The goal of this exercise is to create two skupper-router containers named skupper-router-east and skupper-router-west with Podman, exposing a TLS AMQP listener on the east router, with all generated credentials and router configuration included as Kubernetes descriptors (using YAML), so that these YAML files can be loaded with podman kube play to spin up the two router pods.

All files mentioned here, can be found below.

Deploying this sample

To deploy this sample, run: ./play.sh, or execute:

podman network create skupper-router-sample
podman kube play --userns=keep-id --network=skupper-router-sample skupper-router-east-west.yaml

When you run this sample, a podman network (mode: bridge) named skupper-router-sample will be created.

Once the network is created, podman kube play will be invoked to process the YAML file named skupper-router-east-west.yaml.

This will run two pods (with one container each), named respectively:

  • skupper-router-east-pod / skupper-router-east-pod-skupper-router-east
  • skupper-router-west-pod / skupper-router-west-pod-skupper-router-west

The east container uses a TLS certificate which is valid for the host skupper-router-east, which is a valid host within the generated podman network.

The west container uses a TLS certificate generated by the same CA for authentication.

Teardown

To remove all the created pods and network, run: ./down.sh, or execute:

podman kube down --force skupper-router-east-west.yaml
podman network rm --force skupper-router-sample

The script will basically run podman kube down --force skupper-router-east-west.yaml and will also remove the podman network that has been created earlier.

Resources: