Accessing an FTP server using Skupper

Securely connect to an FTP server on a remote Kubernetes cluster

This example is part of a suite of examples showing the different ways you can use Skupper to connect services across cloud providers, data centers, and edge sites.

Contents

• Overview
• Prerequisites
• Step 1: Install the Skupper command-line tool
• Step 2: Access your Kubernetes clusters
• Step 3: Install Skupper on your Kubernetes clusters
• Step 4: Create your sites
• Step 5: Link your sites
• Step 6: Deploy the FTP server
• Step 7: Expose the FTP server to the Virtual Application Network
• Step 8: Run the FTP client for put operation
• Step 9: Run the FTP client for get operation
• Step 10: Cleaning Up
• Next steps
• About this example

Overview

This example shows you how you can use Skupper to connect an FTP client on one Kubernetes cluster to an FTP server on another.

It demonstrates use of Skupper with multi-port services such as FTP. It uses FTP in passive mode (which is more typical these days) and a restricted port range that simplifies Skupper configuration.

Prerequisites

• Access to at least one Kubernetes cluster, from any provider you choose.

• The kubectl command-line tool, version 1.15 or later (installation guide).

Step 1: Install the Skupper command-line tool

This example uses the Skupper command-line tool to create Skupper resources. You need to install the skupper command only once for each development environment.

On Linux or Mac, you can use the install script (inspect it here) to download and extract the command:

curl https://skupper.io/install.sh | sh -s -- --version 2.0.0

The script installs the command under your home directory. It prompts you to add the command to your path if necessary.

For Windows and other installation options, see Installing Skupper.

Step 2: Access your Kubernetes clusters

Skupper is designed for use with multiple Kubernetes clusters. The skupper and kubectl commands use your kubeconfig and current context to select the cluster and namespace where they operate.

This example uses multiple cluster contexts at once. The KUBECONFIG environment variable tells skupper and kubectl which kubeconfig to use.

For each cluster, open a new terminal window. In each terminal, set the KUBECONFIG environment variable to a different path and log in to your cluster.

Public:

export KUBECONFIG=~/.kube/config-public
kubectl create namespace public
kubectl config set-context --current --namespace public

Private:

export KUBECONFIG=~/.kube/config-private
kubectl create namespace private
kubectl config set-context --current --namespace private

Note: The login procedure varies by provider.

Step 3: Install Skupper on your Kubernetes clusters

Using Skupper on Kubernetes requires the installation of the Skupper custom resource definitions (CRDs) and the Skupper controller.

For each cluster, use kubectl apply with the Skupper installation YAML to install the CRDs and controller.

Public:

kubectl apply -f https://skupper.io/v2/install.yaml

Private:

kubectl apply -f https://skupper.io/v2/install.yaml

Step 4: Create your sites

A Skupper site is a location where components of your application are running. Sites are linked together to form a network for your application. In Kubernetes, a site is associated with a namespace.

Use the kubectl apply command to declaratively create sites in the kubernetes namespaces. This deploys the Skupper router. Then use kubectl get site to see the outcome.

Note: If you are using Minikube, you need to start minikube tunnel before you configure skupper.

Public:

kubectl apply -f ./public-crs/site.yaml
kubectl wait --for condition=Ready --timeout=3m site/public

Sample output:

$ kubectl wait --for condition=Ready --timeout=3m site/public
site.skupper.io/public created
site.skupper.io/public condition met

Private:

kubectl apply -f ./private-crs/site.yaml
kubectl wait --for condition=Ready --timeout=3m site/private

Sample output:

$ kubectl wait --for condition=Ready --timeout=3m site/private
site.skupper.io/private created
site.skupper.io/private condition met

Step 5: Link your sites

A Skupper link is a channel for communication between two sites. Links serve as a transport for application connections and requests.

Creating a link requires use of two skupper commands in conjunction, skupper token issue and skupper token redeem.

The skupper token issue command generates a secret token that signifies permission to create a link. The token also carries the link details. Then, in a remote site, The skupper token redeem command uses the token to create a link to the site that generated it.

Note: The link token is truly a secret. Anyone who has the token can link to your site. Make sure that only those you trust have access to it.

First, use skupper token issue in public to generate the token. Then, use skupper token redeem in private to link the sites.

Public:

skupper token issue ~/public.token

Private:

skupper token redeem ~/public.token

If your terminal sessions are on different machines, you may need to use scp or a similar tool to transfer the token securely. By default, tokens expire after a single use or 15 minutes after creation. User skupper link status command to check link is in operational state.

Step 6: Deploy the FTP server

In Private, use kubectl apply to deploy the FTP server.

Private:

kubectl apply -f ./private-crs/ftp_service.yaml

Sample output:

$ kubectl apply -f ./private-crs/ftp_service.yaml
deployment.apps/ftp-server created

Step 7: Expose the FTP server to the Virtual Application Network

Create Skupper listeners and connectors to expose the FTP service to the public cluster. The vsftp app used in this example uses port 21 as the control port, which is utilized to send commands to the FTP servier like login, list and get. Port 21100 is used to transfer data between the FTP client and server. In private, we will create two connectors. Then, in public, we will create two listeners.

Private:

kubectl apply -f ./private-crs/connector.yaml

Sample output:

$ kubectl apply -f ./private-crs/connector.yaml
connector.skupper.io/ftp-server created
connector.skupper.io/ftp-passive created

Public:

kubectl apply -f ./public-crs/listener.yaml

Sample output:

$ kubectl apply -f ./public-crs/listener.yaml
listener.skupper.io/ftp-server created
listener.skupper.io/ftp-passive created

Status of the listeners and connectors can be verified using show connector status and show listener status.

Step 8: Run the FTP client for put operation

In Public, use kubectl run and the curl image to perform FTP put operations.

Public:

echo "Hello!" | kubectl run ftp-client --stdin --rm --image=docker.io/curlimages/curl --restart=Never -- -s -T - ftp://example:example@ftp-server/greeting

Sample output:

$ echo "Hello!" | kubectl run ftp-client --stdin --rm --image=docker.io/curlimages/curl --restart=Never -- -s -T - ftp://example:example@ftp-server/greeting
pod "ftp-client" deleted

Step 9: Run the FTP client for get operation

In Public, use kubectl run and the curl image to perform FTP get operations.

Public:

kubectl run ftp-client --attach --rm --image=docker.io/curlimages/curl --restart=Never -- -s ftp://example:example@ftp-server/greeting

Sample output:

$ kubectl run ftp-client --attach --rm --image=docker.io/curlimages/curl --restart=Never -- -s ftp://example:example@ftp-server/greeting
Hello!
pod "ftp-client" deleted

Step 10: Cleaning Up

To test remove Skupper and the other resources from this exercise, use the following commands.

Private:

skupper site delete --all
kubectl delete deployment/ftp-server

Public:

skupper site delete --all

Next steps

Check out the other examples on the Skupper website.

About this example

This example was produced using Skewer, a library for documenting and testing Skupper examples.

Skewer provides utility functions for generating the README and running the example steps. Use the ./plano command in the project root to see what is available.

To quickly stand up the example using Minikube, try the ./plano demo command.