Overview

You can deploy NetScaler CPX in a Kubernetes cluster to load balance containerized applications in the cluster. By default, when you deploy NetScaler CPX in the Kubernetes cluster, it replaces the Kubernetes’ kube-proxy that provides basic load balancing functionality. Replacing the kube-proxy with NetScaler CPX, in addition to the load balancing functionality, you can use the NetScaler Management and Analytics System (MAS) for:

  • Visibility into the application environment in the cluster

  • Managing and monitoring the NetScaler CPX instances in the cluster

  • Using the Stylebooks feature to simplify the task of managing complex NetScaler configurations for your applications

For more information on NetScaler MAS, see NetScaler Management and Analytics System Product Documentation.

In a Kubernetes environment, to load balance Ingress traffic for Kubernetes services you need an Ingress resource and an Ingress controller. An Ingress resource is a Kubernetes resource with which you can configure a load balancer for your Kubernetes services. The load balancer exposes the services to clients outside your Kubernetes cluster by providing externally-reachable URLs for the services, and load balances the traffic sent to those URLs.

NetScaler ADC instances such as, NetScaler MPX appliance, NetScaler VPX appliance, or NetScaler CPX can be used an Ingress load balancer in a Kubernetes environment, to load balance the ingress traffic to your Kubernetes services by clients outside the Kubernetes cluster.

An Ingress Controller integrates the load balancer with Kubernetes. It monitors the Ingress resource through the Kubernetes API and updates the configurations of the load balancer if any of the services are changed by scaling, rolling updates, or metadata changes. The NetScaler Management and Analytics System (MAS) includes a NetScaler Ingress Controller for the Kubernetes environment. The NetScaler Ingress Controller with the NetScaler ADC instances enable you to handle Ingress traffic in a Kubernetes environment.

How the NetScaler Ingress Controller Works

After you have deployed the Kubernetes cluster, you must integrate the cluster with NetScaler MAS by providing the details of the Kubernetes environment in NetScaler MAS. NetScaler MAS monitors for changes in Kubernetes resources such as, services, pods, and Ingress rules.

When you deploy a NetScaler CPX instance as an Ingress resource in the Kubernetes cluster, it automatically registers with NetScaler MAS. As part of the registration process, NetScaler MAS learns about the NetScaler CPX instance IP address and the port on which it can reach the instance to configure NetScaler specific configuration using the NITRO REST APIs.

The Stylebook engine in NetScaler MAS processes all the information that NetScaler MAS collects from Kubernetes, such as services, pods, and Ingress rules. Using an existing provisioned Stylebook (com.citrix.adc.stylebooks/1.0/cs-lb-mon), the Stylebook engine generates NetScaler configurations, such as the virtual servers, services, and service groups required for load balancing, and applies the configurations to the NetScaler CPX Ingress Load Balancer. For more information on Stylebook, see Stylebooks.

The following diagram illustrates a Kubernetes environment that includes a NetScaler Ingress controller integrated with a NetScaler CPX Ingress resource in the Kubernetes cluster to handle the ingress traffic.

NetScaler Ingress Controller

In this example, a NetScaler CPX container is deployed to load balance traffic to the Kubernetes services from outside the cluster through a virtual IP (VIP) address. The NetScaler CPX container load balances the North-South traffic by distributing the requests between the multiple Kubernetes Pods that make up services A and B.

Important: The DNS configuration for the domain, api.example.com is configured to send the traffic to the NetScaler CPX container using the NetScaler CPX host IP address. In case, if multiple NetScaler CPX containers are configured as ingress load balancer, ensure that you distribute the ingress traffic across the NetScaler CPX containers using DNS methods.

NetScaler MAS manages the NetScaler devices in the Kubernetes cluster and provides rich analytics from the devices for insight and troubleshooting. It also enables you to get visibility into application performance and security by collecting detailed traffic statistics from the NetScaler devices.

How NetScaler CPX Load Balances East-West Traffic Flow in Kubernetes Environment

After you have deployed the Kubernetes cluster, you must integrate the cluster with NetScaler MAS by providing the details of the Kubernetes environment in NetScaler MAS. NetScaler MAS monitors the changes in Kubernetes resources, such as services, endpoints, and Ingress rules.

When you deploy a NetScaler CPX instance in the Kubernetes cluster, it automatically registers with NetScaler MAS. As part of the registration process, NetScaler MAS learns about the NetScaler CPX instance IP address and the port on which it can reach the instance to configure it by using NITRO REST APIs.

The Stylebook engine in NetScaler MAS processes all the information that NetScaler MAS collects from Kubernetes, such as services, endpoints, and Ingress rules. Using an existing provisioned Stylebook (com.citrix.adc.stylebooks/1.0/cs-lb-mon), the Stylebook engine generates NetScaler-specific configurations, such as the virtual servers and service groups required for load balancing, and applies the configurations to the NetScaler CPX instances. For more information about Stylebook, see Stylebooks.

The following figure shows how NetScaler CPX load balances east-west traffic flow in a Kubernetes cluster.

East-West Traffic flow

In this example, Node 1 and Node 2 of the Kubernetes clusters contains instances of a front-end service and a back-end service. When the NetScaler CPX instances are deployed in Node 1 and Node 2, the NetScaler CPX instances are automatically registered with NetScaler MAS. You must manually integrate the Kubernetes cluster with NetScaler MAS by configuring the Kubernetes cluster details in NetScaler MAS.

When a client requests the front-end service, the ingress resource load balances the request between the instances of the front-end service on the two nodes. When an instance of the front-end service needs information from the back-end services in the cluster, it directs the requests to the NetScaler CPX instance in its node. That NetScaler CPX instance load balances the requests between the back-end services in the cluster, thereby providing east-west traffic flow.