Skip to content

Added a new section for vpx as ingress and gslb device for eks and aks #694

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
subashd wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Added a new section for vpx as ingress and gslb device for eks and aks #694

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
155 changes: 150 additions & 5 deletions docs/deploy/multi-cloud-ingress-lb-solution.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,6 @@

You can deploy multiple instances of the same application across multiple clouds provided by different cloud providers. This multi-cloud strategy helps you to ensure resiliency, high availability, and proximity. A multi-cloud approach also allows you to take advantage of the best of each cloud provider by reducing the risks such as vendor lock-in and cloud outages.

Citrix ADC with the help of the Citrix ingress controller can perform multi-cloud load balancing. Citrix ADC can direct traffic to clusters hosted on different cloud provider sites. The solution performs load balancing by distributing the traffic intelligently between the workloads running on Amazon EKS (Elastic Kubernetes Service) and Microsoft AKS (Azure Kubernetes Service) clusters.

You can deploy the multi-cloud and multi-cluster ingress and load balancing solution with Amazon EKS and Microsoft AKS.

## Deployment topology
Expand All @@ -18,6 +16,8 @@ The following diagram explains a deployment topology of the multi-cloud ingress
- You should be familiar with Citrix ADC and [Citrix ADC networking](https://docs.citrix.com/en-us/citrix-adc/current-release/networking.html).
- Instances of the same application must be deployed in Kubernetes clusters on Amazon EKS and Microsoft AKS.

## Deploy multi-cloud and multi-cluster ingress and load balancing solution with Amazon EKS and Microsoft AKS clusters

To deploy the multi-cloud multi-cluster ingress and load balancing solution, you must perform the following tasks.

1. Deploy Citrix ADC VPX in AWS.
Expand All @@ -27,7 +27,7 @@ To deploy the multi-cloud multi-cluster ingress and load balancing solution, you
1. Apply GTP and GSE CRDs on AWS and Azure Kubernetes clusters.
1. Deploy the multi-cluster controller.

## Deploying Citrix ADC VPX in AWS
## Deploy Citrix ADC VPX in AWS

You must ensure that the Citrix ADC VPX instances are installed in the same virtual private cloud (VPC) on the EKS cluster. It enables Citrix ADC VPX to communicate with EKS workloads. You can use an existing EKS subnet or create a subnet to install the Citrix ADC VPX instances.

Expand Down Expand Up @@ -71,7 +71,7 @@ For high availability (HA), you can install two instances of Citrix ADC VPX in H

add nameserver *nameserver IP*

## Deploying Citrix ADC VPX in Azure
## Deploy Citrix ADC VPX in Azure

You can run a standalone Citrix ADC VPX instance on an AKS cluster or run two Citrix ADC VPX instances in High Availability mode on the AKS cluster.

Expand Down Expand Up @@ -135,7 +135,6 @@ While installing the Citrix ADC VPX, select the VNet where the AKS cluster is in

For example, create an 'A' record `ns1.domain.com` pointing to the ADNS service public IP address. NS record for the domain must point to ns1.domain.com.


## Configure GSLB service in Citrix ADC VPX deployed in AWS and Azure

You must create GSLB sites on Citrix ADC VPX deployed on AWS and Azure.
Expand Down Expand Up @@ -360,3 +359,149 @@ As the GTP CRD is configured for the traffic policy as `FAILOVER`, Citrix ADC VP
curl -v http://*domain_name*

However, if an endpoint is not available in the EKS cluster, applications are automatically served from the Azure cluster. You can ensure it by setting the replica count to `0` in the primary cluster.

## Citrix ADC VPX as ingress and GSLB device for Amazon EKS and Microsoft AKS clusters

You can deploy the multi-cloud and multi-cluster ingress and load balancing solution with Amazon EKS and Microsoft AKS with Citrix ADC VPX as GSLB and the same Citrix ADC VPX as ingress device too.

To deploy the multi-cloud multi-cluster ingress and load balancing with Citrix ADC VPX as ingress device, you must complete the following tasks described in the previous sections:

1. [Deploy Citrix ADC VPX in AWS](#deploy-citrix-adc-vpx-in-aws)
1. [Deploy Citrix ADC VPX in Azure](#deploy-citrix-adc-vpx-in-azure)
1. [Configure ADNS service on Citrix ADC VPX deployed in AWS and AKS](#configure-adns-service-on-citrix-adc-vpx-deployed-in-aws-and-aks)
1. [Configure GSLB service on Citrix ADC VPX deployed in AWS and AKS](#configure-gslb-service-on-citrix-adc-vpx-deployed-in-aws-and-aks)
1. [Apply GTP and GSE CRDs on AWS and Azure Kubernetes clusters](#apply-gtp-and-gse-crds-on-aws-and-azure-kubernetes-clusters)
1. [Deploy the multi-cluster controller](#deploy-multi-cluster-controller)

After completing the preceding tasks, perform the following tasks:

1. Configure Citrix ADC VPX as Ingress Device for AWS
1. Configure Citrix ADC VPX as Ingress Device for Azure

### Configure Citrix ADC VPX as Ingress Device for AWS

#### Create Citrix ADC VPX login credentials using Kubernetes secret

```
kubectl create secret generic nslogin --from-literal=username='nsroot' --from-literal=password='<instance-id-of-vpx>'
```

The Citrix ADC VPX password is usually the instance-id of the VPX if you have not changed it.


#### Configure SNIP in the Citrix ADC VPX

SSH to the Citrix ADC VPX and configure a SNIP, which is the secondary IP of the VPX to which no Elastic IP is assigned

```
add ns ip 192.168.84.93 255.255.224.0
```

This is required for Citrix ADC to interact with the pods inside the Kubernetes cluster.


#### Update the Citrix ADC VPX management IP and VIP in the Citrix Ingress controller manifest

```
wget https://raw.githubusercontent.com/citrix/citrix-k8s-ingress-controller/master/deployment/aws/quick-deploy-cic/manifest/cic.yaml
```

***If you don't have `wget` installed, you can use `fetch` or `curl`***

Update the Citrix ADC VPX's primary IP in the `cic.yaml` in the below field

```
# Set NetScaler NSIP/SNIP, SNIP in case of HA (mgmt has to be enabled)
- name: "NS_IP"
value: "X.X.X.X"
```

Update the Citrix ADC VPX VIP in the `cic.yaml` in the below field. This is the private IP to which you have assigned an EIP.

```
# Set NetScaler VIP for the data traffic
- name: "NS_VIP"
value: "X.X.X.X"
```

#### Create the Citrix Ingress Controller

Now that we have configure the Citrix Ingress controller with the required values, let's deploy it.

```
kubectl create -f cic.yaml
```

### Configure Citrix ADC VPX as Ingress Device for Azure

Perform the following steps to deploy the Citrix ingress controller.

1. Create Citrix ADC VPX login credentials using Kubernetes secret.


kubectl create secret generic nslogin --from-literal=username='<azure-vpx-instance-username>' --from-literal=password='<azure-vpx-instance-password>'

**Note:** The Citrix ADC VPX user name and password should be the same as the credentials set while creating Citrix ADC VPX on Azure.

2. Using SSH, configure a SNIP in the Citrix ADC VPX, which is the secondary IP address of the Citrix ADC VPX. This step is required for the Citrix ADC to interact with pods inside the Kubernetes cluster.


add ns ip <snip-vpx-instance-private-ip> <vpx-instance-primary-ip-subnet>


- `snip-vpx-instance-private-ip` is the dynamic private IP address assigned while adding a SNIP during the Citrix ADC VPX instance creation.

- `vpx-instance-primary-ip-subnet` is the subnet of the primary private IP address of the Citrix ADC VPX instance.

To verify the subnet of the private IP address, SSH into the Citrix ADC VPX instance and use the following command.



show ip <primary-private-ip-addess>



3. Update the Citrix ADC VPX image URL, management IP, and VIP in the Citrix ingress controller YAML file.


1. Download the Citrix ingress controller YAML file.



wget https://raw.githubusercontent.com/citrix/citrix-k8s-ingress-controller/master/deployment/azure/manifest/azurecic/cic.yaml



**Note:** If you do not have `wget` installed, you can use the `fetch` or `curl` command.

2. Update the Citrix ingress controller image with the Azure image URL in the `cic.yaml` file.


- name: cic-k8s-ingress-controller
# CIC Image from Azure
image: "<azure-cic-image-url>"


3. Update the primary IP address of the Citrix ADC VPX in the `cic.yaml` in the following field with the primary private IP address of the Azure VPX instance.



# Set NetScaler NSIP/SNIP, SNIP in case of HA (mgmt has to be enabled)
- name: "NS_IP"
value: "X.X.X.X"


1. Update the Citrix ADC VPX VIP in the `cic.yaml` in the following field with the private IP address of the VIP assigned during VPX Azure instance creation.



# Set NetScaler VIP for the data traffic
- name: "NS_VIP"
value: "X.X.X.X"



4. Once you have configured the Citrix ingress controller with the required values, deploy the Citrix ingress controller using the following command.


kubectl create -f cic.yaml