Intro There are many challenges that engineering teams face when attempting to incorporate a multi-cloud approach into their infrastructure goals. Kubernetes does a good job of addressing some of these issues, but managing the communication of clusters that span multiple cloud providers in multiple regions can become a daunting task for teams. Often this requires complex VPNs and special firewall rules to multi-cloud cluster communication. In this post, I will be introducing you to Skupper, an open source project for enabling secure communication across Kubernetes cluster. Skupper allows your application to span multiple cloud providers, data centers, and regions. Let's see it in action! Getting Started This tutorial will demonstrate how to distribute the microservices across multiple public and private clusters. The services require no coding changes to work in the distributed application environment. With Skupper, the application behaves as if all the services are running in the same cluster. Istio Bookinfo Application In this tutorial, you will deploy the and services on a remote, public cluster in namespace and the and services in a local, on-premises cluster in namespace . productpage ratings aws-eu-west details reviews laptop OverviewFigure 1 - Bookinfo service deployment The image above shows how the services will be deployed. Each cluster runs two of the application services. An ingress route to the service provides internet user access to the application. productpage If all services were installed on the public cluster, then the application would work as originally designed. However, since two of the services are on the cluster, the application fails. can not send requests to or to . laptop productpage details reviews This demo will show how Skupper can solve the connectivity problem presented by this arrangement of service deployments. Figure 2 - Bookinfo service deployment with Skupper Skupper is a distributed system with installations running in one or more clusters or namespaces. Connected Skupper installations share information about what services each installation exposes. Each Skupper installation learns which services are exposed on every other installation. Skupper then runs proxy service endpoints in each namespace to properly route requests to or from every exposed service. In the public namespace, the and proxies intercept requests for their services and forward them to the Skupper network. details reviews In the private namespace, the and proxies receive requests from the Skupper network and send them to the related service. details reviews In the private namespace, the proxy intercepts requests for its service and forwards them to the Skupper network. ratings In the public namespace, the proxy receives requests from the Skupper network and sends them to the related service. ratings Prerequisites To run this tutorial you will need: The command-line tool, version 1.15 or later ( ) kubectl installation guide The command-line tool, the latest version ( ) skupper installation guide Two Kubernetes namespaces, from any providers you choose, on any clusters you choose The yaml files from https://github.com/skupperproject/skupper-examples-bookinfo.git Two logged-in console terminals, one for each cluster or namespace Step 1: Deploy the Bookinfo application This step creates a service and a deployment for each of the four Bookinfo microservices. Namespace : aws-eu-west $ kubectl apply -f public-cloud.yaml service/productpage created deployment.extensions/productpage-v1 created service/ratings created deployment.extensions/ratings-v1 created Namespace : laptop $ kubectl apply -f private-cloud.yaml service/details created deployment.extensions/details-v1 created service/reviews created deployment.extensions/reviews-v3 created Step 2: Expose the public productpage service Namespace : aws-eu-west kubectl expose deployment/productpage-v1 --port 9080 -- LoadBalancer type The Bookinfo application is accessed from the public internet through this ingress port to the service. productpage Step 3: Observe that the application does not work The web address for the Bookinfo application can be discovered from namespace : aws-eu-west $ $(kubectl get service/productpage -o jsonpath= ) echo 'http://{.status.loadBalancer.ingress[0].hostname}:9080' Open the address in a web browser. responds but the page will show errors as services in namespace are not reachable. Productpage laptop We can fix that now. Step 4: Set up Skupper This step initializes the Skupper environment on each cluster. Namespace : laptop skupper init Namespace : aws-eu-west skupper init Now the Skupper infrastructure is running. Use in each console terminal to see that Skupper is available. skupper status Step 5: Connect your Skupper installations Now you need to connect your namespaces with a Skupper connection. This is a two step process. The command directs Skupper to generate a secret token file with certificates that grant permission to other Skupper instances to connect to this Skupper's network. skupper connection-token <file> Note: Protect this file as you would do for any file that holds login credentials. The command directs Skupper to connect to another Skupper's network. This step completes the Skupper connection. skupper connect <file> Note that in this arrangement the Skupper instances join to form peer networks. Typically the Skupper opening the network port will be on the public cluster. A cluster running on may not even have an address that is reachable from the internet. After the connection is made, the Skupper network members are peers and it does not matter which Skupper opened the network port and which connected to it. laptop The console terminals in this demo are run by the same user on the same host. This makes the token file in the ${HOME} directory available to both terminals. If your terminals are on different machines then you may need to use or a similar tool to transfer the token file to the system hosting the terminal. scp laptop Generate a Skupper network connection token Namespace : aws-eu-west skupper connection-token /PVT-to-PUB-connection-token.yaml ${HOME} Open a Skupper connection Namespace : laptop skupper connect /PVT-to-PUB-connection-token.yaml ${HOME} Check the connection Namespace : aws-eu-west $ skupper status Skupper enabled . It is connected to 1 other sites. for "aws-eu-west" Namespace : laptop $ skupper status Skupper enabled . It is connected to 1 other sites. for "laptop" Step 6: Virtualize the services you want shared You now have a Skupper network capable of multi-cluster communication but no services are associated with it. This step uses the command to notify Skupper that a service is to be included in the Skupper network. kubectl annotate Skupper uses the annotation as the indication that a service must be virtualized. The service that receives the annotation is the physical target for network requests and the proxies that Skupper deploys in other namespaces are the virtual targets for network requests. The Skupper infrastructure then routes requests between the virtual services and the target service. Namespace : aws-eu-west $ kubectl annotate service ratings skupper.io/proxy=http service/ratings annotated Namespace : laptop $ kubectl annotate service details skupper.io/proxy=http service/details annotated $ kubectl annotate service reviews skupper.io/proxy=http service/reviews annotated Skupper is now making the annotated services available to every namespace in the Skupper network. The Bookinfo application will work as the service on the public cluster has access to the and services on the private cluster and as the service on the private cluster has access to the service on the public cluster. productpage details reviews reviews ratings Step 7: Observe that the application works The web address for the Bookinfo app can be discovered from namespace : aws-eu-west $ $(kubectl get service/productpage -o jsonpath= ) echo 'http://{.status.loadBalancer.ingress[0].hostname}:9080' Open the address in a web browser. The application should now work with no errors. Clean up Skupper and the Bookinfo services may be removed from the clusters. Namespace : aws-eu-west skupper delete kubectl delete -f public-cloud.yaml Namespace : laptop skupper delete kubectl delete -f private-cloud.yaml Final Thoughts Enabling a multi-cloud approach has a lot of benefits and is getting easier, thanks to tools like Skupper. If you have time, try some of Skupper's other examples on its . I hope you learned something from this post. Stay tuned for more! Github Repo About the author - Sudip is a Solution Architect with more than 15 years of working experience, and is the founder of . He likes sharing his knowledge through writing, and while he is not doing that, he must be fishing or playing chess. Javelynn Previously posted at https://appfleet.com/ .
