Citrix ADC and OpenShift 4 Solution Brief
Introduction to the issue OpenShift solves and OpenShift
Red Hat OpenShift 4 is a Kubernetes platform that provides enterprise-grade foundation for on-premises, hybrid, and multi-cloud deployments.
OpenShift Container Platform provides enterprise-ready enhancements to Kubernetes, including the following:
Hybrid Cloud Deployments
You can deploy OpenShift Container Platform clusters to variety of public cloud platforms or in your data center.
Integrated Red Hat technology
Major components in OpenShift Container Platform come from Red Hat Enterprise Linux and related Red Hat technologies. OpenShift Container Platform benefits from the intense testing and certification initiatives for Red Hat’s enterprise quality software.
Open Source Development Model
Development is completed in the open, and the source code is available from public software repositories. This open collaboration fosters rapid innovation and development.
For a more detailed reference, see OpenShift Container Platform Architecture.
OpenShift4 Requirement for External Load Balancer
External load balancers give Kubernetes nodes the ability to communicate with subnets outside of their cluster. This is crucial to the operability of OpenShift deployments because pods and clusters need to know about incoming traffic to correctly scale up and scale down different containers, and the obvious necessity to direct the correct incoming traffic to corresponding containers. OpenShift requires external load balancers, which Citrix provides, to operate effectively.
This means we can use our technology, specifically our containerized Application Delivery Controller (CPX) combined with our Citrix Ingress Controller (CIC) to support a fully functioning and optimized OpenShift deployment, along with our automated External Citrix ADC form factors including VPX. MPX, and BLX.
Benefits of Citrix ADC and OpenShift Integration
Production Grade Ingress
Citrix ADC is proven to work at scale, providing features like advanced load balancing, TLS termination, L3-L7 protocol optimizations, and redundancy solutions to the internet’s largest web properties and thousands of enterprises.
Citrix ADC support architecture flexibility – Citrix has a complete array of ADC form factors for every environment for inside and outside your cluster.
Visibility and Troubleshooting
Citrix ADM with Service Graphs provides actionable insight into the health and performance of applications and offers proactive troubleshooting for any issues.
For a more detailed reference, see Microservices-Based Application and Delivery with Citrix and Red Hat OpenShift.
Implementation of OpenShift
If you are currently an OpenShift ‘4.x’ customer, you know there are Network Topology Requirements for your deployment. In the following sections, you can find the necessary configuration prerequisites to begin your Citrix & OpenShift deployment.
Openshift4 requires both Load Balancing Services and corresponding DNS mapping for each service as outlined in the following sections.
External Load Balancing Services Prerequisites
Before you install the OpenShift Container Platform, two layer-4 load balancing services must be provisioned. The first is required by the API server, and the second is necessary to provide ingress to applications.
Also, there are certain ports that need to be accessible for the Network Topology Requirements.
First, you must open ports 6443 (Kubernetes API Server) and 22623 (Machine Configuration Server) for the bootstrap and control plane. Ensure removal of the bootstrap machine from the load balancer after the control plane initialization. You must also open ports 443 (HTTPS traffic) and 80 (HTTP traffic) on router pods, compute, and workers.
For a more detailed reference, visit the Network Topology Requirements on OpenShift4 Container Platform Documentation.
External DNS Mapping Prerequisites:
master1.openshift4.example.com +short 10.217.101.X master2.openshift4.example.com +short 10.217.101.X master3.openshift4.example.com +short 10.217.101.X worker1.openshift4.example.com +short 10.217.101.X worker2.openshift4.example.com +short 10.217.101.X bootstrap.openshift4.example.com +short 10.217.101.X <!--NeedCopy-->
etcd-0.openshift4.example.com +short 10.217.101.X etcd-1.openshift4.example.com +short 10.217.101.X etcd-2.openshift4.example.com +short 10.217.101.X <!--NeedCopy-->
api.openshift4.example.com +short 10.217.101.X api-int.openshift4.example.com +short 10.217.101.X <!--NeedCopy-->
Wildcard DNS Entry:
*.apps.openshift4.example.com +short 10.217.101.X <!--NeedCopy-->
$ dig _etcd-server-ssl._tcp.openshift4.example.com SRV +short 0 10 2380 etcd-0.openshift4.example.com 0 10 2380 etcd-1.openshift4.example.com 0 10 2380 etcd-2.openshift4.example.com <!--NeedCopy-->
Implementation of Citrix ADC
Citrix ADC Configuration Overview
We want to ensure that the correct Virtual IPs are corresponding to the correct Service Group Members. As you can see below, we have configured the
machine-config-server to point to a Service Group that has three members with unique IP addresses (10.217.101.185, 10.217.101.186, 10.217.101.187).
Virtual Servers and Services in ADC
Using the following images as a reference, ensure that your configuration has the appropriate Virtual Servers and Services running on the correct ports.
Citrix ADC can seamlessly integrate into any OpenShift 4 cluster and provide integrated External Load Balancing services for the cluster node components for high availability and DNS support as required by the OpenShift4 install requirements. Additionally, Citrix ADC can be integrated inside the OpenShift 4 cluster using the Citrix CPX and Citrix Ingress Controller to integrate with OpenShift4 for all containerized deployments.
To learn more about the Citrix Cloud Native solutions, visit Citrix ADC Platforms.