Communicating with a CodeReady Containers cluster using Skupper

Securely enable communications across OpenShift clusters.

This Solution Pattern uses an HTTP Hello World application with a frontend service and a backend service. The frontend uses the backend to process requests. The frontend is deployed in the Name defined at runtime namespace of the Managed Integration cluster, and the backend is deployed in the crc namespace of a CodeReady Containers cluster.

While these instructions use this particular application for demonstration purposes, the steps are the same for any Skupper deployment.

Prerequisites

You must have oc installed
This Solution Pattern assumes you have CodeReady Containers installed on your local machine, however, Skupper works with any flavor of Kubernetes.

Skupper

Red Hat OpenShift

1. Installing the Skupper cli in your local environment

The skupper command-line tool is the primary entrypoint for installing and configuring the Skupper infrastructure.

Download the latest release of the Skupper command for your platform,

For Linux or WSL on Windows, enter:
```
curl -fL https://github.com/skupperproject/skupper-cli/releases/download/0.2.0/skupper-cli-0.2.0-linux-amd64.tgz | tar -xzf -
```
For macOS, enter:
```
curl -fL https://github.com/skupperproject/skupper-cli/releases/download/0.2.0/skupper-cli-0.2.0-mac-amd64.tgz | tar -xzf -
```
This produces an executable file named skupper in your current directory.

See the Skupper CLI release page for information on other platforms.

Add skupper to your path

For example:

mkdir -p $HOME/bin
export PATH=$PATH:$HOME/bin
mv skupper $HOME/bin

To test your installation:

$ skupper --version

Do you see the following output:

skupper version 0.2.0

Try the steps again. If it’s still not working contact your administrator, or seek help at https://skupper.io

2. Configuring access to multiple namespaces

Skupper is designed for use with multiple namespaces, typically on different clusters. The skupper command uses your kubeconfig and current context to select the namespace where it operates.

2.1. Configure separate terminal sessions

Start a terminal session for each of your namespaces. Set the KUBECONFIG environment variable to a different path in each session.

Start a terminal for the Managed Integration cluster:
```
export KUBECONFIG=$HOME/.kube/config-west
```
Start a terminal for the CodeReady Containers cluster:
```
export KUBECONFIG=$HOME/.kube/config-east
```

2.2. Log in to your clusters

Log into the Managed Integration cluster.
1. Navigate to the OpenShift Console
2. Choose Copy Login Command from the menu displayed when you click on your username.
3. Enter the command into the Managed Integration terminal session.
Log into the CodeReady Containers cluster.
1. Start CodeReady Containers:
  $ crc start
2. Log into the CodeReady Containers cluster using the command displayed in the output, for example:
  $ oc login -u developer -p developer https://api.crc.testing:6443

2.3. Set the current namespaces

In the terminal for the Managed Integration cluster:

oc config set-context --current --namespace Name defined at runtime

In the terminal for the CodeReady Containers cluster:

oc new-project crc
oc config set-context --current --namespace crc

Do the following commands display the expected output?

Once you have logged in and set the current namespaces, use the skupper status command to check that each namespace is correctly configured.

In the terminal for the Managed Integration cluster:
```
 $ skupper status
```
The following output is displayed:
```
 skupper not enabled for Name defined at runtime
```
In the terminal for the CodeReady Containers cluster:
```
 $ skupper status
```
The following output is displayed:
```
 skupper not enabled for crc
```

Try the steps again. If it’s still not working contact your administrator, or seek help at https://skupper.io

3. Installing the Skupper router and connecting the namespaces

Running the skupper init command in east namespace installs the router.

Connecting namespaces requires you use the following commands:

The skupper connection-token command generates a secret token that signifies permission to connect. The token also carries the connection details.
The skupper connect command then uses the connection token to establish a connection to the namespace that generated it.

Anyone who has the connection token can connect to your namespace. Make sure that only those you trust have access to it.

3.1. Install the router in both namespaces

In the terminal for the Managed Integration:

 $ skupper init

The following output is displayed:

 Skupper is now installed in namespace 'Name defined at runtime'.  Use 'skupper status' to get more information.

In the terminal for the CodeReady Containers:

 $ skupper init --edge

The following output is displayed:

 Skupper is now installed in namespace 'crc'.  Use 'skupper status' to get more information.

Using the --edge argument in the crc namespace disables network ingress at the Skupper router layer.

3.2. Connect your namespaces

Generate a token in the Name defined at runtime:
```
skupper connection-token $HOME/secret.yaml
```
Use the token in the crc to form a connection
```
skupper connect $HOME/secret.yaml
```

Do the following commands display the expected output?

Use the skupper status command to check that each namespace is correctly configured.

In the terminal for the Managed Integration cluster:

 $ skupper status

The following output is displayed:

 skupper enabled for Name defined at runtime.  It is connected to 1 other site.

In the terminal for the CodeReady Containers cluster:
```
 $ skupper status
```
The following output is displayed:
```
 skupper enabled for crc. It is connected to 1 other site.
```

Try the steps again. If it’s still not working contact your administrator, or seek help at https://skupper.io

4. Exposing the services

You now have a Skupper network capable of multi-cluster communication, but no services are attached to it.

This task describes how to use the skupper expose command to make a Kubernetes deployment on one namespace available on all the connected namespaces.

4.1. Deploy the frontend and backend services

Start the frontend in the Managed Integration cluster:

oc create deployment hello-world-frontend --image quay.io/skupper/hello-world-frontend

Start the backend in the CodeReady Containers cluster:

oc create deployment hello-world-backend --image quay.io/skupper/hello-world-backend

4.2. Expose the backend service

At this point, we have the frontend and backend services running, but the frontend has no way to contact the backend. The frontend and backend are in different namespaces and different clusters), and the backend has no public ingress.

Use the skupper expose command in the CodeReady Containers to make hello-world-backend available in the Managed Integration.

In the terminal for the CodeReady Containers:

skupper expose deployment hello-world-backend --port 8080 --protocol http

Check that the backend service is represented in the Managed Integration:

oc get services

The output should be similar to the following:

$ kubectl get services
NAME                   TYPE           CLUSTER-IP      EXTERNAL-IP     PORT(S)       AGE
hello-world-backend    ClusterIP      10.96.175.18    <none>          8080/TCP      1m30s

4.3. Create a route

In the Managed Integration, expose a route:

oc expose deployment hello-world-frontend --port 8080 --type LoadBalancer

Navigate to the OpenShift Console
Switch to the Name defined at runtime project.
In the Overview, expand the hello-world-frontend application.
Click Create Route. This creates a route and displays a URL.

Click the newly created URL.

Is the output similar to the following:

I am the frontend.  The backend says 'Hello from hello-world-backend-6d58c544fc-dhzz2 (1)'.

Try the steps again. If it’s still not working contact your administrator, or seek help at https://skupper.io