{"id":19969070,"url":"https://github.com/pwright/skupper-example-http2-tls","last_synced_at":"2026-05-13T00:05:01.822Z","repository":{"id":103346747,"uuid":"491954250","full_name":"pwright/skupper-example-http2-tls","owner":"pwright","description":null,"archived":false,"fork":false,"pushed_at":"2022-05-19T07:57:55.000Z","size":81,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-03-01T17:48:36.047Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pwright.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-05-13T15:41:15.000Z","updated_at":"2022-05-17T10:39:05.000Z","dependencies_parsed_at":"2023-07-07T19:00:34.055Z","dependency_job_id":null,"html_url":"https://github.com/pwright/skupper-example-http2-tls","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/pwright/skupper-example-http2-tls","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pwright%2Fskupper-example-http2-tls","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pwright%2Fskupper-example-http2-tls/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pwright%2Fskupper-example-http2-tls/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pwright%2Fskupper-example-http2-tls/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pwright","download_url":"https://codeload.github.com/pwright/skupper-example-http2-tls/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pwright%2Fskupper-example-http2-tls/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32961802,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-12T23:30:32.555Z","status":"ssl_error","status_checked_at":"2026-05-12T23:30:18.191Z","response_time":102,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-13T02:48:37.112Z","updated_at":"2026-05-13T00:05:01.813Z","avatar_url":"https://github.com/pwright.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Skupper HTTP2 services using TLS\n\n[![main](https://github.com/skupperproject/skupper-example-http2-tls/actions/workflows/main.yaml/badge.svg)](https://github.com/skupperproject/skupper-example-http2-tls/actions/workflows/main.yaml)\n\n#### A minimal HTTP2 application deployed across Kubernetes clusters using Skupper and encrypted using TLS\n\nThis example is part of a [suite of examples][examples] showing the\ndifferent ways you can use [Skupper][website] to connect services\nacross cloud providers, data centers, and edge sites.\n\n[website]: https://skupper.io/\n[examples]: https://skupper.io/examples/index.html\n\n#### Contents\n\n* [Overview](#overview)\n* [Prerequisites](#prerequisites)\n* [Step 1: Configure separate console sessions](#step-1-configure-separate-console-sessions)\n* [Step 2: Access your clusters](#step-2-access-your-clusters)\n* [Step 3: Set up your namespaces](#step-3-set-up-your-namespaces)\n* [Step 4: Install Skupper in your namespaces](#step-4-install-skupper-in-your-namespaces)\n* [Step 5: Check the status of your namespaces](#step-5-check-the-status-of-your-namespaces)\n* [Step 6: Link your namespaces](#step-6-link-your-namespaces)\n* [Step 7: Deploy the frontend and backend services](#step-7-deploy-the-frontend-and-backend-services)\n* [Step 8: Expose the backend service](#step-8-expose-the-backend-service)\n* [Step 9: Modify the backend service to use the certs from the site.](#step-9-modify-the-backend-service-to-use-the-certs-from-the-site)\n* [Step 10: Test the application](#step-10-test-the-application)\n* [Summary](#summary)\n\n## Overview\n\nThis example is a simple multi-service HTTP2 application that can\nbe deployed across multiple Kubernetes clusters using Skupper.\n\nIt contains two services:\n\n* A backend HTTP2 webserver.\n\n* A deployment that uses `curl` to call the webserver.\n\nWith Skupper, you can place the backend in one cluster and the\nfrontend in another and maintain connectivity between the two\nservices without exposing the backend to the public internet.\nAll the traffic is encrypted using TLS.\n\n## Prerequisites\n\n* The `kubectl` command-line tool, version 1.15 or later\n  ([installation guide][install-kubectl])\n\n* The `skupper` command-line tool, the latest version ([installation\n  guide][install-skupper])\n\n* Access to at least one Kubernetes cluster, from any provider you\n  choose\n\n[install-kubectl]: https://kubernetes.io/docs/tasks/tools/install-kubectl/\n[install-skupper]: https://skupper.io/install/index.html\n\n## Step 1: Configure separate console sessions\n\nSkupper is designed for use with multiple namespaces, typically on\ndifferent clusters.  The `skupper` command uses your\n[kubeconfig][kubeconfig] and current context to select the namespace\nwhere it operates.\n\n[kubeconfig]: https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/\n\nYour kubeconfig is stored in a file in your home directory.  The\n`skupper` and `kubectl` commands use the `KUBECONFIG` environment\nvariable to locate it.\n\nA single kubeconfig supports only one active context per user.\nSince you will be using multiple contexts at once in this\nexercise, you need to create distinct kubeconfigs.\n\nStart a console session for each of your namespaces.  Set the\n`KUBECONFIG` environment variable to a different path in each\nsession.\n\nConsole for _west_:\n\n~~~ shell\nexport KUBECONFIG=~/.kube/config-west\n~~~\n\nConsole for _east_:\n\n~~~ shell\nexport KUBECONFIG=~/.kube/config-east\n~~~\n\n## Step 2: Access your clusters\n\nThe methods for accessing your clusters vary by Kubernetes provider.\nFind the instructions for your chosen providers and use them to\nauthenticate and configure access for each console session.  See the\nfollowing links for more information:\n\n* [Minikube](https://skupper.io/start/minikube.html)\n* [Amazon Elastic Kubernetes Service (EKS)](https://skupper.io/start/eks.html)\n* [Azure Kubernetes Service (AKS)](https://skupper.io/start/aks.html)\n* [Google Kubernetes Engine (GKE)](https://skupper.io/start/gke.html)\n* [IBM Kubernetes Service](https://skupper.io/start/ibmks.html)\n* [OpenShift](https://skupper.io/start/openshift.html)\n* [More providers](https://kubernetes.io/partners/#kcsp)\n\n## Step 3: Set up your namespaces\n\nUse `kubectl create namespace` to create the namespaces you wish to\nuse (or use existing namespaces).  Use `kubectl config set-context` to\nset the current namespace for each session.\n\nConsole for _west_:\n\n~~~ shell\nkubectl create namespace west\nkubectl config set-context --current --namespace west\n~~~\n\nConsole for _east_:\n\n~~~ shell\nkubectl create namespace east\nkubectl config set-context --current --namespace east\n~~~\n\n## Step 4: Install Skupper in your namespaces\n\nThe `skupper init` command installs the Skupper router and service\ncontroller in the current namespace.  Run the `skupper init` command\nin each namespace.\n\n**Note:** If you are using Minikube, [you need to start `minikube\ntunnel`][minikube-tunnel] before you install Skupper.\n\n[minikube-tunnel]: https://skupper.io/start/minikube.html#running-minikube-tunnel\n\nConsole for _west_:\n\n~~~ shell\nskupper init\n~~~\n\nConsole for _east_:\n\n~~~ shell\nskupper init --ingress none\n~~~\n\n## Step 5: Check the status of your namespaces\n\nUse `skupper status` in each console to check that Skupper is\ninstalled.\n\nConsole for _west_:\n\n~~~ shell\nskupper status\n~~~\n\nConsole for _east_:\n\n~~~ shell\nskupper status\n~~~\n\nYou should see output like this for each namespace:\n\n~~~\nSkupper is enabled for namespace \"\u003cnamespace\u003e\" in interior mode. It is not connected to any other sites. It has no exposed services.\nThe site console url is: http://\u003caddress\u003e:8080\nThe credentials for internal console-auth mode are held in secret: 'skupper-console-users'\n~~~\n\nAs you move through the steps below, you can use `skupper status` at\nany time to check your progress.\n\n## Step 6: Link your namespaces\n\nCreating a link requires use of two `skupper` commands in conjunction,\n`skupper token create` and `skupper link create`.\n\nThe `skupper token create` command generates a secret token that\nsignifies permission to create a link.  The token also carries the\nlink details.  Then, in a remote namespace, The `skupper link create`\ncommand uses the token to create a link to the namespace that\ngenerated it.\n\n**Note:** The link token is truly a *secret*.  Anyone who has the\ntoken can link to your namespace.  Make sure that only those you trust\nhave access to it.\n\nFirst, use `skupper token create` in one namespace to generate the\ntoken.  Then, use `skupper link create` in the other to create a link.\n\nConsole for _west_:\n\n~~~ shell\nskupper token create ~/west.token\n~~~\n\nConsole for _east_:\n\n~~~ shell\nskupper link create ~/west.token\nskupper link status --wait 30\n~~~\n\nIf your console sessions are on different machines, you may need to\nuse `scp` or a similar tool to transfer the token.\n\nYou can use the `skupper link status` command to check if linking\nsucceeded.\n\n## Step 7: Deploy the frontend and backend services\n\nUse YAML files to deploy the frontend service\nin `west` and the backend service in `east`.\n\nConsole for _east_:\n\n~~~ shell\nkubectl apply -f backend/index-html-config-map.yaml\nkubectl apply -f backend/ngnixhttp2tls_nocerts.yaml\n~~~\n\nConsole for _west_:\n\n~~~ shell\nkubectl apply -f frontend/kubernetes-curl-job.yaml\n~~~\n\n## Step 8: Expose the backend service\n\nWe now have two namespaces linked to form a Skupper network, but\nno services are exposed on it.  Skupper uses the `skupper\nexpose` command to select a service from one namespace for\nexposure on all the linked namespaces.\n\nUse `skupper expose` to expose the backend service to the\nfrontend service with the `enable-tls` option.\n\nConsole for _east_:\n\n~~~ shell\nskupper expose deployment nghttp2tls --port 443 --protocol http2 --enable-tls\n~~~\n\nSample output:\n\n~~~\ndeployment nghttp2tls exposed as nghttp2tls\n~~~\n\n## Step 9: Modify the backend service to use the certs from the site.\n\nThe webserver requires the certs to provide TLS connections\n\nConsole for _east_:\n\n~~~ shell\nkubectl  apply -f backend/ngnixhttp2tls_withcerts.yaml\nkubectl get services\n~~~\n\nSample output:\n\n~~~\n$ kubectl  apply -f backend/ngnixhttp2tls_withcerts.yaml\ntbd\n\n$ kubectl get services\nNAME                   TYPE           CLUSTER-IP       EXTERNAL-IP      PORT(S)                           AGE\ntbd\n~~~\n\n## Step 10: Test the application\n\nCheck the output of the curl job.\n\nConsole for _west_:\n\n~~~ shell\nkubectl logs jobs/my-kubernetes-job\n~~~\n\nSample output:\n\n~~~\n\u003c HTTP/2 200 \n\u003c server: nghttpd nghttp2/1.12.0\n\u003c cache-control: max-age=3600\n\u003c date: Tue, 17 May 2022 11:54:34 GMT\n\u003c content-length: 71\n\u003c last-modified: Tue, 17 May 2022 11:53:01 GMT\n\u003c \n{ [5 bytes data]\n100    71  100    71    0     0   3177      0 --:--:-- --:--:-- --:--:--  3227\n* Connection #0 to host nghttp2tls left intact\n~~~\n\nThe status 200 indicates a successful run.\n\n## Summary\n\nThis example locates the frontend and backend services in different\nnamespaces, on different clusters.  Ordinarily, this means that they\nhave no way to communicate unless they are exposed to the public\ninternet.\n\nIntroducing Skupper into each namespace allows us to create a virtual\napplication network that can connect services in different clusters.\nAny service exposed on the application network is represented as a\nlocal service in all of the linked namespaces.\n\nThe backend service is located in `east`, but the frontend service\nin `west` can \"see\" it as if it were local.  When the frontend\nsends a request to the backend, Skupper forwards the request to the\nnamespace where the backend is running and routes the response back to\nthe frontend.\n\nThis example shows how the HTTP2 service can use TLS to ensure all traffic is encrypted.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpwright%2Fskupper-example-http2-tls","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpwright%2Fskupper-example-http2-tls","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpwright%2Fskupper-example-http2-tls/lists"}