Product documentation
Citrix ADC CPX
Current Release 13.0 12.1
View PDF

Deploy Citrix ADC CPXs as Local DNS Caches for Kubernetes Nodes

September 8, 2020
Contributed by: 
S

Application pods in a Kubernetes cluster rely on DNS to communicate with other application pods. DNS requests from applications inside a Kubernetes cluster are handled by Kubernetes DNS (kube-dns). Due to wider adoption of microservices architectures, DNS request rates inside a Kubernetes cluster are increasing. As a result, Kubernetes DNS (kube-dns) is overburdened. Now you can deploy Citrix ADC CPX as a local DNS cache on each Kubernetes node and forward DNS requests from application pods in the node to Citrix ADC CPX. Hence, you can resolve DNS requests faster and significantly reduce the load on Kubernetes DNS.

To deploy Citrix ADC CPXs, a Kubernetes DaemonSet entity is used to schedule Citrix ADC CPX pods on each node in the Kubernetes cluster. A Kubernetes DaemonSet ensures that there is an instance of Citrix ADC CPX on each Kubernetes node in the cluster. To make application pods direct traffic to CPX DNS pods, you need to create a Kubernetes service with endpoints as Citrix ADC CPX pods. Cluster IP of this service is used as the DNS endpoint for the application pods. To make sure that the application pods use Citrix ADC CPX service cluster IP address for DNS resolution, you need to update the kubelet configuration file on each node with Citrix ADC CPX service cluster IP.

The following environment variables are introduced to support the deployment of Citrix ADC CPX as NodeLocal DNS cache:

  • KUBE_DNS_SVC_IP: Specifies the cluster IP address of the kube-dns service which is a mandatory argument to trigger the configuration on a Citrix ADC CPX pod. The Citrix ADC CPX pod directs DNS queries to this IP address when the DNS query response is not available in the Citrix ADC CPX cache.

  • CPX_DNS_SVC_IP: Specifies the cluster IP address of the Citrix ADC CPX service. The CPX_DNS_SVC_IP environment variable is used to configure local DNS on nodes. When you configure this variable, an iptables rule is added to direct the DNS requests originating from application pods to the local Citrix ADC CPX pod inside the node.

  • NS_DNS_FORCE_TCP: This environment variable forces using TCP for DNS requests even if the queries are received over UDP.

  • NS_DNS_EXT_RESLV_IP: Specifies the IP address of the external name server to direct the DNS requests for a specific domain.

  • NS_DNS_MATCH_DOMAIN: Specifies the external domain string to be matched against to direct the queries to the external name server.

Deploy Citrix ADC CPXs as DNS Caches on Nodes

Deploying Citrix ADC CPX as local DNS cache for a Kubernetes cluster includes the following tasks:

On the master node:

  • Create a Kubernetes service with endpoints as Citrix ADC CPX pods

  • Create a ConfigMap for defining environment variables for Citrix ADC CPX pods

  • Schedule Citrix ADC CPX pods on each node in the Kubernetes cluster using a Kubernetes DaemonSet.

On worker nodes:

  • Modify the kubelet configuration file with the cluster IP address of Citrix ADC CPX service to forward DNS requests to Citrix ADC CPXs.

Configuration on the Kubernetes Master Node

Perform the following steps on the Kubernetes master node to deploy Citrix ADC CPX as the local DNS cache for nodes:

  1. Create a service with Citrix ADC CPX pods as endpoints using the cpx_dns_svc.yaml file.

    kubectl apply -f cpx_dns_svc.yaml

    The cpx_dns_svc.yaml file is provided as follows:

            apiVersion: v1
        kind: Service
        metadata:
          name: cpx-dns-svc
          labels:
            app: cpxd
        spec:
          ports:
          - protocol: UDP
            port: 53
            name: dns
          - protocol: TCP
            port: 53
            name: dns-tcp
          selector:
            app: cpx-daemon

  2. Get the IP address of the Citrix ADC CPX service.

    kubectl get svc cpx-dns-svc

  3. Get the IP address of the Kube DNS service.

    kubectl get svc -n kube-system

  4. Create a ConfigMap for defining environment variables for Citrix ADC CPX pods. These environment variables are used to pass IP addresses of Citrix ADC CPX service and Kube DNS service. In this step, a sample ConfigMap cpx-dns-cache is created using the environment variables specified as data (key-value pairs) in a file.

    kubectl create configmap cpx-dns-cache --from-file <path-to-file>

    The following is a sample file with the environment variables as key-value pairs.

      CPX_DNS_SVC_IP: 10.111.95.145
  EULA: "yes"
  KUBE_DNS_SVC_IP: 10.96.0.10
  NS_CPX_LITE: "1"
  NS_DNS_EXT_RESLV_IP: 10.102.217.142
  NS_DNS_MATCH_DOMAIN: citrix.com
  PLATFORM: CP1000

    The following is a sample ConfigMap:

    apiVersion: v1
data:
  CPX_DNS_SVC_IP: 10.111.95.145
  EULA: "yes"
  KUBE_DNS_SVC_IP: 10.96.0.10
  NS_CPX_LITE: "1"
  NS_DNS_EXT_RESLV_IP: 10.102.217.142
  NS_DNS_MATCH_DOMAIN: citrix.com
  PLATFORM: CP1000
kind: ConfigMap
metadata:
  creationTimestamp: "2019-10-15T07:45:54Z"
  name: cpx-dns-cache
  namespace: default
  resourceVersion: "8026537"
  selfLink: /api/v1/namespaces/default/configmaps/cpx-dns-cache
  uid: 8d06f6ee-133b-4e1a-913c-9963cbf4f48

  5. Create a Kubernetes DaemonSet for Citrix ADC CPX on the master node.

    kubectl apply -f cpx_daemonset.yaml

    The cpx_daemonset.yaml file is provided as follows:

    apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: cpx-daemon
  labels:
        app: cpxd
spec:
   selector:
        matchLabels:
          app: cpx-daemon
template:
   metadata:
        labels:
          app: cpx-daemon
   spec:
       containers:
       - name: cpxd
        imagePullPolicy: IfNotPresent
        image: localhost:5000/dev/cpx
        volumeMounts:
         - mountPath: /netns/default/
        name: test-vol
        ports:
        - containerPort: 53
   envFrom:
       - configMapRef:
       name: cpx-dns-cache
   securityContext:
   privileged: true
   allowPrivilegeEscalation: true
   capabilities:
    add: ["NET_ADMIN"]
   volumes:
      -  name: test-vol
      hostPath:
      path: /proc/1/ns
      type: Directory

Configuration on Worker Nodes in the Kubernetes Cluster

Once you complete configuration on master node, perform the following step on worker nodes:

  1. Modify the kubelet configuration file so that application pods can use Citrix ADC CPX service cluster IP for DNS resolution using one of the following steps:

    • Follow the steps in reconfigure a Node’s kubelet and modify the --cluster-dns argument value in the following format.

           --cluster-dns=<CPX_DNS_SVC_IP>,<KUBE_DNS_SVC_IP>

      or

    • Edit the /etc/systemd/system/kubelet.service.d/10-kubeadm.conf file and modify the --cluster-dns argument using the following steps.

      1. Edit the kubelet configuration and specify the cluster IP address of Citrix ADC CPX service and kube-dns service IP address for the --cluster-dns argument.

         root@node:~# cat /etc/systemd/system/kubelet.service.d/10-kubeadm.conf | grep KUBELET_DNS_ARGS

 Environment="KUBELET_DNS_ARGS=--cluster-dns=10.111.95.145,10.96.0.10 --cluster-domain=cluster.local"
 ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_DNS_ARGS

      2. Reload the kubelet of nodes using the following commands:

         # systemctl daemon-reload
 # service kubelet restart
Deploy Citrix ADC CPXs as Local DNS Caches for Kubernetes Nodes
September 8, 2020
Contributed by: 
S
September 8, 2020
Contributed by: 
S

In this article

Site feedback | Privacy and legal terms | Cookie preferences | Consent settings
© 1999- Cloud Software Group, Inc. All rights reserved.