A configuration reference for Skupper

• Overview
• Site
• Connector
• Listener
• Console

A site is a place where components of your application are running. Sites are linked to form application networks.

There can be only one skupper-site definition per namespace.

Resource kind: ConfigMap
Resource name: skupper-site
Type label: skupper.io/type: site

apiVersion: v1
kind: ConfigMap
metadata:
  name: skupper-site
  namespace: site-1
  labels:
    skupper.io/type: site
data:
  name: site-1
  ingress: loadbalancer

# skupper site init <options>
$ skupper site init --name site-1 --ingress loadbalancer

A name of your choice for the Skupper site. This name is displayed in the console and CLI output.

Required: No
Type: String

The method for providing access to this site from outside the cluster. Cluster ingress enables a site to accept incoming links.

Required: No
Type: String
Default: route if the environment is OpenShift, otherwise loadbalancer
Choices: route, loadbalancer, nodeport, nginx-ingress-v1, contour-http-proxy, ingress, none

A connector binds local servers to listeners in remote sites.

Each namespace can contain multiple connector definitions.

Resource kind: ConfigMap
Resource name: skupper-connector-<qualifier>
Type label: skupper.io/type: connector

apiVersion: v1
kind: ConfigMap
metadata:
  name: skupper-connector-backend
  namespace: site-2
  labels:
    skupper.io/type: connector
data:
  routing-key: backend:8080
  port: 8080
  selector: app=backend

# skupper connector create <routing-key> <workload>
$ skupper connector create backend:8080 deployment/backend

The identifier used to route traffic from listeners to connectors. To connect to a service at a remote site, the listener and connector must have matching routing keys.

Required: Yes
Type: String

A Kubernetes label selector for identifying server pods.

Required: No
Type: String

The hostname or IP address of the server. This is an alternative to selector for specifying the target server.

Required: No
Type: String

The port number of the server listener.

Required: Yes
Type: Integer

The name of a Kubernetes secret containing TLS credentials. The secret contains the trusted server certificate (typically a CA certificate).

It can optionally include a client certificate and key for mutual TLS.

Required: No
Type: String
Default: *None*

A listener is a local connection endpoint bound to servers in remote sites.

Each namespace can contain multiple listener definitions.

Resource kind: ConfigMap
Resource name: skupper-listener-<qualifier>
Type label: skupper.io/type: listener

apiVersion: v1
kind: ConfigMap
metadata:
  name: skupper-listener-backend
  namespace: site-1
  labels:
    skupper.io/type: listener
data:
  routing-key: backend:8080
  host: backend
  port: 8080

# skupper listener create <routing-key> <options>
$ skupper listener create backend:8080
# skupper listener create abc123 --host backend --port 8080

The identifier used to route traffic from listeners to connectors. To connect to a service at a remote site, the listener and connector must have matching routing keys.

Required: Yes
Type: String

The hostname or IP address of the local listener. Clients at this site use the listener host and port to establish connections to the remote service.

Required: Yes
Type: String

The port of the local listener. Clients at this site use the listener host and port to establish connections to the remote service.

Required: Yes
Type: Integer

The name of a Kubernetes secret containing TLS credentials. The secret contains the server certificate and key.

It can optionally include a client certificate for mutual TLS.

Required: No
Type: String
Default: *None*

A web interface for viewing the application network and monitoring application traffic.

There can be only one skupper-console definition per namespace.

Resource kind: ConfigMap
Resource name: skupper-console
Type label: skupper.io/type: console

apiVersion: v1
kind: ConfigMap
metadata:
  name: skupper-console
  namespace: site-1
  labels:
    skupper.io/type: console
data:
  ingress: loadbalancer
  auth: unsecured

# skupper console init <options>
$ skupper console init --ingress loadbalancer --auth unsecured

The method for providing access to the console from outside the cluster.

Required: No
Type: String
Default: route if the environment is OpenShift, otherwise loadbalancer
Choices: route, loadbalancer, nodeport, nginx-ingress-v1, contour-http-proxy, ingress, none

The user authentication mode for the console.

internal - Use Skupper's built-in authentication. See the users option.

openshift - Use OpenShift authentication, so that users who have permission to log into OpenShift and view the namespace (project) can view the console.

unsecured - No authentication. Anyone with the URL can view the console.

Required: No
Type: String
Default: internal
Choices: internal, openshift, unsecured

The name of the Kubernetes secret containing the console users and passwords for the internal authentication mode.

By default, a secret named skupper-console-users is generated with user admin and a random password.

Required: No
Type: String
Default: skupper-console-users