Citrix ADC CPX integration with MetalLB in layer 2 mode for on-premises Kubernetes clusters
Kubernetes service of type
LoadBalancer support is provided by cloud load balancers in a cloud environment. Cloud service providers enable this support by automatically creates a load balancer and assign an IP address which is displayed as part of the service status. Any traffic destined to the external IP address is load balanced on NodeIP and NodePort by the cloud load balancer.
Citrix provides different options to support the type
LoadBalancer services in an on-premises environment including:
- Using an external Citrix ADC VPX or Citrix ADC MPX as a tier-1 load balancer to load balance the incoming traffic to Kubernetes services.
For more information on such a deployment, see Expose services of type LoadBalancer.
Expose applications running in a Kubernetes cluster using the Citrix ADC CPX daemonset running inside the Kubernetes cluster along with a router supporting ECMP over BGP. ECMP router load balances the traffic to multiple Citrix ADC CPX instances. Citrix ADC CPX instances load balances the actual application pods. For more information on such a deployment, see BGP advertisement of external IP addresses for type LoadBalancer services and Ingresses using Citrix ADC CPX.
Expose the Citrix ADC CPX services as an external IP service with a node external IP address. You can use this option if an external ADC as tier-1 is not feasible, and a BGP router does not exist. In this deployment, Kubernetes routes the traffic coming to the
spec.externalIPof the Citrix ADC CPX service on service ports to Citrix ADC CPX pods. Ingress resources can be configured using the Citrix ingress controller to perform SSL (Secure Sockets Layer) offloading and load balancing applications. However, this deployment has the major drawback of not being reliable if there is a node failure.
Use MetalLB which is a load-balancer implementation for bare metal Kubernetes clusters in the layer 2 mode with Citrix ADC CPX to achieve ingress capability.
This documentation shows how you can leverage MetalLB along with Citrix ADC CPX to achieve ingress capability in bare-metal clusters when the other solutions are not feasible. MetalLB in layer 2 mode configures one node to send all the traffic to the Citrix ADC CPX service. MetalB automatically moves the IP address to a different node if there is a node failure. Thus providing better reliability than the ExternalIP service.
Note: MetalLB is still in the beta version. See the official documentation to know about the project maturity and any limitations.
Perform the following steps to deploy Citrix ADC CPX integration with MetalLB in layer 2 mode for on-premises Kubernetes clusters.
- Install and configure MetalLB
- Configure MetalLB configuration for layer 2
- Install Citrix ADC CPX service
Install and configure MetalLB
First, you should install MetalLB in layer 2 mode. For more information on different types of installations for MetalLB, see the MetalLB documentation.
Perform the following steps to install MetalLB:
Create a namespace for deploying MetalLB.
kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.9.5/manifests/namespace.yaml
Deploy MetalLB using the following command.
kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.9.5/manifests/metallb.yaml
Perform the following step if you are performing the installation for the first time.
kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey="$(openssl rand -base64 128)"
Verify the MetalLB installation and ensure that the speaker and controller is in the running state using the following command:
kubectl get pods -n metallb-system
These steps deploy MetalLB to your cluster, under the
The MetalLB deployment YAML file contains the following components:
The metallb-system/controller deployment: This component is the cluster-wide controller that handles IP address assignments.
The metallb-system/speaker daemonset. This component communicates using protocols of your choice to make the services reachable.
Service accounts for the controller and speaker, along with the RBAC permissions that the components need to function.
MetalLB configuration for Layer 2
Once MetalLB is installed, you should configure the MetalLB for layer 2 mode. MetalLB takes a range of IP addresses to be allocated to the type LoadBalancer services as external IP. In this deployment, a Citrix ADC CPX service acts as a front-end for all other applications. Hence, a single IP address is sufficient.
Create a ConfigMap for MetalLB using the following command where metallb-config.yaml is the YAML file with the MetalLB configuration.
kubectl create –f metallb-config.yaml
Following is a sample MetalLB configuration for layer2 mode. In this example, 192.168.1.240-192.168.1.240 is specified as the IP address range.
apiVersion: v1 kind: ConfigMap metadata: namespace: metallb-system name: config data: config: | address-pools: - name: default protocol: layer2 addresses: - 192.168.1.240-192.168.1.240 <!--NeedCopy-->
Citrix ADC CPX service installation
Once the metal LB is successfully installed, you can install the Citrix ADC CPX deployment and a service of type
To install Citrix ADC CPX, you can either use the YAML file or Helm charts.
To install Citrix ADC CPX using the YAML file, perform the following steps:
Download the Citrix ADC CPX deployment manifests.
Edit the Citrix ADC CPX deployment YAML:
- Set the replica count as needed. It is better to have more than one replica for high availability.
- Change the service type to
Apply the edited YAML file using the Kubectl command.
kubectl apply –f citrix-k8s-cpx-ingress.yaml
View the service using the following command:
kubectl get svc cpx-service -output yaml
You can see that MetalLB allocates an external IP address to the Citrix ADC CPX service as follows:
apiVersion: v1 kind: Service metadata: name: cpx-service namespace: default spec: clusterIP: 10.107.136.241 externalTrafficPolicy: Cluster healthCheckNodePort: 31916 ports: - name: http nodePort: 31528 port: 80 protocol: TCP targetPort: 80 - name: https nodePort: 31137 port: 443 protocol: TCP targetPort: 443 selector: app: cpx-ingress sessionAffinity: None type: LoadBalancer status: loadBalancer: ingress: - ip: 192.168.1.240 <!--NeedCopy-->
Deploy a sample application
Perform the following steps to deploy a sample application and verify the deployment.
Create a sample deployment using the sample-deployment.yaml file.
kubectl create –f sample-deployment.yaml
Expose the application with a service using the sample-service.yaml file.
kubectl create –f sample-service.yaml
Once the service is created, you can add an ingress resource using the sample-ingress.yaml.
kubectl create –f sample-ingress.yaml
You can test the Ingress by accessing the application using a
cpx-service external IP address as follows:
curl -v http://192.168.1.240 -H ‘host: testdomain.com’
For more information on configuration and troubleshooting for MetalLB see the following links: