"Skupper is an over-the-top, multi-platform application interconnect. Skupper makes it easy to deploy private application networks that span multiples sites and platforms.
* Over-the-top - Skupper operates at the application layer, on top of existing IP networks. Services connect across network boundaries without VPNs or special firewall rules.
* Multi-platform - Skupper works on Kubernetes, Docker, Podman, and Linux. It scales up to multi-tenant clusters and down to edge devices.
* Application-centric - Skupper creates isolated application-focused networks with logical service addresses that enable application portability.
* Secure - Skupper uses mutual TLS authentication and encryption to protect all communication. Application services are never exposed on the public internet."
It's in use at several big orgs in production. For example, I know with 99.9% certainty it is still being used by the Dutch Railways to connect Kubernetes clusters running on Google Cloud, Microsoft Azure and AWS together.
Back when I used it the mobile app on iOS was broken, but they fixed it real quick. That was encouraging.
Other than that, I mostly stopped using it because it forces you to regularly rotate all certificates, and for my personal purposes it was too much of a hassle.
I still like the project a lot and wish it would be more prominent. Nowadays everyone immediately seems to recommend Tailscale.
If you are looking for a container interconnect you could also take a look at Skupper (https://skupper.io/, Usage examples here: https://skupper.io/examples/):
"Skupper is an over-the-top, multi-platform application interconnect. Skupper makes it easy to deploy private application networks that span multiples sites and platforms.
* Over-the-top - Skupper operates at the application layer, on top of existing IP networks. Services connect across network boundaries without VPNs or special firewall rules.
* Multi-platform - Skupper works on Kubernetes, Docker, Podman, and Linux. It scales up to multi-tenant clusters and down to edge devices.
* Application-centric - Skupper creates isolated application-focused networks with logical service addresses that enable application portability.
* Secure - Skupper uses mutual TLS authentication and encryption to protect all communication. Application services are never exposed on the public internet."
It's in use at several big orgs in production. For example, I know with 99.9% certainty it is still being used by the Dutch Railways to connect Kubernetes clusters running on Google Cloud, Microsoft Azure and AWS together.
Back when I used it the mobile app on iOS was broken, but they fixed it real quick. That was encouraging.
Other than that, I mostly stopped using it because it forces you to regularly rotate all certificates, and for my personal purposes it was too much of a hassle.
I still like the project a lot and wish it would be more prominent. Nowadays everyone immediately seems to recommend Tailscale.
Never seen it deployed anywhere.
I'm planning to replace the traditional network architecture in my homelab with it to practice Zero Trust.
Yeah, that's my point. It seems to be used mostly on homelabs. No big companies endorsing it.
Tailscale has tailnet lock. Do you still need to trust the coordination server?
More than on a Nebula setup..