Install skupper & create the tunnel

[rbo]

• [x] Install Skupper operator at edge-gateway
• [x] #15
• [x] Configure skupper

[rbo]

https://github.com/skupperproject/skupper-website/blob/declarative-gs/input/docs/declarative.md

[rbo]

• Documentation
• CLI Download at access.redhat.com
• Following based on devel-bucket notes

Notes about provisioning flow:

Skupper is installed on edge-gateway and data-center

• Create token at data-center during provisioning - Generate a connection token via YAML or Linking sites using YAML
• Edge deployment via Ansible
  • Playbook fetch token from data-center
  • Playbook apply token to edge-gateway
  • Connection is done

at data center cluster

$ oc new-project red-hat-service-interconnect-data-center
..
$ skupper version
client version                 1.5.3-rh-5
transport version              not-found
controller version             not-found
config-sync version            not-found
flow-collector version         not-found

$ skupper init --enable-console --enable-flow-collector
Waiting for status...
Skupper is now installed in namespace 'red-hat-service-interconnect-data-center'.  Use 'skupper status' to get more information.
$ skupper status
Skupper is enabled for namespace "red-hat-service-interconnect-data-center". It is not connected to any other sites. It has no exposed services.
The site console url is:  https://skupper-red-hat-service-interconnect-data-center.apps.cluster-q2b82.q2b82.sandbox1272.opentlc.com
The credentials for internal console-auth mode are held in secret: 'skupper-console-users'
$ oc get cm skupper-site -o yaml
apiVersion: v1
data:
  cluster-permissions: "false"
  console: "true"
  console-authentication: internal
  console-password: ""
  console-user: ""
  enable-skupper-events: "true"
  flow-collector: "true"
  ingress: route
  name: red-hat-service-interconnect-data-center
  router-console: "false"
  router-logging: ""
  router-mode: interior
  service-controller: "true"
  service-sync: "true"
kind: ConfigMap
metadata:
  creationTimestamp: "2024-06-24T07:38:59Z"
  labels:
    internal.skupper.io/site-controller-ignore: "true"
  name: skupper-site
  namespace: red-hat-service-interconnect-data-center
  resourceVersion: "116810"
  uid: 442d9fe7-0023-4003-add9-9de73e166d25
$ oc create -f - <<EOF
apiVersion: v1
kind: Secret
metadata:
  namespace: red-hat-service-interconnect-data-center
  labels:
    skupper.io/type: connection-token-request
  name: edge-gateway
EOF

⚠️ : Secret / YAML don't work!!!

skupper token create edge-gateway

at edge-gateway

$ export KUBECONFIG=kubeconfig-edge-gateway
$ oc new-project red-hat-service-interconnect-edge-gateway
..
$ skupper init
Waiting for status...
Skupper is now installed in namespace 'red-hat-service-interconnect-edge-gateway'.  Use 'skupper status' to get more information.
$ oc get cm skupper-site -o yaml
apiVersion: v1
data:
  cluster-permissions: "false"
  console: "false"
  console-authentication: internal
  console-password: ""
  console-user: ""
  enable-skupper-events: "true"
  flow-collector: "false"
  ingress: route
  name: red-hat-service-interconnect-edge-gateway
  router-console: "false"
  router-logging: ""
  router-mode: interior
  service-controller: "true"
  service-sync: "true"
kind: ConfigMap
metadata:
  creationTimestamp: "2024-06-24T08:37:11Z"
  labels:
    internal.skupper.io/site-controller-ignore: "true"
  name: skupper-site
  namespace: red-hat-service-interconnect-edge-gateway
  resourceVersion: "12090357"
  uid: 14e08d0e-0a2a-4106-9c29-988ad2d5cda6
# Secret created via skupper token create
$ oc apply -f edge-gateway 
secret/d46eeb98-3203-11ef-9708-8c47be0105c4 created

# skupper.io/proxy=http might be not needed
$ kubectl annotate service -n hub-controller hub-controller-live skupper.io/proxy=http

$ skupper expose --target-namespace hub-controller deployment hub-controller-live  --port 8080
Error: Unable to create skupper service: Current site does not included needed permissions to expose targets in other namespaces
=> Need init with --enable-cluster-permissions
$  skupper delete 
$ skupper init --enable-cluster-permissions
$  oc get configmap skupper-site -o yaml
apiVersion: v1
data:
  cluster-permissions: "true"
  console: "false"
  console-authentication: internal
  console-password: ""
  console-user: ""
  enable-skupper-events: "true"
  flow-collector: "false"
  ingress: route
  name: red-hat-service-interconnect-edge-gateway
  router-console: "false"
  router-logging: ""
  router-mode: interior
  service-controller: "true"
  service-sync: "true"
kind: ConfigMap
metadata:
  creationTimestamp: "2024-06-24T09:12:18Z"
  labels:
    internal.skupper.io/site-controller-ignore: "true"
  name: skupper-site
  namespace: red-hat-service-interconnect-edge-gateway
  resourceVersion: "12108221"
  uid: 0145edd9-687f-4332-b505-6fcd60323c1e

$ oc apply -f edge-gateway 
$ skupper expose --target-namespace hub-controller deployment hub-controller-live  --port 8080
deployment hub-controller-live exposed as hub-controller-live

[rbo]

⚠️ : Secret / YAML don't work!!!

oc logs  -n openshift-operators skupper-site-controller-699c8fbf9d-p8bb5
2024/06/24 13:20:50 Skupper site controller watching all namespaces
2024/06/24 13:20:50 Version: 1.5.3-rh-2
2024/06/24 13:20:50 Cluster role "skupper-service-controller-basic" created
2024/06/24 13:20:50 Starting the Skupper site controller informers
2024/06/24 13:20:50 Waiting for informer caches to sync
2024/06/24 13:20:50 Checking if sites need updates (1.5.3-rh-2)
2024/06/24 13:20:50 Starting workers
2024/06/24 13:20:50 Started workers
2024/06/24 13:43:39 Handling token request for red-hat-service-interconnect-data-center/edge-gateway
2024/06/24 13:43:39 Generating token for request edge-gateway...
2024/06/24 13:43:39 Failed to generate token for request edge-gateway: Skupper is not installed in openshift-operators
E0624 13:43:39.729405       1 controller.go:204] Skupper is not installed in openshift-operators

Fixed in skupper version 1.5.4.

=> Update skupper.