Installation

Red Hat Service Interconnect 1.4

Installing the CLI, or the controller, or the Operator

Abstract

This guide describes how to install Red Hat Service Interconnect 1.4.
Red Hat Service Interconnect is a Red Hat build of the open source Content from skupper.io is not included.Skupper project.

Chapter 1. Installing the Skupper CLI

The Skupper CLI provides a method to create both Kubernetes and Podman sites.

Note

Podman sites are a Technology Preview feature as described in This content is not included.Release Notes

Prerequisites

  • Your subscription has been activated and your system is registered. For more information about using the Customer Portal to activate your Red Hat subscription and register your system for packages, see Chapter 6, Using your subscription.

Procedure

  1. Use the subscription-manager command to subscribe to the required package repositories. Replace <version> with 1 for the main release stream or 1.4 for the long term support release stream.

    Red Hat Enterprise Linux 8
    $ sudo subscription-manager repos --enable=service-interconnect-_<version>_-for-rhel-8-x86_64-rpms
    Red Hat Enterprise Linux 9
    $ sudo subscription-manager repos --enable=service-interconnect-_<version>_-for-rhel-9-x86_64-rpms

  2. Use the yum or dnf command to install the skupper command: 

    $ sudo dnf install skupper-cli

  3. If you want to run skupper to create a podman site on RHEL 8, you need to configure podman to use netavark if it is not already configured:

    1. Check if netavark is configured as the podman network backend: 

      $ podman info | grep networkBackend

    2. If netavark is not listed as the backend, install it: 

      $ sudo dnf install netavark

    3. Configure podman to use netavark by making sure the following lines exist in the /etc/containers/containers.conf file: 

      [network]
network_backend = "netavark"
    4. Verify the new configuration by repeating step a.

Additional information

  • See Getting Started for instructions about creating a site.
  • Use man containers.conf to view more information about podman configuration.

Chapter 2. Installing the Operator

The Red Hat Service Interconnect Operator creates and manages sites in OpenShift.

Note

The Red Hat Service Interconnect Operator is supported only on OpenShift 4. Installing an Operator requires administrator-level privileges for your cluster.

2.1. Installing the Operator for all namespaces using the CLI

The steps in this section show how to use the oc command to install and deploy the latest version of the Red Hat Service Interconnect Operator in a given OpenShift cluster. Installing the operator for all namespaces allows you create a site in any namespace. See This page is not included, but the link has been rewritten to point to the nearest parent document.Getting started with the OpenShift CLI for more information about the oc command.

Prerequisites

Procedure

  1. Log in to OpenShift as a cluster administrator. For example: 

    $ oc login -u system:admin
  2. Complete the steps described in Red Hat Container Registry Authentication.

  3. Create a file named subscription-all.yaml with the following: 

    apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: skupper-operator
  namespace: openshift-operators
spec:
  channel: stable-1.4
  installPlanApproval: Automatic
  name: skupper-operator
  source: redhat-operators
  sourceNamespace: openshift-marketplace
  startingCSV: skupper-operator.v1.4.4-rh-1
    Note

    If you do not specify startingCSV, the subscription defaults to the latest operator version.

    If you specify installPlanApproval as Manual, sites are not automatically upgraded to the latest version of Service Interconnect. See Chapter 4, Upgrading the Red Hat Service Interconnect Operator and sites for information on manually upgrading sites.

  4. Apply the subscription YAML: 

    $ oc apply -f subscription-all.yaml

Additional information

2.2. Installing the Operator for a single namespace using the CLI

The steps in this section show how to use the oc command to install and deploy the latest version of the Red Hat Service Interconnect Operator in a given OpenShift cluster. Installing the operator for a single namespaces allows you create a site in the specified namespace. See This page is not included, but the link has been rewritten to point to the nearest parent document.Getting started with the OpenShift CLI for more information about the oc command.

Prerequisites

Procedure

  1. Log in to OpenShift as a cluster administrator. For example: 

    $ oc login -u system:admin
  2. Complete the steps described in Red Hat Container Registry Authentication.

  3. Create an Operator group in the namespace where you want to create a site:

    1. Create a file named operator-group.yaml with the following: 

      kind: OperatorGroup
apiVersion: operators.coreos.com/v1
metadata:
  name: skupper-operator
  namespace: my-namespace
spec:
  targetNamespaces:
  - my-namespace

      where my-namespace is the name of the namespace you want to create the site.

    2. Apply the Operator group YAML: 

      $ oc apply -f operator-group.yaml

  4. Create a file named subscription-myns.yaml with the following: 

    apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: skupper-operator
  namespace: my-namespace
spec:
  channel: stable-1.4
  installPlanApproval: Automatic
  name: skupper-operator
  source: redhat-operators
  sourceNamespace: openshift-marketplace
  startingCSV: skupper-operator.v1.4.4-rh-1

    where my-namespace is the name of the namespace you want to create the site.

    Note

    If you do not specify startingCSV, the subscription defaults to the latest operator version.

    If you specify installPlanApproval as Manual, sites are not automatically upgraded to the latest version of Service Interconnect. See Chapter 4, Upgrading the Red Hat Service Interconnect Operator and sites for information on manually upgrading sites.

  5. Apply the subscription YAML: 

    $ oc apply -f subscription-myns.yaml

Additional information

2.3. Installing the Operator using the OpenShift console

The procedures in this section show how to use the OperatorHub from the OpenShift console to install and deploy the latest version of the Red Hat Service Interconnect Operator in a given OpenShift namespace.

Prerequisites

Procedure

  1. In the OpenShift web console, navigate to OperatorsOperatorHub.
  2. Choose Red Hat Service Interconnect Operator from the list of available Operators, and then click Install.

  3. On the Operator Installation page, two Installation mode options are available:

    • All namespaces on the cluster

    • A specific namespace on the cluster

      For this example, choose A specific namespace on the cluster.

  4. Choose an Update approval option.

    By default, Automatic approval is selected, and sites will upgrade to the latest version of Service Interconnect. If you choose Manual approval, sites will not be automatically upgraded to the latest version of Service Interconnect. See Chapter 4, Upgrading the Red Hat Service Interconnect Operator and sites for information on manually upgrading sites.

  5. Select the namespace into which you want to install the Operator, and then click Install.

    The Installed Operators page appears displaying the status of the Operator installation.

  6. Verify that the Red Hat Service Interconnect Operator is displayed and wait until the Status changes to Succeeded.

  7. If the installation is not successful, troubleshoot the error:

    1. Click Red Hat Service Interconnect Operator on the Installed Operators page.
    2. Select the Subscription tab and view any failures or errors.

For more information about installing Operators, see the OpenShift Documentation

Additional information

Chapter 3. Upgrading the Skupper CLI and sites

Upgrading sites requires the latest version of the Skupper CLI.

Note

Update all sites to ensure the same version of Service Interconnect is running across your service network. You can expect some minimal downtime during the update process.

Procedure

  1. Upgrade the skupper CLI: 

    $ dnf upgrade skupper-cli

  2. Upgrade each site:

    1. Set the context to the site you want to upgrade.

    2. Run the upgrade command: 

      $ skupper update

Chapter 4. Upgrading the Red Hat Service Interconnect Operator and sites

If you chose automatic updates when installing the Red Hat Service Interconnect Operator, sites are upgraded when a new version of Service Interconnect is available. If you choose manual updates, complete this procedure to upgrade your sites.

Procedure

  1. Log into the OpenShift console.
  2. Navigate to the Installed Operators page.
  3. If Upgrade available is displayed as the Status for the Red Hat Service Interconnect Operator, click that text.
  4. On the InstallPlan details page, click Preview InstallPlan.
  5. Click Approve to upgrade sites.

Chapter 5. Installing the policy system

Installing the Skupper policy system on a cluster allows you control how Skupper is used on the cluster.

Note

Applying the policy system in a cluster without specific policy rules prohibits site linking and service exposure. If you are installing the policy system on a cluster where there are existing sites, you must create policies before installing the policy system to avoid disruption.

Prerequisites

  • Access to a Kubernetes cluster with cluster-admin privileges.
  • The Red Hat Service Interconnect Operator is installed

Procedure

  1. Log into your cluster.

  2. Deploy the policy CRD: 

    $ kubectl apply -f skupper_cluster_policy_crd.yaml

customresourcedefinition.apiextensions.k8s.io/skupperclusterpolicies.skupper.io created
clusterrole.rbac.authorization.k8s.io/skupper-service-controller created

    where the contents of skupper_cluster_policy_crd.yaml is specified in the Appendix A, YAML for the Skupper policy CRD appendix.

Additional information

See Content from skupper.io is not included.Securing a service network using policies for more information about using policies.

Chapter 6. Using your subscription

Red Hat Service Interconnect is provided through a software subscription. To manage your subscriptions, access your account at the Red Hat Customer Portal.

6.1. Accessing your account

Procedure

  1. Go to access.redhat.com.
  2. If you do not already have an account, create one.
  3. Log in to your account.

6.2. Activating a subscription

Procedure

  1. Go to access.redhat.com.
  2. Navigate to My Subscriptions.
  3. Navigate to Activate a subscription and enter your 16-digit activation number.

6.3. Registering your system for packages

To install RPM packages for this product on Red Hat Enterprise Linux, your system must be registered. If you are using downloaded release files, this step is not required.

Procedure

  1. Go to access.redhat.com.
  2. Navigate to Registration Assistant.
  3. Select your OS version and continue to the next page.
  4. Use the listed command in your system terminal to complete the registration.

For more information about registering your system, see one of the following resources:

Appendix A. YAML for the Skupper policy CRD

The policy system allows a cluster administrator restrict Skupper usage on a cluster. It is not required for typical Skupper usage.

The following YAML applies the Skupper policy CRD to a cluster. 

---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  name: skupperclusterpolicies.skupper.io
spec:
  group: skupper.io
  versions:
    - name: v1alpha1
      served: true
      storage: true
      schema:
        openAPIV3Schema:
          type: object
          properties:
            spec:
              type: object
              properties:
                namespaces:
                  type: array
                  items:
                    type: string
                allowIncomingLinks:
                  type: boolean
                allowedOutgoingLinksHostnames:
                  type: array
                  items:
                    type: string
                allowedExposedResources:
                  type: array
                  items:
                    type: string
                allowedServices:
                  type: array
                  items:
                    type: string
  scope: Cluster
  names:
    plural: skupperclusterpolicies
    singular: skupperclusterpolicy
    kind: SkupperClusterPolicy
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    application: skupper-service-controller
  name: skupper-service-controller
rules:
  - apiGroups:
      - skupper.io
    resources:
      - skupperclusterpolicies
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - ""
    resources:
      - namespaces
    verbs:
      - get

Appendix B. About Service Interconnect documentation

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. We are beginning with these four terms: master, slave, blacklist, and whitelist. Because of the enormity of this endeavor, these changes will be implemented gradually over several upcoming releases. For more details, see our CTO Chris Wright’s message.

Revised on 2024-10-07 16:42:28 UTC

Legal Notice

Copyright © 2024 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at Content from creativecommons.org is not included.http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.