Citrix ADC ingress controller

Expose Service of type NodePort using Ingress

In a single-tier deployment, the Ingress Citrix ADC (VPX or MPX) outside the Kubernetes cluster receives all the Ingress traffic to the microservices deployed in the Kubernetes cluster. For the Ingress traffic to reach the microservices, you need to establish network connectivity between the Ingress Citrix ADC instance and pods.

As pods run on overlay network, the pod IP addresses are private IP addresses and the Ingress Citrix ADC instance cannot reach the microservices running within the pods. To make the service accessible from outside of the cluster, you can create the service of type NodePort. The Citrix ADC instance load balances the Ingress traffic to the nodes that contain the pods.

To create the service of type NodePort, in your service definition file, specify spec.type:NodePort and optionally specify a port in the range 30000–32767.

Sample deployment

Consider a scenario wherein you are using a NodePort based service, for example, an apache app and want to expose the app to North-South traffic using an Ingress. In this case, you need to create the apache app deployment, define the service of type NodePort, and create an Ingress definition to configure Ingress Citrix ADC to send the North-South traffic to the nodeport of the apache app.

In this example, you create a deployment named apache, and deploy it in your Kubernetes cluster.

  1. Create a manifest for the deployment named apache-deployment.yaml.

    # If using this on GKE
    # Make sure you have cluster-admin role for your account
    # kubectl create clusterrolebinding citrix-cluster-admin --clusterrole=cluster-admin --user=<username of your google account>
    #
    
    #For illustration a basic apache web server is used as a application
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: apache
      labels:
          name: apache
    spec:
      selector:
        matchLabels:
          app: apache
      replicas: 4
      template:
        metadata:
          labels:
            app: apache
        spec:
          containers:
          - name: apache
            image: httpd:latest
            ports:
            - name: http
              containerPort: 80
            imagePullPolicy: IfNotPresent
    <!--NeedCopy-->
    

    Containers in this deployment listen on port 80.

  2. Create the deployment using the following command:

    kubectl create -f apache-deployment.yaml
    
  3. Verify that four pods are running using the following:

    kubectl get pods
    
  4. Once you verify that pods are up and running, create a service of type NodePort. The following is a manifest for the service:

    #Expose the apache web server as a Service
    apiVersion: v1
    kind: Service
    metadata:
      name: apache
      labels:
        name: apache
    spec:
      type: NodePort
      ports:
      - name: http
        port: 80
        targetPort: http
      selector:
        app: apache
    <!--NeedCopy-->
    
  5. Copy the manifest to a file named apache-service.yaml and create the service using the following command:

    kubectl create -f apache-service.yaml
    

    The sample deploys and exposes the Apache web server as a service. You can access the service using the <NodeIP>:<NodePort> address.

  6. After you have deployed the service, create an Ingress resource to configure the Ingress Citrix ADC to send the North-South traffic to the nodeport of the apache app. The following is a manifest for the Ingress definition named as vpx-ingress.yaml.

    apiVersion: networking.k8s.io/v1
    kind: Ingress
    metadata:
      annotations:
        ingress.citrix.com/frontend-ip: xx.xxx.xxx.xx
      name: vpx-ingress
    spec:
      defaultBackend:
        service:
          name: apache
          port:
            number: 80
    <!--NeedCopy-->
    
  7. Deploy the Ingress object.

    kubectl create -f vpx-ingress.yaml
    
Expose Service of type NodePort using Ingress