A configuration reference for Skupper
A site is a place where components of your application are running. Sites are linked to form application networks.
There can be only one skupper-site
definition per namespace.
Resource kind: ConfigMap
Resource name: skupper-site
Type label: skupper.io/type: site
apiVersion: v1
kind: ConfigMap
metadata:
name: skupper-site
namespace: site-1
labels:
skupper.io/type: site
data:
name: site-1
ingress: loadbalancer
# skupper site init <options>
$ skupper site init --name site-1 --ingress loadbalancer
A name of your choice for the Skupper site. This name is displayed in the console and CLI output.
Required: No
Type: String
The method for providing access to this site from outside the cluster. Cluster ingress enables a site to accept incoming links.
Required: No
Type: String
Default: route
if the environment is OpenShift, otherwise
loadbalancer
Choices: route
, loadbalancer
, nodeport
, nginx-ingress-v1
, contour-http-proxy
, ingress
, none
A connector binds local servers to listeners in remote sites.
Each namespace can contain multiple connector definitions.
Resource kind: ConfigMap
Resource name: skupper-connector-<qualifier>
Type label: skupper.io/type: connector
apiVersion: v1
kind: ConfigMap
metadata:
name: skupper-connector-backend
namespace: site-2
labels:
skupper.io/type: connector
data:
routing-key: backend:8080
port: 8080
selector: app=backend
# skupper connector create <routing-key> <workload>
$ skupper connector create backend:8080 deployment/backend
The identifier used to route traffic from listeners to connectors. To connect to a service at a remote site, the listener and connector must have matching routing keys.
Required: Yes
Type: String
A Kubernetes label selector for identifying server pods.
Required: No
Type: String
The hostname or IP address of the server. This is an
alternative to selector
for specifying the target
server.
Required: No
Type: String
The port number of the server listener.
Required: Yes
Type: Integer
The name of a Kubernetes secret containing TLS credentials. The secret contains the trusted server certificate (typically a CA certificate).
It can optionally include a client certificate and key for mutual TLS.
Required: No
Type: String
Default: *None*
A listener is a local connection endpoint bound to servers in remote sites.
Each namespace can contain multiple listener definitions.
Resource kind: ConfigMap
Resource name: skupper-listener-<qualifier>
Type label: skupper.io/type: listener
apiVersion: v1
kind: ConfigMap
metadata:
name: skupper-listener-backend
namespace: site-1
labels:
skupper.io/type: listener
data:
routing-key: backend:8080
host: backend
port: 8080
# skupper listener create <routing-key> <options>
$ skupper listener create backend:8080
# skupper listener create abc123 --host backend --port 8080
The identifier used to route traffic from listeners to connectors. To connect to a service at a remote site, the listener and connector must have matching routing keys.
Required: Yes
Type: String
The hostname or IP address of the local listener. Clients at this site use the listener host and port to establish connections to the remote service.
Required: Yes
Type: String
The port of the local listener. Clients at this site use the listener host and port to establish connections to the remote service.
Required: Yes
Type: Integer
The name of a Kubernetes secret containing TLS credentials. The secret contains the server certificate and key.
It can optionally include a client certificate for mutual TLS.
Required: No
Type: String
Default: *None*
A web interface for viewing the application network and monitoring application traffic.
There can be only one skupper-console
definition per namespace.
Resource kind: ConfigMap
Resource name: skupper-console
Type label: skupper.io/type: console
apiVersion: v1
kind: ConfigMap
metadata:
name: skupper-console
namespace: site-1
labels:
skupper.io/type: console
data:
ingress: loadbalancer
auth: unsecured
# skupper console init <options>
$ skupper console init --ingress loadbalancer --auth unsecured
The method for providing access to the console from outside the cluster.
Required: No
Type: String
Default: route
if the environment is OpenShift, otherwise
loadbalancer
Choices: route
, loadbalancer
, nodeport
, nginx-ingress-v1
, contour-http-proxy
, ingress
, none
The user authentication mode for the console.
internal
- Use Skupper's built-in authentication. See
the users
option.
openshift
- Use OpenShift authentication, so that users
who have permission to log into OpenShift and view the
namespace (project) can view the console.
unsecured
- No authentication. Anyone with the URL can
view the console.
Required: No
Type: String
Default: internal
Choices: internal
, openshift
, unsecured
The name of the Kubernetes secret containing the console
users and passwords for the internal
authentication
mode.
By default, a secret named skupper-console-users
is
generated with user admin
and a random password.
Required: No
Type: String
Default: skupper-console-users