Detailed procedures to setup service mesh topology 编辑
Detailed procedures to setup service mesh topology
The prerequisites to deploy the service mesh topology is available at Setting up service graph.
Configure Citrix ADM agent
To enable communication between Kubernetes cluster and Citrix ADM, you must install and configure a Citrix ADM agent. You can configure an agent using a hypervisor, public cloud services (such as Microsoft Azure, AWS), or built-in agent available on Citrix ADC instances (ideal for HA deployments).
Follow the procedure to configure an agent.
Note
You can also use an existing agent.
The Citrix ADM agents are, by default, automatically upgraded to Citrix ADM latest build. You can view the agent details on the Infrastructure > Instances > Agents page. You can also specify the time when you want the agent upgrades to happen. For more information, see Configuring Agent Upgrade Settings.
Configure static routes in Citrix ADM agent
Inside the Kubernetes cluster, all containerized pods use an overlay network. Establishing the communication using those private IP addresses directly is not possible. To enable communication from Citrix ADM to Kubernetes cluster, you must configure static routing in Citrix ADM agent.
Consider that you have the following IP addresses for your Kubernetes cluster:
Kubernetes master – 101.xx.xx.112
Kubernetes worker 1 – 101.xx.xx.111
Kubernetes worker 2 – 101.xx.xx.110
On the Kubernetes master, run the following command to identify the pod network to do the static routing:
kubectl get nodes -o jsonpath="{range .items[*]}{'podNetwork: '}{.spec.podCIDR}{'\t'}{'gateway: '}{.status.addresses[0].address}{'\n'}{end}"
The following is an example output after you run the command:
After successfully configuring a Citrix ADM agent:
Using an SSH client, log on to Citrix ADM agent
Type
shell
and press Enter to switch tobash
Configure the static routing using the command
route add -net <public IP address range> <Kubernetes IP address>
For example:
route add -net 192.168.0.0/24 101.xx.xx.112
route add -net 192.168.1.0/24 101.xx.xx.111
route add -net 192.168.2.0/24 101.xx.xx.110
Verify the configuration by using
netstat -rn
Append these route commands in
/mpsconfig/svm.conf
file.In Citrix ADM agent, access the svm.conf file using the following command:
vim /mpsconfig/svm.conf
Add the static routes in svm.conf file.
For example,
route add -net 192.168.0.0/24 101.xx.xx.112
.
Configure the required parameters
In the Kubernetes master:
Create secret with Citrix ADM Agent Credentials in every namespace where CPX as an ingress gateway / sidecar is deployed.
kubectl create secret generic admlogin --from-literal=username=<username> --from-literal=password=<password> -n <namespace>
helm repo add citrix https://citrix.github.io/citrix-helm-charts/
Deploy the Citrix ADC CPX as an Ingress Gateway
helm install citrix-adc-istio-ingress-gateway citrix/citrix-adc-istio-ingress-gateway --version 1.2.1 --namespace <namespace> --set ingressGateway.EULA=YES,citrixCPX=true,ADMSettings.ADMFingerPrint=XX:00:X1:00:XX:0X:X0,ADMSettings.ADMIP=<xx.xx.xx.xx>, ingressGateway.image=quay.io/citrix/citrix-k8s-cpx-ingress,ingressGateway.tag=13.0-58.30
The following table lists the configurable parameters in the Helm chart and its default values:
Parameter Description Default Optional/Mandatory (helm) citrixCPX Citrix ADC CPX FALSE Mandatory for Citrix ADC CPX xDSAdaptor.image Image of the Citrix xDS adaptor container quay.io/citrix/citrix-istio-adaptor:1.2.1 Mandatory ADMSettings.ADMIP Citrix ADM IP address null Mandatory for Citrix ADC CPX ADMSettings.ADMFingerPrint The Citrix ADM Fingerprint. Navigate to Infrastructure > Instances > Agents, select the agent, and click View Fingerprint null Optional ingressGateway.EULA End User License Agreement(EULA) terms and conditions. If yes, then user agrees to EULA terms and conditions. NO Mandatory for Citrix ADC CPX ingressGateway.image Image of Citrix ADC CPX designated to run as Ingress Gateway quay.io/citrix/citrix-k8s-cpx-ingress:13.0–58.30 Mandatory for Citrix ADC CPX Deploy the Citrix SideCar Injector.
helm install cpx-sidecar-injector citrix/citrix-cpx-istio-sidecar-injector --version 1.2.1 --namespace <namespace> set cpxProxy.EULA=YES,ADMSettings.ADMFingerPrint=xx:xx:xx:xx,ADMSettings.ADMIP=<xx.xx.xx.xx>,cpxProxy.image=quay.io/citrix/citrix-k8s-cpx-ingress,cpxProxy.tag=13.0-58.30
The following table lists the configurable parameters in the Helm chart and its default values:
Parameter Description Default value ADMSettings.ADMIP The Citrix ADM IP address NIL cpxProxy.image Citrix ADC CPX image used as sidecar proxy quay.io/citrix/citrix-k8s-cpx-ingress:13.0–58.30 cpxProxy.imagePullPolicy Image pull policy for Citrix ADC IfNotPresent cpxProxy.EULA End User License Agreement(EULA) terms and conditions. If yes, then user agrees to EULA terms and conditions. NO cpxProxy.cpxSidecarMode Environment variable for Citrix ADC CPX. It indicates that Citrix ADC CPX is running as sidecar mode or not. YES Set the label on any Namespace that needs CPX Sidecar Injection.
kubectl label namespace <app-namespace> cpx-injection=enabled
After performing step 3 and 5, you can see the Citrix ADC CPX is registered in Citrix ADM.
Deploy a sample application
Consider that you want to deploy the following applications:
Perform the following procedure to deploy a sample application:
kubectl create namespace citrix-system
kubectl create namespace bookinfo
kubectl label namespace bookinfo cpx-injection=enabled
kubectl create secret generic admlogin --from-literal=username=<uername> --from-literal=password=<password> -n citrix-system
Note
You can give a user name and a password of your choice.
kubectl create secret generic admlogin --from-literal=username=<username> --from-literal=password=<password> -n bookinfo
Note
You can give a user name and a password of your choice.
helm install citrix-adc-istio-ingress-gateway citrix/citrix-adc-istio-ingress-gateway --version 1.2.1 --namespace citrix-system --set ingressGateway.EULA=YES,citrixCPX=true,ADMSettings.ADMFingerPrint=xx:xx:xx:xx,ADMSettings.ADMIP=<ADM agent IP address>,ingressGateway.image=quay.io/citrix/citrix-k8s-cpx-ingress,ingressGateway.tag=13.0-58.30
Note
You must give your Citrix ADM fingerprint and Citrix ADM agent IP address
helm install cpx-sidecar-injector citrix/citrix-cpx-istio-sidecar-injector --namespace citrix-system --set cpxProxy.EULA=YES,ADMSettings.ADMFingerPrint=xx:xx:xx:xx,ADMSettings.ADMIP=<ADM agent IP address>,cpxProxy.image=quay.io/citrix/citrix-k8s-cpx-ingress,cpxProxy.tag=13.0-58.30
Note
You must give your Citrix ADM fingerprint and Citrix ADM agent IP address
helm install bookinfo bookinfo/ --namespace bookinfo --set citrixIngressGateway.namespace=citrix-system
Add Kubernetes cluster in Citrix ADM
To add the Kubernetes cluster:
Log on to Citrix ADM with administrator credentials.
Navigate to Infrastructure > Orchestration > Kubernetes > Cluster. The Clusters page is displayed.
Click Add.
In the Add Cluster page, specify the following parameters:
Name - Specify a name of your choice.
API Server URL - You can get the API Server URL details from the Kubernetes Master node.
On the Kubernetes master node, run the command
kubectl cluster-info
.Enter the URL that displays for “Kubernetes master is running at.”
Authentication Token - Specify the authentication token. The authentication token is required to validate access for communication between Kubernetes cluster and Citrix ADM. To generate an authentication token:
On the Kubernetes master node:
Use the following YAML to create a service account:
apiVersion: v1 kind: ServiceAccount metadata: name: <name> namespace: <namespace> <!--NeedCopy-->
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论