Citrix ADC and OpenShift 4 Solution Brief

Introduction to the issue OpenShift solves and OpenShift

Red Hat OpenShift 4 is a Kubernetes platform that provides enterprise-grade foundation for on-premises, hybrid, and multi-cloud deployments.

OpenShift Container Platform provides enterprise-ready enhancements to Kubernetes, including the following:

Hybrid Cloud Deployments

You can deploy OpenShift Container Platform clusters to variety of public cloud platforms or in your data center.

Integrated Red Hat technology

Major components in OpenShift Container Platform come from Red Hat Enterprise Linux and related Red Hat technologies. OpenShift Container Platform benefits from the intense testing and certification initiatives for Red Hat’s enterprise quality software.

Open Source Development Model

Development is completed in the open, and the source code is available from public software repositories. This open collaboration fosters rapid innovation and development.

For a more detailed reference, see OpenShift Container Platform Architecture.

OpenShift4 Requirement for External Load Balancer

External load balancers give Kubernetes nodes the ability to communicate with subnets outside of their cluster. This is crucial to the operability of OpenShift deployments because pods and clusters need to know about incoming traffic to correctly scale up and scale down different containers, and the obvious necessity to direct the correct incoming traffic to corresponding containers. OpenShift requires external load balancers, which Citrix provides, to operate effectively.

This means we can use our technology, specifically our containerized Application Delivery Controller (CPX) combined with our Citrix Ingress Controller (CIC) to support a fully functioning and optimized OpenShift deployment, along with our automated External Citrix ADC form factors including VPX. MPX, and BLX.

Benefits of Citrix ADC and OpenShift Integration

Production Grade Ingress

Citrix ADC is proven to work at scale, providing features like advanced load balancing, TLS termination, L3-L7 protocol optimizations, and redundancy solutions to the internet’s largest web properties and thousands of enterprises.

Flexibility

Citrix ADC support architecture flexibility – Citrix has a complete array of ADC form factors for every environment for inside and outside your cluster.

Visibility and Troubleshooting

Citrix ADM with Service Graphs provides actionable insight into the health and performance of applications and offers proactive troubleshooting for any issues.

For a more detailed reference, see Microservices-Based Application and Delivery with Citrix and Red Hat OpenShift.

Implementation of OpenShift

If you are currently an OpenShift ‘4.x’ customer, you know there are Network Topology Requirements for your deployment. In the following sections, you can find the necessary configuration prerequisites to begin your Citrix & OpenShift deployment.

Openshift4 requires both Load Balancing Services and corresponding DNS mapping for each service as outlined in the following sections.

External Load Balancing Services Prerequisites

Before you install the OpenShift Container Platform, two layer-4 load balancing services must be provisioned. The first is required by the API server, and the second is necessary to provide ingress to applications.

Also, there are certain ports that need to be accessible for the Network Topology Requirements.

  1. First, you must open ports 6443 (Kubernetes API Server) and 22623 (Machine Configuration Server) for the bootstrap and control plane. Ensure removal of the bootstrap machine from the load balancer after the control plane initialization. You must also open ports 443 (HTTPS traffic) and 80 (HTTP traffic) on router pods, compute, and workers.

    For a more detailed reference, visit the Network Topology Requirements on OpenShift4 Container Platform Documentation.

  2. External DNS Mapping Prerequisites:

Cluster Nodes:

    master1.openshift4.example.com +short    10.217.101.X
    master2.openshift4.example.com +short    10.217.101.X
    master3.openshift4.example.com +short    10.217.101.X
    worker1.openshift4.example.com +short    10.217.101.X
    worker2.openshift4.example.com +short    10.217.101.X
    bootstrap.openshift4.example.com +short  10.217.101.X

ETCD Nodes:

    etcd-0.openshift4.example.com +short     10.217.101.X
    etcd-1.openshift4.example.com +short     10.217.101.X
    etcd-2.openshift4.example.com +short     10.217.101.X

API Endpoints:

    api.openshift4.example.com +short        10.217.101.X
    api-int.openshift4.example.com +short    10.217.101.X

Wildcard DNS Entry:

    *.apps.openshift4.example.com +short     10.217.101.X

SRV Records:

    $ dig _etcd-server-ssl._tcp.openshift4.example.com SRV +short

    0 10 2380 etcd-0.openshift4.example.com  
    0 10 2380 etcd-1.openshift4.example.com  
    0 10 2380 etcd-2.openshift4.example.com

Implementation of Citrix ADC

Citrix ADC Configuration Overview

We want to ensure that the correct Virtual IPs are corresponding to the correct Service Group Members. As you can see below, we have configured the machine-config-server to point to a Service Group that has three members with unique IP addresses (10.217.101.185, 10.217.101.186, 10.217.101.187).

Step1

Step2

Step3

Virtual Servers and Services in ADC

Using the following images as a reference, ensure that your configuration has the appropriate Virtual Servers and Services running on the correct ports.

Virtual Servers:

Virtual Servers

Services:

Services

Summary

Citrix ADC can seamlessly integrate into any OpenShift 4 cluster and provide integrated External Load Balancing services for the cluster node components for high availability and DNS support as required by the OpenShift4 install requirements. Additionally, Citrix ADC can be integrated inside the OpenShift 4 cluster using the Citrix CPX and Citrix Ingress Controller to integrate with OpenShift4 for all containerized deployments.

To learn more about the Citrix Cloud Native solutions, visit Citrix ADC Platforms.