SkyCluster Configuration#

SkyCluster Setup#

Create an object of type XSetup to configure the SkyCluster operator. This object is used to configure the SkyCluster operator and its components, including the provider configs objects for provider-helm and provider-kubernetes operator. Make sure the labels are set correctly to ensure the operator can manage the resources.

apiVersion: skycluster.io/v1alpha1
kind: XSetup
metadata:
  name: mycluster
  labels:
    skycluster.io/managed-by: skycluster
spec:
  # The public IP of the api server running SkyCluster controller
  apiServer: A.B.C.D:6443
  # If set to true, the SkyCluster operator will deploy submariner
  # to enable cross-cluster communication
  submariner:
    enabled: true

Check the status of the SkyCluster operator:

kubectl get xsetup.skycluster.io mycluster

Once ready, you can follow the examples in the SkyCluster documentation to deploy applications.

Join SkyCluster Overlay#

SkyCluster uses an overlay network to enable communication between private networks across different providers. The overlay network is created using open source tailscale for client and headscale as the server, which provides a secure mesh network. The headscale server is deployed in the SkyCluster namespace and is responsible for managing the overlay network. SkyCluster automatically configures the headscale server and the tailscale clients within each provider. However to enabled access to the overlay network from this machine, you need to install the tailscale client and authenticate it with the headscale server.

First install the tailscale client on your machine:

curl -fsSL https://tailscale.com/install.sh | sh

Then authenticate the client with the headscale server you can run the following script. This script will retrieve the headscale server connection data from SkyCluster and authenticate your system with it:

curl -s https://skycluster.io/configs/tailscale-connect.sh | bash

The above script performs the following steps:

tailscale-connect.sh

 1HEADSCALE_DATA=$(kubectl get secret headscale-connection-secret \
 2  -n skycluster-system -o jsonpath='{.data}')
 3
 4if [[ -z "$HEADSCALE_DATA" ]]; then
 5  echo "Error: Headscale data not found in headscale-connection-secret secret" >&2
 6  exit 1
 7fi
 8
 9# KEY
10HEADSCALE_KEY=$(echo "$HEADSCALE_DATA" | jq -r '."preauth.json"' | base64 -d | jq -r '.key')
11if [[ -z "$HEADSCALE_KEY" ]]; then
12  echo "Error: Headscale key not found in headscale-connection-secret secret" >&2
13  exit 1
14fi
15
16# TAILSCALE Address
17SERVER="https://$(curl -s ifconfig.io):8080"
18sudo tailscale up --login-server $SERVER --auth-key $HEADSCALE_KEY --accept-routes

Automating Connectivity#

To maintain the connection to the overlay network, you can run the above script periodically or set it up a cron job to run it at regular intervals. This will ensure that your machine remains connected to the SkyCluster overlay network. To add the script to a cron job, you can use the following command:

SCRIPT_PATH="$HOME/.skycluster/tailscale-cron.sh"
mkdir -p "$HOME/.skycluster"

# download the cron script
curl -fsSL https://skycluster.io/configs/tailscale-cron.sh -o $SCRIPT_PATH
chmod +x $SCRIPT_PATH

# backup existing cron jobs
crontab -u $USER -l 2>/dev/null > /tmp/mycron || true

# add the cron job to run the script every 5 minutes
echo "*/5 * * * * $SCRIPT_PATH" >> /tmp/mycron
crontab -u $USER /tmp/mycron

Warning

This step is required to connect your machine to the SkyCluster overlay network. If you do not run this step, the SkyCluster operator will not be able to manage the resources within other providers. You will not be able to access the resources within the SkyCluster overlay network from your machine.

Note

You are now ready to initialize the providers and deploy your workload. To get started, see the examples in Examples.