Kubernetes has been providing many benefits to the software industry for a few years now, such as scaling applications or infrastructure, service discovery, load balancing and container health monitoring to name a few. It is a great open-source project that is being used with a variety of cloud providers: AWS, Google Azure, IBM cloud...
Sometimes companies and organizations have chosen a cloud provider because it was the best option at that moment; but these solutions need to be revisited from time to time. Not all organizations can migrate all their apps from one cloud provider to another, nor all businesses have an interest in moving data and apps from a private data center to the public cloud. In those cases an hybrid-cloud solution could be helpful.
Using different clusters among different cluster providers in order to connect different applications or microservices can be a difficult task. It could imply the set up of VPNs or firewall rules that could be left operative even when the project has been deprecated or removed. In my experience working as a consultant software engineer in the past, I have been in the situation of having to wait a couple of weeks (DevOps teams are incredible busy and have to work with complete different contexts in parallel) until our team was able to test all the interactions between microservices in a production environment.
The good thing is that there is an application that can leverage those scenarios by enabling secure communications across Kubernetes clusters without the need of VPNs: Skupper, an open-source project written in Go that interconnects applications deployed in multiple cloud providers or data centers.
Skupper can do this thanks to the Apache Qpid Dispatch Router, another open-source project. Once Skupper is installed in different clusters, a containerized AMQP router is running on the Skupper site.
To allow the routers communicate with each other, links between Skupper sites have to be created. This creates a VAN, or Virtual Application Network, in which all services or applications can communicate with each other as if they shared the same cluster. This happens because Skupper synchronizes all services among all sites.
Using the example of an application that send requests to a microservice deployed in a different cloud provider, the flow would go like this: an application communicates with a Skupper site using a HTTP connection, then the router deployed in that site communicates with the linked router sending messages over a TCP connection using TLS encryption. Finally, the Skupper site that receives the message will send a HTTP request to the microservice.
As you can see, Skupper can leverage the use of hybrid cloud networks, without having to provide extra privileges to developer teams that can define a secure VAN that fit their needs.
You can find a great tutorial on how to get started with Skupper here.
Top comments (0)