hydrantosaurus.com

Running Skipper locally

Requirements

Steps

1. Create the Service Account

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: skipper-ingress
  namespace: kube-system

---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
  name: skipper-ingress
rules:
- apiGroups: ["extensions"]
  resources: ["ingresses"]
  verbs: ["get", "list"]
- apiGroups: [""]
  resources: ["namespaces", "services", "endpoints"]
  verbs: ["get", "list"]

---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: skipper-ingress
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: skipper-ingress
subjects:
- kind: ServiceAccount
  name: skipper-ingress
  namespace: kube-system

2. Extract “ca.crt” and “token” from the Secret of the ServiceAccount

mkdir ./secret
kubectl -n kube-system get secrets skipper-ingress-token-ldbxw -o json | jq -r '.data["ca.crt"]' | base64 -D | ghead -c -1 > ./secret/ca.crt
kubectl -n kube-system get secrets skipper-ingress-token-ldbxw -o json | jq -r '.data["token"]' | base64 -D > ./secret/token

It is important to remove the trailing newline of the CA certificate.

3. Create the directory where Skipper expects “ca.crt” and “token”

sudo mkdir -p /var/run/secrets/kubernetes.io
sudo ln -s $PWD/secret /var/run/secrets/kubernetes.io/serviceaccount

4. Export variables to tell Skipper where to find the Kubernetes cluster

export KUBERNETES_SERVICE_HOST=192.168.99.100
export KUBERNETES_SERVICE_PORT=8443

5. Set route so Skipper can find the pods it proxies to

sudo route -n add 172.17.0.0/16 $(minikube ip)

Via https://stackoverflow.com/a/43326825.

6. Build Skipper

make skipper

7. Execute Skipper

bin/skipper -kubernetes -kubernetes-in-cluster ...

26 Feb 2019