes
Kubernetes
docker
Docker
podman
Podman
linux
Linux

See also: Platform concept

--help global

Display help and exit.

Errors

  • No site resource exists

    There is no existing Skupper site resource to delete.

20.1.4.1.5. Site status command
skupper site status [name] [options]
Copy to Clipboard Toggle word wrap

Display the status of a site.

Expand
FieldValue

Platforms

Kubernetes, Docker, Podman, Linux

Examples

# Show the status of the current site
$ skupper site status
Name:      west
Status:    Ready
Message:   -
Copy to Clipboard Toggle word wrap

Primary options

[name] optional

The name of the site resource.

If not specified, the name is that of the site associated with the current namespace.

See also: Kubernetes object names

--timeout

Raise an error if the operation does not complete in the given period of time.

Default
60s
Platforms
Kubernetes See also: Duration format

--output

Print status to the console in a structured output format.

Choices
json:: Produce JSON output
yaml
Produce YAML output

Global options

--context global

Set the kubeconfig context.

Platforms
Kubernetes See also: Kubernetes kubeconfigs

--kubeconfig global

Set the path to the kubeconfig file.

Platforms
Kubernetes See also: Kubernetes kubeconfigs

--namespace global

Set the current namespace.

See also: Kubernetes namespaces, System namespaces

--platform global

Set the Skupper platform.

Default
kubernetes
Choices:: kubernetes
Kubernetes
docker
Docker
podman
Podman
linux
Linux

See also: Platform concept

--help global

Display help and exit.

20.1.4.1.6. Site generate command
skupper site generate <name> [options]
Copy to Clipboard Toggle word wrap

Generate a Site resource.

Expand
FieldValue

Platforms

Kubernetes, Docker, Podman, Linux

Examples

# Generate a Site resource and print it to the console
$ skupper site generate west --enable-link-access
apiVersion: skupper.io/v2alpha1
kind: Site
metadata:
  name: west
spec:
  linkAccess: default

# Generate a Site resource and direct the output to a file
$ skupper site generate east > east.yaml
Copy to Clipboard Toggle word wrap

Primary options

<name> required

The name of the resource to be generated.

See also: Kubernetes object names

--enable-link-access frequently used

Allow external access for links from remote sites.

Sites and links are the basis for creating application networks. In a simple two-site network, at least one of the sites must have link access enabled.

See also: Link concept, Site linking

--output

Select the output format.

Default
yaml
Choices:: json
Produce JSON output
yaml
Produce YAML output

--link-access-type

Configure external access for links from remote sites.

Sites and links are the basis for creating application networks. In a simple two-site network, at least one of the sites must have link access enabled.

Default
default
Choices:: default
Use the default link access. On OpenShift, the default is route. For other Kubernetes flavors, the default is loadbalancer.
route
Use an OpenShift route. OpenShift only.
loadbalancer
Use a Kubernetes load balancer. Kubernetes only.
Platforms:: Kubernetes Updatable
True See also: Site linking

--enable-ha

Configure the site for high availability (HA). HA sites have two active routers.

Note that Skupper routers are stateless, and they restart after failure. This already provides a high level of availability. Enabling HA goes further and reduces the window of downtime caused by restarts.

Default
False Platforms:: Kubernetes Updatable:: True See also: High availability

Global options

--platform global

Set the Skupper platform.

Default
kubernetes
Choices:: kubernetes
Kubernetes
docker
Docker
podman
Podman
linux
Linux

See also: Platform concept

--help global

Display help and exit.

20.1.5. CLI Group: Site linking

20.1.5.1. Using Token

20.1.5.1.1. Token command
skupper token [subcommand] [options]
Copy to Clipboard Toggle word wrap
Expand
FieldValue

Platforms

Kubernetes, Docker, Podman, Linux

Expand
Table 20.2. Subcommands
CommandDescription

Token issue

Issue a token file redeemable for a link to the current site

Token redeem

Redeem a token file in order to create a link to a remote site

20.1.5.1.2. Token issue command
skupper token issue <file> [options]
Copy to Clipboard Toggle word wrap

Issue a token file redeemable for a link to the current site.

This command first creates an access grant in order to issue the token.

Issuing a token requires a site with link access enabled. The command waits for the site to enter the ready state before producing the token.

Expand
FieldValue

Platforms

Kubernetes

Waits for

Ready

Examples

# Issue an access token
$ skupper token issue ~/token.yaml
Waiting for status...
Access grant "west-6bfn6" is ready.
Token file /home/fritz/token.yaml created.

Transfer this file to a remote site. At the remote site,
create a link to this site using the 'skupper token
redeem' command:

    $ skupper token redeem <file>

The token expires after 1 use or after 15 minutes.

# Issue an access token with non-default limits
$ skupper token issue ~/token.yaml --expiration-window 24h --redemptions-allowed 3

# Issue a token using an existing access grant
$ skupper token issue ~/token.yaml --grant west-1
Copy to Clipboard Toggle word wrap

Primary options

<file> required

The name of the token file to create.

Platforms
Kubernetes, Docker, Podman, Linux

--timeout

Raise an error if the operation does not complete in the given period of time.

Default
60s
Platforms
Kubernetes, Docker, Podman, Linux

--expiration-window

The period of time in which an access token for this grant can be redeemed.

Default
15m
Platforms
Kubernetes, Docker, Podman, Linux

--redemptions-allowed

The number of times an access token for this grant can be redeemed.

Default
1 Platforms:: Kubernetes, Docker, Podman, Linux

--grant advanced

Use the named access grant instead of creating a new one.

Platforms
Kubernetes, Docker, Podman, Linux

Global options

--context global

Set the kubeconfig context.

See also: Kubernetes kubeconfigs

--kubeconfig global

Set the path to the kubeconfig file.

See also: Kubernetes kubeconfigs

--namespace global

Set the current namespace.

Platforms
Kubernetes, Docker, Podman, Linux See also: Kubernetes namespaces, System namespaces

--platform global

Set the Skupper platform.

Default
kubernetes
Choices:: kubernetes
Kubernetes
docker
Docker
podman
Podman
linux
Linux
Platforms
Kubernetes, Docker, Podman, Linux See also: Platform concept

--help global

Display help and exit.

Platforms
Kubernetes, Docker, Podman, Linux

Errors

  • Link access is not enabled

    Link access at this site is not currently enabled. You can use "skupper site update --enable-link-access" to enable it.

20.1.5.1.3. Token redeem command
skupper token redeem <file> [options]
Copy to Clipboard Toggle word wrap

Redeem a token file in order to create a link to a remote site.

Expand
FieldValue

Platforms

Kubernetes, Docker, Podman, Linux

Examples

# Redeem an access token
$ skupper token redeem ~/token.yaml
Waiting for status...
Link "west-6bfn6" is active.
You can now safely delete /home/fritz/token.yaml.
Copy to Clipboard Toggle word wrap

Primary options

<file> required

The name of the token file to use.

--timeout

Raise an error if the operation does not complete in the given period of time.

Default
60s

--link-cost

The link cost to use when creating the link.

Default
1 See also: Load balancing

Global options

--context global

Set the kubeconfig context.

Platforms
Kubernetes See also: Kubernetes kubeconfigs

--kubeconfig global

Set the path to the kubeconfig file.

Platforms
Kubernetes See also: Kubernetes kubeconfigs

--namespace global

Set the current namespace.

See also: Kubernetes namespaces, System namespaces

--platform global

Set the Skupper platform.

Default
kubernetes
Choices:: kubernetes
Kubernetes
docker
Docker
podman
Podman
linux
Linux

See also: Platform concept

--help global

Display help and exit.

20.1.6. CLI Group: Service exposure

20.1.6.1. Using Listener

20.1.6.1.1. Listener command
skupper listener [subcommand] [options]
Copy to Clipboard Toggle word wrap
Expand
FieldValue

Platforms

Kubernetes, Docker, Podman, Linux

Expand
Table 20.4. Subcommands
CommandDescription

Listener create

Create a listener

Listener update

Update a listener

Listener delete

Delete a listener

Listener status

Display the status of listeners in the current site

Listener generate

Generate a Listener resource

20.1.6.1.2. Listener create command
skupper listener create <name> <port> [options]
Copy to Clipboard Toggle word wrap

Create a listener.

Expand
FieldValue

Platforms

Kubernetes, Docker, Podman, Linux

Waits for

Configured

Examples

# Create a listener for a database
$ skupper listener create database 5432
Waiting for status...
Listener "database" is configured.

# Set the routing key and host explicitly
$ skupper listener create backend 8080 --routing-key be1 --host apiserver
Copy to Clipboard Toggle word wrap

Primary options

<name> required

The name of the resource to be created.

The name is the default routing key and host if the --routing-key and --host options are not specified.

See also: Kubernetes object names

<port> required

The port of the local listener. Clients at this site use the listener host and port to establish connections to the remote service.

Updatable
True

--routing-key frequently used

The identifier used to route traffic from listeners to connectors. To enable connecting to a service at a remote site, the local listener and the remote connector must have matching routing keys.

Default
Value of name
Updatable
True

--host frequently used

The hostname or IP address of the local listener. Clients at this site use the listener host and port to establish connections to the remote service.

Default
Value of name
Updatable
True

--wait

Wait for the given status before exiting.

Default
ready
Choices:: none
Do not wait.
configured
Wait until the configuration is applied.
ready
Wait until the resource is ready to use.
Platforms
Kubernetes See also: Resource status

--timeout

Raise an error if the operation does not complete in the given period of time.

Default
60s
Platforms
Kubernetes See also: Duration format

Global options

--context global

Set the kubeconfig context.

Platforms
Kubernetes See also: Kubernetes kubeconfigs

--kubeconfig global

Set the path to the kubeconfig file.

Platforms
Kubernetes See also: Kubernetes kubeconfigs

--namespace global

Set the current namespace.

See also: Kubernetes namespaces, System namespaces

--platform global

Set the Skupper platform.

Default
kubernetes
Choices:: kubernetes
Kubernetes
docker
Docker
podman
Podman
linux
Linux

See also: Platform concept

--help global

Display help and exit.

20.1.6.1.3. Listener update command
skupper listener update <name> [options]
Copy to Clipboard Toggle word wrap

Update a listener.

Expand
FieldValue

Platforms

Kubernetes, Docker, Podman, Linux

Waits for

Configured

Examples

# Change the host and port
$ skupper listener update database --host mysql --port 3306
Waiting for status...
Listener "database" is configured.

# Change the routing key
$ skupper listener update backend --routing-key be2
Copy to Clipboard Toggle word wrap

Primary options

<name> required

The name of the resource to be updated.

See also: Kubernetes object names

--host frequently used

The hostname or IP address of the local listener. Clients at this site use the listener host and port to establish connections to the remote service.

Default
Value of name
Updatable
True

--port frequently used

The port of the local listener. Clients at this site use the listener host and port to establish connections to the remote service.

Updatable
True

--routing-key frequently used

The identifier used to route traffic from listeners to connectors. To enable connecting to a service at a remote site, the local listener and the remote connector must have matching routing keys.

Default
Value of name
Updatable
True

--wait

Wait for the given status before exiting.

Default
ready
Choices:: none
Do not wait
configured
Configured
ready
Ready
Platforms
Kubernetes See also: Resource status

--timeout

Raise an error if the operation does not complete in the given period of time.

Default
60s
Platforms
Kubernetes

Global options

--context global

Set the kubeconfig context.

Platforms
Kubernetes See also: Kubernetes kubeconfigs

--kubeconfig global

Set the path to the kubeconfig file.

Platforms
Kubernetes See also: Kubernetes kubeconfigs

--namespace global

Set the current namespace.

See also: Kubernetes namespaces, System namespaces

--platform global

Set the Skupper platform.

Default
kubernetes
Choices:: kubernetes
Kubernetes
docker
Docker
podman
Podman
linux
Linux

See also: Platform concept

--help global

Display help and exit.

20.1.6.1.4. Listener delete command
skupper listener delete <name> [options]
Copy to Clipboard Toggle word wrap

Delete a listener.

Expand
FieldValue

Platforms

Kubernetes, Docker, Podman, Linux

Waits for

Deletion

Examples

# Delete a listener
$ skupper listener delete database
Waiting for deletion...
Listener "database" is deleted.
Copy to Clipboard Toggle word wrap

Primary options

<name> required

The name of the resource to be deleted.

See also: Kubernetes object names

--timeout

Raise an error if the operation does not complete in the given period of time.

Default
60s
Platforms
Kubernetes

--wait

Wait for deletion to complete before exiting.

Default
true Platforms:: Kubernetes

Global options

--context global

Set the kubeconfig context.

Platforms
Kubernetes See also: Kubernetes kubeconfigs

--kubeconfig global

Set the path to the kubeconfig file.

Platforms
Kubernetes See also: Kubernetes kubeconfigs

--namespace global

Set the current namespace.

See also: Kubernetes namespaces, System namespaces

--platform global

Set the Skupper platform.

Default
kubernetes
Choices:: kubernetes
Kubernetes
docker
Docker
podman
Podman
linux
Linux

See also: Platform concept

--help global

Display help and exit.

20.1.6.1.5. Listener status command
skupper listener status [name] [options]
Copy to Clipboard Toggle word wrap

Display the status of listeners in the current site.

Expand
FieldValue

Platforms

Kubernetes, Docker, Podman, Linux

Examples

# Show the status of all listeners in the current site
$ skupper listener status
NAME       STATUS   ROUTING-KEY   HOST       PORT   CONNECTORS
backend    Ready    backend       backend    8080   true
database   Ready    database      database   5432   true

# Show the status of one listener
$ skupper listener status backend
Name:                      backend
Status:                    Ready
Message:                   <none>
Routing key:               backend
Host:                      backend
Port:                      8080
Has matching connectors:   true
Copy to Clipboard Toggle word wrap

Primary options

[name] optional

An optional resource name. If set, the status command reports status for the named resource only.

See also: Kubernetes object names

--timeout

Raise an error if the operation does not complete in the given period of time.

Default
60s
Platforms
Kubernetes See also: Duration format

--output

Print status to the console in a structured output format.

Choices
json:: Produce JSON output
yaml
Produce YAML output

Global options

--context global

Set the kubeconfig context.

Platforms
Kubernetes See also: Kubernetes kubeconfigs

--kubeconfig global

Set the path to the kubeconfig file.

Platforms
Kubernetes See also: Kubernetes kubeconfigs

--namespace global

Set the current namespace.

See also: Kubernetes namespaces, System namespaces

--platform global

Set the Skupper platform.

Default
kubernetes
Choices:: kubernetes
Kubernetes
docker
Docker
podman
Podman
linux
Linux

See also: Platform concept

--help global

Display help and exit.

20.1.6.1.6. Listener generate command
skupper listener generate <name> <port> [options]
Copy to Clipboard Toggle word wrap

Generate a Listener resource.

Expand
FieldValue

Platforms

Kubernetes, Docker, Podman, Linux

Examples

# Generate a Listener resource and print it to the console
$ skupper listener generate backend 8080
apiVersion: skupper.io/v2alpha1
kind: Listener
metadata:
  name: backend
spec:
  routingKey: backend
  port: 8080
  host: backend

# Generate a Listener resource and direct the output to a file
$ skupper listener generate backend 8080 > backend.yaml
Copy to Clipboard Toggle word wrap

Primary options

<name> required

The name of the resource to be generated.

See also: Kubernetes object names

<port> required

The port of the local listener. Clients at this site use the listener host and port to establish connections to the remote service.

Updatable
True

--routing-key frequently used

The identifier used to route traffic from listeners to connectors. To enable connecting to a service at a remote site, the local listener and the remote connector must have matching routing keys.

Default
Value of name
Updatable
True

--host frequently used

The hostname or IP address of the local listener. Clients at this site use the listener host and port to establish connections to the remote service.

Default
Value of name
Updatable
True

--wait

Wait for the given status before exiting.

Default
configured
Choices:: none
Do not wait
configured
Configured
ready
Ready

--output

Select the output format.

Default
yaml
Choices:: json
Produce JSON output
yaml
Produce YAML output

Global options

--platform global

Set the Skupper platform.

Default
kubernetes
Choices:: kubernetes
Kubernetes
docker
Docker
podman
Podman
linux
Linux

See also: Platform concept

--help global

Display help and exit.

20.1.6.2. Using Connector

20.1.6.2.1. Connector command
skupper connector [subcommand] [options]
Copy to Clipboard Toggle word wrap
Expand
FieldValue

Platforms

Kubernetes, Docker, Podman, Linux

Expand
Table 20.5. Subcommands
CommandDescription

Connector create

Create a connector

Connector update

Update a connector

Connector delete

Delete a connector

Connector status

Display the status of connectors in the current site

Connector generate

Generate a Connector resource

20.1.6.2.2. Connector create command
skupper connector create <name> <port> [options]
Copy to Clipboard Toggle word wrap

Create a connector.

Expand
FieldValue

Platforms

Kubernetes, Docker, Podman, Linux

Waits for

Configured

Examples

# Create a connector for a database
$ skupper connector create database 5432
Waiting for status...
Connector "database" is configured.

# Set the routing key and selector explicitly
$ skupper connector create backend 8080 --routing-key be1 --selector app=be1

# Use the workload option to select pods
$ skupper connector create backend 8080 --workload deployment/backend
Copy to Clipboard Toggle word wrap

Primary options

<name> required

The name of the resource to be created.

The name is the default routing key if the --routing-key option is not specified. On Kubernetes, the name defines the default pod selector if the --selector and --workload options are not specified.

See also: Kubernetes object names

<port> required

The port on the target server to connect to.

Updatable
True

--routing-key frequently used

The identifier used to route traffic from listeners to connectors. To expose a local workload to a remote site, the remote listener and the local connector must have matching routing keys.

Default
Value of name
Updatable
True

--workload frequently used

A Kubernetes resource name that identifies a workload. It uses <resource-type>/<resource-name> syntax and resolves to an equivalent pod selector.

This is an alternative to setting the --selector or --host options.

Platforms
Kubernetes See also: Kubernetes workloads

--selector

A Kubernetes label selector for specifying target server pods. It uses <label-name>=<label-value> syntax.

This is an alternative to setting the --workload or --host options.

Default
app=[value-of-name]
Platforms:: Kubernetes Updatable
True See also: Kubernetes label selectors

--host

The hostname or IP address of the server. This is an alternative to selector for specifying the target server.

This is an alternative to setting the --selector or --workload options.

Default
On Kubernetes: Value of name + On Docker, Podman, and Linux: localhost
Updatable
True

--wait

Wait for the given status before exiting.

Default
ready
Choices:: none
Do not wait.
configured
Wait until the configuration is applied.
ready
Wait until the resource is ready to use.
Platforms
Kubernetes See also: Resource status

--timeout

Raise an error if the operation does not complete in the given period of time.

Default
60s
Platforms
Kubernetes See also: Duration format

Global options

--context global

Set the kubeconfig context.

Platforms
Kubernetes See also: Kubernetes kubeconfigs

--kubeconfig global

Set the path to the kubeconfig file.

Platforms
Kubernetes See also: Kubernetes kubeconfigs

--namespace global

Set the current namespace.

See also: Kubernetes namespaces, System namespaces

--platform global

Set the Skupper platform.

Default
kubernetes
Choices:: kubernetes
Kubernetes
docker
Docker
podman
Podman
linux
Linux

See also: Platform concept

--help global

Display help and exit.

20.1.6.2.3. Connector update command
skupper connector update <name> <port> [options]
Copy to Clipboard Toggle word wrap

Update a connector.

Expand
FieldValue

Platforms

Kubernetes, Docker, Podman, Linux

Waits for

Configured

Examples

# Change the workload and port
$ skupper connector update database --workload deployment/mysql --port 3306
Waiting for status...
Connector "database" is configured.

# Change the routing key
$ skupper connector update backend --routing-key be2
Copy to Clipboard Toggle word wrap

Primary options

<name> required

The name of the resource to be updated.

See also: Kubernetes object names

<port> required

The port on the target server to connect to.

Updatable
True

--routing-key frequently used

The identifier used to route traffic from listeners to connectors. To expose a local workload to a remote site, the remote listener and the local connector must have matching routing keys.

Default
Value of name
Updatable
True

--workload frequently used

A Kubernetes resource name that identifies a workload. It uses <resource-type>/<resource-name> syntax and resolves to an equivalent pod selector.

This is an alternative to setting the --selector or --host options.

Platforms
Kubernetes See also: Kubernetes workloads

--selector

A Kubernetes label selector for specifying target server pods. It uses <label-name>=<label-value> syntax.

This is an alternative to setting the --workload or --host options.

Default
app=[value-of-name]
Platforms:: Kubernetes Updatable
True See also: Kubernetes label selectors

--host

The hostname or IP address of the server. This is an alternative to selector for specifying the target server.

This is an alternative to setting the --selector or --workload options.

Default
On Kubernetes: Value of name + On Docker, Podman, and Linux: localhost
Updatable
True

--wait

Wait for the given status before exiting.

Default
ready
Choices:: none
Do not wait
configured
Configured
ready
Ready
Platforms
Kubernetes See also: Resource status

--timeout

Raise an error if the operation does not complete in the given period of time.

Default
60s
Platforms
Kubernetes

Global options

--context global

Set the kubeconfig context.

Platforms
Kubernetes See also: Kubernetes kubeconfigs

--kubeconfig global

Set the path to the kubeconfig file.

Platforms
Kubernetes See also: Kubernetes kubeconfigs

--namespace global

Set the current namespace.

See also: Kubernetes namespaces, System namespaces

--platform global

Set the Skupper platform.

Default
kubernetes
Choices:: kubernetes
Kubernetes
docker
Docker
podman
Podman
linux
Linux

See also: Platform concept

--help global

Display help and exit.

20.1.6.2.4. Connector delete command
skupper connector delete <name> [options]
Copy to Clipboard Toggle word wrap

Delete a connector.

Expand
FieldValue

Platforms

Kubernetes, Docker, Podman, Linux

Waits for

Deletion

Examples

# Delete a connector
$ skupper connector delete database
Waiting for deletion...
Connector "database" is deleted.
Copy to Clipboard Toggle word wrap

Primary options

<name> required

The name of the resource to be deleted.

See also: Kubernetes object names

--timeout

Raise an error if the operation does not complete in the given period of time.

Default
60s
Platforms
Kubernetes

--wait

Wait for deletion to complete before exiting.

Default
true Platforms:: Kubernetes

Global options

--context global

Set the kubeconfig context.

Platforms
Kubernetes See also: Kubernetes kubeconfigs

--kubeconfig global

Set the path to the kubeconfig file.

Platforms
Kubernetes See also: Kubernetes kubeconfigs

--namespace global

Set the current namespace.

See also: Kubernetes namespaces, System namespaces

--platform global

Set the Skupper platform.

Default
kubernetes
Choices:: kubernetes
Kubernetes
docker
Docker
podman
Podman
linux
Linux

See also: Platform concept

--help global

Display help and exit.

20.1.6.2.5. Connector status command
skupper connector status [name] [options]
Copy to Clipboard Toggle word wrap

Display the status of connectors in the current site.

Expand
FieldValue

Platforms

Kubernetes, Docker, Podman, Linux

Examples

# Show the status of all connectors in the current site
$ skupper connector status
NAME       STATUS   ROUTING-KEY   SELECTOR         HOST     PORT   LISTENERS
backend    Ready    backend       app=backend      <none>   8080   true
database   Ready    database      app=postgresql   <none>   5432   true

# Show the status of one connector
$ skupper connector status backend
Name:                     backend
Status:                   Ready
Message:                  <none>
Routing key:              backend
Selector:                 app=backend
Host:                     <none>
Port:                     8080
Has matching listeners:   1
Copy to Clipboard Toggle word wrap

Primary options

[name] optional

An optional resource name. If set, the status command reports status for the named resource only.

See also: Kubernetes object names

--timeout

Raise an error if the operation does not complete in the given period of time.

Default
60s
Platforms
Kubernetes See also: Duration format

--output

Print status to the console in a structured output format.

Choices
json:: Produce JSON output
yaml
Produce YAML output

Global options

--context global

Set the kubeconfig context.

Platforms
Kubernetes See also: Kubernetes kubeconfigs

--kubeconfig global

Set the path to the kubeconfig file.

Platforms
Kubernetes See also: Kubernetes kubeconfigs

--namespace global

Set the current namespace.

See also: Kubernetes namespaces, System namespaces

--platform global

Set the Skupper platform.

Default
kubernetes
Choices:: kubernetes
Kubernetes
docker
Docker
podman
Podman
linux
Linux

See also: Platform concept

--help global

Display help and exit.

20.1.6.2.6. Connector generate command
skupper connector generate <name> <port> [options]
Copy to Clipboard Toggle word wrap

Generate a Connector resource.

Expand
FieldValue

Platforms

Kubernetes, Docker, Podman, Linux

Examples

# Generate a Connector resource and print it to the console
$ skupper connector generate backend 8080
apiVersion: skupper.io/v2alpha1
kind: Connector
metadata:
  name: backend
spec:
  routingKey: backend
  port: 8080
  selector: app=backend

# Generate a Connector resource and direct the output to a file
$ skupper connector generate backend 8080 > backend.yaml
Copy to Clipboard Toggle word wrap

Primary options

<name> required

The name of the resource to be generated.

See also: Kubernetes object names

<port> required

The port on the target server to connect to.

Updatable
True

--routing-key frequently used

The identifier used to route traffic from listeners to connectors. To expose a local workload to a remote site, the remote listener and the local connector must have matching routing keys.

Default
Value of name
Updatable
True

--workload frequently used

A Kubernetes resource name that identifies a workload. It uses <resource-type>/<resource-name> syntax and resolves to an equivalent pod selector.

This is an alternative to setting the --selector or --host options.

Platforms
Kubernetes See also: Kubernetes workloads

--selector

A Kubernetes label selector for specifying target server pods. It uses <label-name>=<label-value> syntax.

This is an alternative to setting the --workload or --host options.

Default
app=[value-of-name]
Platforms:: Kubernetes Updatable
True See also: Kubernetes label selectors

--host

The hostname or IP address of the server. This is an alternative to selector for specifying the target server.

This is an alternative to setting the --selector or --workload options.

Default
On Kubernetes: Value of name + On Docker, Podman, and Linux: localhost
Updatable
True

--wait

Wait for the given status before exiting.

Default
configured
Choices:: none
Do not wait
configured
Configured
ready
Ready

--output

Select the output format.

Default
yaml
Choices:: json
Produce JSON output
yaml
Produce YAML output

Global options

--platform global

Set the Skupper platform.

Default
kubernetes
Choices:: kubernetes
Kubernetes
docker
Docker
podman
Podman
linux
Linux

See also: Platform concept

--help global

Display help and exit.

20.1.7. CLI Group: Other operations

20.1.7.1. Using Version

20.1.7.1.1. Version command
skupper version [options]
Copy to Clipboard Toggle word wrap

Display versions of Skupper components.

Expand
FieldValue

Platforms

Kubernetes, Docker, Podman, Linux

Examples

# Show component versions
$ skupper version
COMPONENT          VERSION
cli                2.0.0
controller         2.0.0
router             3.0.0

# Show version details in YAML format
$ skupper version --output yaml
components:
  cli:
    version: 2.0.0
  controller:
    version: 2.0.0
    images:
      controller:
        name: quay.io/skupper/controller:2.0.0
        digest: sha256:663d97f86ff3fcce27a3842cd2b3a8e32af791598a46d815c07b0aec07505f55
  router:
    version: 3.0.0
    images:
      router:
        name: quay.io/skupper/router:3.0.0
        digest: sha256:dc5e27385a1e110dd2db1903ba7ec3e0d50b57f742aa02d7dd0a7b1b68c34394
      kube-adaptor:
        name: quay.io/skupper/kube-adaptor:2.0.0
        digest: sha256:4dc24bb3d605ed3fcec2f8ef7d45ca883d9d87b278bfedd5fcca74281d617a5e
Copy to Clipboard Toggle word wrap

Primary options

--output

Produce verbose structured output.

Choices
json:: Produce JSON output
yaml
Produce YAML output

Global options

--context global

Set the kubeconfig context.

Platforms
Kubernetes See also: Kubernetes kubeconfigs

--kubeconfig global

Set the path to the kubeconfig file.

Platforms
Kubernetes See also: Kubernetes kubeconfigs

--namespace global

Set the current namespace.

See also: Kubernetes namespaces, System namespaces

--platform global

Set the Skupper platform.

Default
kubernetes
Choices:: kubernetes
Kubernetes
docker
Docker
podman
Podman
linux
Linux

See also: Platform concept

--help global

Display help and exit.

Volver arriba
Red Hat logoGithubredditYoutubeTwitter

Aprender

Pruebe, compre y venda

Comunidades

Acerca de la documentación de Red Hat

Ayudamos a los usuarios de Red Hat a innovar y alcanzar sus objetivos con nuestros productos y servicios con contenido en el que pueden confiar. Explore nuestras recientes actualizaciones.

Hacer que el código abierto sea más inclusivo

Red Hat se compromete a reemplazar el lenguaje problemático en nuestro código, documentación y propiedades web. Para más detalles, consulte el Blog de Red Hat.

Acerca de Red Hat

Ofrecemos soluciones reforzadas que facilitan a las empresas trabajar en plataformas y entornos, desde el centro de datos central hasta el perímetro de la red.

Theme

© 2025 Red Hat