skupper-docker or another way to give access from k8s to service on Win

[Александр Попов]

Hi!

please tell - can we use skupper-docker on win with docker daemon? how to compile  skupper-docker for win?

May be exist another way way to give access from k8s to service on Win ?

Thank you!

[Paul Wright]

I haven't tested much, but seems to work using WSL 2, see https://docs.docker.com/docker-for-windows/wsl/

ie you need a linux WSL2 installation, and install golang, hook that distro up to docker as per link above. 

Then you can clone repo and `make build-cmd`

[Александр Попов]

hi! 

I already have win-server 2016 with installed docker service. But how to install "make" for build skupper-docker? i didn't find well known path for installation....may be exist instruction how to run docker-container with skupper service in win-server without skupper-docker? for a example via docker-compose...

понедельник, 19 октября 2020 г. в 14:13:50 UTC+3, pwr...@redhat.com:

[Paul Wright]

On Tuesday, October 20, 2020 at 4:09:05 PM UTC+1 Александр Попов wrote:

hi! 

I already have win-server 2016 with installed docker service. But how to install "make" for build skupper-docker? i didn't find well known path for installation....may be exist instruction how to run docker-container with skupper service in win-server without skupper-docker? for a example via docker-compose...

We're not targeting windows, maybe http://gnuwin32.sourceforge.net/packages/make.htm and a go installation might help, altho this is pure guess work on my part.

P 

[Александр Попов]

hi!

I succesfully compiled skupper-docker on win10. After that i try to init it, but see following error:

PS C:\Users\popov\Downloads\skupper-docker-master\skupper-docker-master> .\skupper-docker.exe  init

Error: Error response from daemon: invalid mount config for type "bind": bind source path does not exist: /tmp/skupper/sasl-config

How can I change this path on win?

вторник, 20 октября 2020 г. в 18:21:35 UTC+3, pwr...@redhat.com:

[Paul Wright]

Are you using WSL2? (sounds like you're not)

I'd recommend building it using WSL2 linux and try init again,

Paul

--
You received this message because you are subscribed to the Google Groups "Skupper" group.
To unsubscribe from this group and stop receiving emails from it, send an email to skupper+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/skupper/7257e3ff-4c48-4ddb-b001-6a4e190e42fen%40googlegroups.com.

--

Paul Wright

Technical Writer

Red Hat, Waterford, Ireland

GitHub: pwright

[Александр Попов]

Fom my opinion i don't have problem with wsl2:

PS C:\Users\popov\Downloads\skupper-docker-master\skupper-docker-master> wsl -l -v

  NAME                   STATE           VERSION

* docker-desktop         Running         2

  Ubuntu-20.04           Running         2

  docker-desktop-data    Running         2

Please see following link from docker desctop http://ithop.ru/image_2020_10_23T13_09_58_248Z.png

пятница, 23 октября 2020 г. в 15:51:56 UTC+3, pwr...@redhat.com:

[Paul Wright]

Hi, 

I can only describe what worked for me.

1. Set up Docker/WSL2 as you have done

2. Start linux cli and clone the repo

3. Install go into your linux distro

4. Run make build-cmd

5. Run ./skupper-docker init

It sounds like you built skupper-docker.exe from native Windows? not Linux

hope that helps,

P

You received this message because you are subscribed to a topic in the Google Groups "Skupper" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/skupper/rZwIQyhZ2Lk/unsubscribe.
To unsubscribe from this group and all its topics, send an email to skupper+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/skupper/f2bfeeaf-e9e0-4d74-a24b-e2ef392a01a2n%40googlegroups.com.

[Александр Попов]

Thank you!

I successfully ran skupper-docker via ubuntu working as part of win. But when i tryed to connect skupper-docker to skupper in k8s i see following error:

Error: Failed to create connection: Cannot find secret origin for token './secret.yaml'

I checked dns-name resolution - worked fine, ports are open.

What  a reason of this error?

пятница, 23 октября 2020 г. в 17:18:01 UTC+3, pwr...@redhat.com:

[Александр Попов]

hi! 

Any updates?

суббота, 24 октября 2020 г. в 12:53:30 UTC+3, Александр Попов:

[Александр Попов]

We have problems only with skupper-docker on linux and windows. Whe i try to connect one kubernetes cluster to another with same cluster all works well. 

Please help! 

среда, 28 октября 2020 г. в 15:51:27 UTC+3, Александр Попов:

[Andy Smith]

Hi,

Following the https://github.com/skupperproject/skupper 0.3 release,
updates have included better checks on connection establishment
to prevent connecting to "self" or multiple connections to the same
skupper site. These checks are enabled by the addition of an
annotation to the file generated by "skupper connection-token".

Recent updates to https://github.com/skupperproject/skupper-docker
incorporate these checks resulting in the:

Error: Failed to create connection: Cannot find secret origin for token './secret.yaml'

Prior to the next skupper release, the work around is to add the
annotation to your './secret.yaml' file by doing the following:

1. In the namespace  where you ran skupper to generate the ./secret.yaml extract the
site UID as follows:

$ kubectl get -o template cm/skupper-site --template={{.metadata.uid}}

2. Edit the original ./secret.yaml file and add the generated-by
annotation using the UID from above. Your file should look something
like the following excerpt:

kind: Secret
metadata:
  annotations:
    edge-host: skupper-edge-skupper.apps.ansmith-van11.rhmw-integrations.net
    edge-port: "443"
    inter-router-host: skupper-inter-router-skupper.apps.ansmith-van11.rhmw-integrations.net
    inter-router-port: "443"
    skupper.io/generated-by: fba75742-f594-4329-ae70-18698b88cd4a
  creationTimestamp: null
  labels:
    skupper.io/type: connection-token
  name: skupper
type: kubernetes.io/tls

3. Establish the skupper-docker connection

$ ./skupper-docker connect ./secret.yaml

Please, let me know if this works for you. Thanks.

[Александр Попов]

Thank you very much!

All works fine....i think you need to add this info to README in skupper-docker repository.

Please tell me can I expose service from local lan via skupper-docker to kubernetes.

For example: database server <> skupper-docker on different host <> kubernetes.

Thank you!

среда, 28 октября 2020 г. в 17:57:29 UTC+3, ans...@redhat.com:

[Andy Smith]

With skupper-docker there are two methods to expose a service (and have it reflected to your k8s)

1. Assuming I have a docker container named tcp-go-echo-server running that provides a tcp echo service, the expose command would be the following:

$ ./skupper-docker expose container tcp-go-echo-server --address tcp-go-echo --port 9090 --target-port 9090

[Note: the container name and the address you want to expose must be different]

2. Rather than a container, if you have a local host process providing the same echo service, the expose command would be the following:

$ ./skupper-docker expose host-service --address tcp-go-echo --port 9090 --target-port 9090

After a synchronization period, if you go the k8s cluster and

$ ./skupper list-exposed

You should see the service listed. Also, you will note a k8s service has been created that corresponds to the peer docker service.

[Denis Boulas]

Isn't it possible to expose non-local service? I believe you use network sockets, so I'm trying to understand where this limitation of host-only service expose came from.

Thanks!

[Andy Smith]

If you are looking to enable communications between a kubernetes namespace

and a database on a private host/system, skupper-docker would need to

run on the same system as the database. A private user network in

docker is created that isolates the database and enables interconnect

to kubernetes via a layer 7 router that is deployed by skupper-docker. The 

database does not need to be exposed to any external network such as 

would be required for network socket setup to a remote host.

If you can describe in more detail what you are looking to accomplish

that would be helpful.

Thanks

[Александр Попов]

hi!

Our situation is following: we have a lan network with different DB instances without privileges(root) access to them. And have one Linux server  with skupper-docker. Now we installed haproxy and configured TCP proxy to our database,  but that looks excessive .... 

четверг, 29 октября 2020 г. в 15:46:35 UTC+3, ans...@redhat.com:

[Andy Smith]

Thanks for describing your situation. A variance on the use case we had been targeting and seems interesting. Will look into what it would take to support and provide an update.

[Александр Попов]

Hi! Any updates?

пятница, 30 октября 2020 г. в 01:40:18 UTC+3, ans...@redhat.com:

[Andy Smith]

Hi,

In the upcoming skupper-docker 0.4 release, the ability to expose a non-local service will be provided per your suggestion. The argument for the host-service will require a <name>:<ip address> that will correspond to the target for the service. Multiple targets can be bound to the same service. If I understand correctly, this should help you address your use case and remove the need to run an intermediary ha proxy.

The skupper-docker 0.4 release is planned to follow the https://github.com/skupperproject/skupper 0.4 release and current ETA is 1-2 weeks assuming no hitches.

It should be noted that the major change in the 0.4 release is a switch from the use of the node.js protocol bridges to the use of embedded protocol adapters in the qdrouterd. In the case of skupper-docker, the qdrouterd will be used to proxy the tcp, http and http-2 services that are exposed. 

Thanks,
Andy

[Andy Smith]

Hi,

skupper-docker 0.4.0 has been released. It adds support for a name:address host-service that should enable you to expose a non-local service. 

I am hopeful that this meets your requirement and removes the need for you to run an intermediary. 

Any feedback you have would be appreciated.

Thanks,

Andy