NetScaler ingress controller

ConfigMap support for the NetScaler Ingress Controller

The ConfigMap API resource holds key-value pairs of configuration data that can be consumed in pods or to store configuration data for system components such as controllers.

ConfigMaps allow you to separate your configurations from your pods and make your workloads portable. Using ConfigMaps, you can easily change and manage your workload configurations and reduce the need to hardcode configuration data to pod specifications.

The NetScaler Ingress Controller supports the configuration command line arguments, and environment variables mentioned in deploying the NetScaler Ingress Controller. But, you cannot update these configurations at runtime without rebooting the NetScaler Ingress Controller pod. With ConfigMap support, you can update the configuration automatically while keeping the NetScaler Ingress Controller pod running. You do not need to restart the pod after the update.

Supported environment variables in the NetScaler Ingress Controller

The values for the following environment variables in the NetScaler Ingress Controller can be specified in a ConfigMap.

  • LOGLEVEL: Specifies the log levels to control the logs generated by the NetScaler Ingress Controller (debug, info, critical, and so on). The default value is debug.

  • NS_HTTP2_SERVER_SIDE: Enables HTTP2 for NetScaler service group configurations with possible values as ON or OFF.

  • NS_PROTOCOL: Specifies the protocol to establish the ADC session (HTTP/HTTPS). The default value is http.

  • NS_PORT: Specifies the port to establish a session. The default value is 80.

  • NS_COOKIE_VERSION: Specifies the persistence cookie version (0 or 1). The default value is 0.

  • NS_DNS_NAMESERVER: Enables adding DNS nameservers on NetScaler VPX.

  • POD_IPS_FOR_SERVICEGROUP_MEMBERS: Specifies to add the IP address of the pod and port as service group members instead of NodeIP and NodePort while configuring services of type LoadBalancer or NodePort on an external tier-1 NetScaler.

  • IGNORE_NODE_EXTERNAL_IP: Specifies to ignore an external IP address and add an internal IP address for NodeIP while configuring NodeIP for services of type LoadBalancer or NodePort on an external tier-1 NetScaler.

  • FRONTEND_HTTP_PROFILE: Sets the HTTP options for the front-end virtual server (client plane), unless overridden by the ingress.citrix.com/frontend-httpprofile smart annotation in the ingress definition.

  • FRONTEND_TCP_PROFILE: Sets the TCP options for the front-end virtual server (client side), unless overridden by the ingress.citrix.com/frontend-tcpprofile smart annotation in the ingress definition.

  • FRONTEND_SSL_PROFILE: Sets the SSL options for the front-end virtual server (client side) unless overridden by the ingress.citrix.com/frontend-sslprofile smart annotation in the ingress definition.

  • JSONLOG: Set this argument to true if log messages are required in JSON format.

  • NS_ADNS_IPS: Enables configuring NetScaler as an ADNS server.

For more information about profile environment variables (FRONTEND_HTTP_PROFILE, FRONTEND_TCP_PROFILE, and FRONTEND_SSL_PROFILE), see Configure HTTP, TCP, or SSL profiles on NetScaler.

Note:

This is an initial version of the ConfigMap support and currently supports only a few parameters. Earlier, these parameters were configurable through environment variables except the NS_HTTP2_SERVER_SIDE parameter.

Configuring ConfigMap support for the NetScaler Ingress Controller

This example shows how to create a ConfigMap and apply the ConfigMap to the NetScaler Ingress Controller. It also shows how to reapply the ConfigMap after you make changes. You can also optionally delete the changes.

Perform the following to configure ConfigMap support for the NetScaler Ingress Controller.

  1. Create a YAML file cic-configmap.yaml with the required key-value pairs in the ConfigMap.

    apiVersion: v1
    kind: ConfigMap
    metadata:
      name: cic-configmap
      labels:
        app: citrix-ingress-controller
    data:
      LOGLEVEL: 'info'
      NS_PROTOCOL: 'http'
      NS_PORT: '80'
      NS_COOKIE_VERSION: '0'
      NS_HTTP2_SERVER_SIDE: 'ON'
    
  2. Deploy the cic-configmap.yaml using the following command.

    kubectl create -f cic-configmap.yaml
    
  3. Edit the cic.yaml file for deploying the NetScaler Ingress Controller as a stand-alone pod and specify the following:

    Args:
        - --configmap
            default/cic-configmap
    

    Note:

    It is mandatory to specify the namespace. If the namespace is not specified, ConfigMap is not considered.

    Following is a sample YAML file for deploying the NetScaler Ingress Controller with the ConfigMap configuration. For the complete YAML file, see citrix-k8s-ingress-controller.yaml.

    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: cic-k8s-ingress-controller
    spec:
      selector:
        matchLabels:
          app: cic-k8s-ingress-controller
        replicas: 1
        template:
          metadata:
            name: cic-k8s-ingress-controller
            labels:
              app: cic-k8s-ingress-controller
          annotations:
          spec: 
            serviceAccountName: cic-k8s-role
            containers:
            - name: cic-k8s-ingress-controller
              image: "quay.io/citrix/citrix-k8s-ingress-controller:1.36.5"
              env:
              # Set NetScaler NSIP/SNIP, SNIP in case of HA (mgmt has to be enabled) 
              - name: "NS_IP"
                value: "x.x.x.x"
              - name: "EULA"
                value: "yes"
              args:
                - --ingress-classes
                  citrix
                - --feature-node-watch
                  false
                - --configmap
                  default/cic-configmap
              imagePullPolicy: Always
    
  4. Deploy the NetScaler Ingress Controller as a stand-alone pod by applying the YAML.

    kubectl apply -f cic.yaml
    
  5. If you want to change the value of an environment variable, edit the values in the ConfigMap. In this example, the value of NS_HTTP2_SERVER_SIDE is changed to ‘OFF’.

    apiVersion: v1
    kind: ConfigMap
    metadata:
      name: cic-configmap
      labels:
        app: citrix-ingress-controller
    data:
      LOGLEVEL: 'info'
      NS_PROTOCOL: 'http'
      NS_PORT: '80'
      NS_COOKIE_VERSION: '0'
      NS_HTTP2_SERVER_SIDE: 'OFF'
    
  6. Reapply the ConfigMap using the following command.

    kubectl apply -f cic-configmap.yaml
    
  7. (Optional) If you need to delete the ConfigMap, use the following command.

    kubectl delete -f cic-configmap.yaml
    

    When you delete the ConfigMap, the environment variable configuration falls back as per the following order of precedence: ConfigMap configuration > environment variable configuration > default

(Optional) In case, you want to define all keys in a ConfigMap as environment variables in the NetScaler Ingress Controller, use the following in the NetScaler Ingress Controller deployment YAML file.

    envFrom:
            - configMapRef: 
              name: cic-configmap
ConfigMap support for the NetScaler Ingress Controller