Detailed procedures to setup dual tier or service mesh lite topology 编辑
Detailed procedures to setup dual tier or service mesh lite topology
The prerequisites to deploy the dual tier or service mesh lite topology is available at Setting up service graph
.
Configure Citrix ADM agent
To enable communication between Kubernetes cluster and Citrix ADM, you must install and configure a Citrix ADM agent. You can configure an agent using a hypervisor, public cloud services (such as Microsoft Azure, AWS), or built-in agent available on Citrix ADC instances (ideal for HA deployments).
Follow the procedure
to configure an agent.
Note
You can also use an existing agent.
The Citrix ADM agents are, by default, automatically upgraded to Citrix ADM latest build. You can view the agent details on the Infrastructure > Instances > Agents page. You can also specify the time when you want the agent upgrades to happen. For more information, see Configuring Agent Upgrade Settings
.
Configure static routes in Citrix ADM agent
Inside the Kubernetes cluster, all containerized pods use an overlay network. Establishing the communication using those private IP addresses directly is not possible. To enable communication from Citrix ADM to Kubernetes cluster, you must configure static routing in Citrix ADM agent.
Consider that you have the following IP addresses for your Kubernetes cluster:
Kubernetes master – 101.xx.xx.112
Kubernetes worker 1 – 101.xx.xx.111
Kubernetes worker 2 – 101.xx.xx.110
On the Kubernetes master, run the following command to identify the pod network to do the static routing:
kubectl get nodes -o jsonpath="{range .items[*]}{'podNetwork: '}{.spec.podCIDR}{'\t'}{'gateway: '}{.status.addresses[0].address}{'\n'}{end}"
The following is an example output after you run the command:
After successfully configuring a Citrix ADM agent:
Using an SSH client, log on to Citrix ADM agent
Type
shell
and press Enter to switch tobash
Configure the static routing using the command
route add -net <public IP address range> <Kubernetes IP address>
For example:
route add -net 192.168.0.0/24 101.xx.xx.112
route add -net 192.168.1.0/24 101.xx.xx.111
route add -net 192.168.2.0/24 101.xx.xx.110
Verify the configuration by using
netstat -rn
Append these route commands in
/mpsconfig/svm.conf
file.In Citrix ADM agent, access the svm.conf file using the following command:
vim /mpsconfig/svm.conf
Add the static routes in svm.conf file.
For example,
route add -net 192.168.0.0/24 101.xx.xx.112
.
Download the sample deployment files from GitHub
Use the command git clone
https://github.com/citrix/citrix-k8s-ingress-controller.git
to clone the git hub repository in the master node.To access the YAMLs:
cd citrix-k8s-ingress-controller/example/servicegraph-demo/
Add parameters in CPX YAML file
Note
If you are using CPX 58.x or later, you must use the non-nsroot password while registering to Citrix ADM agent. To ensure security, Citrix ADM agent 61.x or later releases need mandatory password change. If your Citrix ADM agent is upgraded to 61.x or latest version, you must ensure to use CPX 58.x or later build.
You must include the following parameters in the cpx.yaml
file to ensure CPX registration with Citrix ADM:
- name: "NS_MGMT_SERVER" value: "xx.xx.xx.xx"- name: "NS_MGMT_FINGER_PRINT" value: "xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx"- name: "NS_HTTP_PORT" value: "9080"- name: "NS_HTTPS_PORT" value: 9443"- name: "NS_MGMT_USER" value: "nsroot"- name: "NS_MGMT_PASS" value: <your password>- name: "LOGSTREAM_COLLECTOR_IP" value: "xx.xx.xx.xx"<!--NeedCopy-->
NS_MGMT_SERVER – Indicates the Citrix ADM agent IP address
NS_MGMT_FINGER_PRINT – Indicates the authentication for CPX in Citrix ADM agent. To get the fingerprint:
In Citrix ADM, navigate to Infrastructure > Instances > Agents
Select the agent and then click View Fingerprint
NS_HTTP_PORT – Indicates the HTTP port for communication
NS_HTTPS_PORT – Indicates the HTTPS port for communication
NS_MGMT_USER - Indicates the user name
NS_MGMT_PASS - Indicates the password. Specify a password of your choice
LOGSTREAM_COLLECTOR_IP – Indicates the Citrix ADM agent IP address, where Logstream protocol must be enabled to transfer log data from CPX to Citrix ADM
Add VPX or SDX or MPX or BLX instance in Citrix ADM
To get the tier-1 ADC instance analytics in service graph, you must add the VPX/SDX/MPX/BLX instance in Citrix ADM and enable Web Insight. You must enable Web Insight for Citrix ADM to display the web transaction details from the VPX/SDX/MPX/BLX instance.
Navigate to Infrastructure > Instances > Citrix ADC
Click the Add option to add the instance. For more information, see Add instances in Citrix ADM
After adding the instance, select the virtual server and enable Web Insight. For more information, see Manage licensing and enable analytics on virtual servers
Add Kubernetes cluster in Citrix ADM
To add the Kubernetes cluster:
Log on to Citrix ADM with administrator credentials.
Navigate to Infrastructure > Orchestration> Kubernetes > Cluster.The Clusters page is displayed.
Click Add.
In the Add Cluster page, specify the following parameters:
Name - Specify a name of your choice.
API Server URL - You can get the API Server URL details from the Kubernetes Master node.
On the Kubernetes master node, run the command
kubectl cluster-info
.Enter the URL that displays for “Kubernetes master is running at.”
Authentication Token - Specify the authentication token. The authentication token is required to validate access for communication between Kubernetes cluster and Citrix ADM. To generate an authentication token:
On the Kubernetes master node:
Use the following YAML to create a service account:
apiVersion: v1kind: ServiceAccountmetadata: name: <name> namespace: <namespace><!--NeedCopy-->
Run
kubectl create -f <yaml file>
.The service account is created.
Run
kubectl create clusterrolebinding <name> --clusterrole=cluster-admin --serviceaccount=<namespace>:<name>
to bind the cluster role to service account.The service account now has the cluster-wide access.
A token is automatically generated while creating the service account.
Run
kubectl describe sa <name>
to view the token.To get the secret string, run
kubectl describe secret <token-name>
.
Select the agent from the list.
Note
Ensure to select the same agent that you have added in the CPX YAML.
Click Create.
Deploy a sample microservice application
On the master node:
Run
kubectl create -f namespace.yaml
to create a namespace.Deploy
hotdrink
microservices, ingress, and secrets using following commands:kubectl create -f team_hotdrink.yaml -n sg-demo
kubectl create -f hotdrink-secret.yaml -n sg-demo
Deploy CPX and register CPX in Citrix ADM
Run
kubectl create -f rbac.yaml
to deploy cluster role and cluster binding.Run
kubectl create -f cpx.yaml -n sg-demo
to deploy CPX.
After the deployment, the CPX registration is automatically done.
Enable auto select virtual servers for licensing
Note
Ensure you have sufficient virtual server licenses. For more information, see Licensing
After you add Kubernetes cluster in Citrix ADM, you must ensure to auto-select virtual servers for licensing. CPX virtual servers must be licensed to display data in service graph. To auto-select virtual servers:
Navigate to Settings > Citrix ADM Licensing & Analytics Config.
Under Virtual Server License Summary, enable Auto-select Virtual Servers and Auto-select non addressable Virtual Servers.
Enable Web Transaction and TCP Transaction settings
After you add the Kubernetes cluster and enable the auto-select virtual servers, change the Web Transaction Settings and TCP Transactions Settings to All.
Navigate to Settings > Analytics Settings.
The Settings page is displayed.
Click Enable Features for Analytics.
Under Web Transaction Settings, select All.
Under TCP Transactions Settings, select All.
Click OK.
Send traffic to microservices
Next, you must send traffic to microservices to get the service graph populated in Citrix ADM.
Run
kubectl get svc -n sg-demo
to expose CPX through NodePort.Edit the etc/host file and create a domain IP entry for
hotdrink.beverages.com
You can now access the microservice using
https://hotdrink.beverages.com
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论