Detailed procedures to setup service mesh topology 编辑

Detailed procedures to setup service mesh topology

The prerequisites to deploy the service mesh topology is available at Setting up service graph.

Configure Citrix ADM agent

To enable communication between Kubernetes cluster and Citrix ADM, you must install and configure a Citrix ADM agent. You can configure an agent using a hypervisor, public cloud services (such as Microsoft Azure, AWS), or built-in agent available on Citrix ADC instances (ideal for HA deployments).

Follow the procedure to configure an agent.

Note

  • You can also use an existing agent.

  • The Citrix ADM agents are, by default, automatically upgraded to Citrix ADM latest build. You can view the agent details on the Infrastructure > Instances > Agents page. You can also specify the time when you want the agent upgrades to happen. For more information, see Configuring Agent Upgrade Settings.

Configure static routes in Citrix ADM agent

Inside the Kubernetes cluster, all containerized pods use an overlay network. Establishing the communication using those private IP addresses directly is not possible. To enable communication from Citrix ADM to Kubernetes cluster, you must configure static routing in Citrix ADM agent.

Consider that you have the following IP addresses for your Kubernetes cluster:

  • Kubernetes master – 101.xx.xx.112

  • Kubernetes worker 1 – 101.xx.xx.111

  • Kubernetes worker 2 – 101.xx.xx.110

On the Kubernetes master, run the following command to identify the pod network to do the static routing:

kubectl get nodes -o jsonpath="{range .items[*]}{'podNetwork: '}{.spec.podCIDR}{'\t'}{'gateway: '}{.status.addresses[0].address}{'\n'}{end}"

The following is an example output after you run the command:

Example command

After successfully configuring a Citrix ADM agent:

  1. Using an SSH client, log on to Citrix ADM agent

  2. Type shell and press Enter to switch to bash

  3. Configure the static routing using the command route add -net <public IP address range> <Kubernetes IP address>

    For example:

    route add -net 192.168.0.0/24 101.xx.xx.112

    route add -net 192.168.1.0/24 101.xx.xx.111

    route add -net 192.168.2.0/24 101.xx.xx.110

  4. Verify the configuration by using netstat -rn

    static routing

  5. Append these route commands in /mpsconfig/svm.conf file.

    1. In Citrix ADM agent, access the svm.conf file using the following command:

      vim /mpsconfig/svm.conf

    2. Add the static routes in svm.conf file.

      For example, route add -net 192.168.0.0/24 101.xx.xx.112.

Configure the required parameters

In the Kubernetes master:

  1. Create secret with Citrix ADM Agent Credentials in every namespace where CPX as an ingress gateway / sidecar is deployed.

    kubectl create secret generic admlogin --from-literal=username=<username> --from-literal=password=<password> -n <namespace>

  2. helm repo add citrix https://citrix.github.io/citrix-helm-charts/

  3. Deploy the Citrix ADC CPX as an Ingress Gateway

    helm install citrix-adc-istio-ingress-gateway citrix/citrix-adc-istio-ingress-gateway --version 1.2.1 --namespace <namespace> --set ingressGateway.EULA=YES,citrixCPX=true,ADMSettings.ADMFingerPrint=XX:00:X1:00:XX:0X:X0,ADMSettings.ADMIP=<xx.xx.xx.xx>, ingressGateway.image=quay.io/citrix/citrix-k8s-cpx-ingress,ingressGateway.tag=13.0-58.30

    The following table lists the configurable parameters in the Helm chart and its default values:

    ParameterDescriptionDefaultOptional/Mandatory (helm)
    citrixCPXCitrix ADC CPXFALSEMandatory for Citrix ADC CPX
    xDSAdaptor.imageImage of the Citrix xDS adaptor containerquay.io/citrix/citrix-istio-adaptor:1.2.1Mandatory
    ADMSettings.ADMIPCitrix ADM IP addressnullMandatory for Citrix ADC CPX
    ADMSettings.ADMFingerPrintThe Citrix ADM Fingerprint. Navigate to Infrastructure > Instances > Agents, select the agent, and click View FingerprintnullOptional
    ingressGateway.EULAEnd User License Agreement(EULA) terms and conditions. If yes, then user agrees to EULA terms and conditions.NOMandatory for Citrix ADC CPX
    ingressGateway.imageImage of Citrix ADC CPX designated to run as Ingress Gatewayquay.io/citrix/citrix-k8s-cpx-ingress:13.0–58.30Mandatory for Citrix ADC CPX
  4. Deploy the Citrix SideCar Injector.

    helm install cpx-sidecar-injector citrix/citrix-cpx-istio-sidecar-injector --version 1.2.1 --namespace <namespace> set cpxProxy.EULA=YES,ADMSettings.ADMFingerPrint=xx:xx:xx:xx,ADMSettings.ADMIP=<xx.xx.xx.xx>,cpxProxy.image=quay.io/citrix/citrix-k8s-cpx-ingress,cpxProxy.tag=13.0-58.30

    The following table lists the configurable parameters in the Helm chart and its default values:

    ParameterDescriptionDefault value
    ADMSettings.ADMIPThe Citrix ADM IP addressNIL
    cpxProxy.imageCitrix ADC CPX image used as sidecar proxyquay.io/citrix/citrix-k8s-cpx-ingress:13.0–58.30
    cpxProxy.imagePullPolicyImage pull policy for Citrix ADCIfNotPresent
    cpxProxy.EULAEnd User License Agreement(EULA) terms and conditions. If yes, then user agrees to EULA terms and conditions.NO
    cpxProxy.cpxSidecarModeEnvironment variable for Citrix ADC CPX. It indicates that Citrix ADC CPX is running as sidecar mode or not.YES
  5. Set the label on any Namespace that needs CPX Sidecar Injection.

    kubectl label namespace <app-namespace> cpx-injection=enabled

    After performing step 3 and 5, you can see the Citrix ADC CPX is registered in Citrix ADM.

Deploy a sample application

Consider that you want to deploy the following applications:

Deploy sample apps

Perform the following procedure to deploy a sample application:

  1. kubectl create namespace citrix-system

  2. kubectl create namespace bookinfo

  3. kubectl label namespace bookinfo cpx-injection=enabled

  4. kubectl create secret generic admlogin --from-literal=username=<uername> --from-literal=password=<password> -n citrix-system

    Note

    You can give a user name and a password of your choice.

  5. kubectl create secret generic admlogin --from-literal=username=<username> --from-literal=password=<password> -n bookinfo

    Note

    You can give a user name and a password of your choice.

  6. helm install citrix-adc-istio-ingress-gateway citrix/citrix-adc-istio-ingress-gateway --version 1.2.1 --namespace citrix-system --set ingressGateway.EULA=YES,citrixCPX=true,ADMSettings.ADMFingerPrint=xx:xx:xx:xx,ADMSettings.ADMIP=<ADM agent IP address>,ingressGateway.image=quay.io/citrix/citrix-k8s-cpx-ingress,ingressGateway.tag=13.0-58.30

    Note

    You must give your Citrix ADM fingerprint and Citrix ADM agent IP address

  7. helm install cpx-sidecar-injector citrix/citrix-cpx-istio-sidecar-injector --namespace citrix-system --set cpxProxy.EULA=YES,ADMSettings.ADMFingerPrint=xx:xx:xx:xx,ADMSettings.ADMIP=<ADM agent IP address>,cpxProxy.image=quay.io/citrix/citrix-k8s-cpx-ingress,cpxProxy.tag=13.0-58.30

    Note

    You must give your Citrix ADM fingerprint and Citrix ADM agent IP address

  8. helm install bookinfo bookinfo/ --namespace bookinfo --set citrixIngressGateway.namespace=citrix-system

Add Kubernetes cluster in Citrix ADM

To add the Kubernetes cluster:

  1. Log on to Citrix ADM with administrator credentials.

  2. Navigate to Infrastructure > Orchestration > Kubernetes > Cluster. The Clusters page is displayed.

  3. Click Add.

  4. In the Add Cluster page, specify the following parameters:

    1. Name - Specify a name of your choice.

    2. API Server URL - You can get the API Server URL details from the Kubernetes Master node.

      1. On the Kubernetes master node, run the command kubectl cluster-info.

        API Server URL

      2. Enter the URL that displays for “Kubernetes master is running at.”

    3. Authentication Token - Specify the authentication token. The authentication token is required to validate access for communication between Kubernetes cluster and Citrix ADM. To generate an authentication token:

      On the Kubernetes master node:

      1. Use the following YAML to create a service account:

        apiVersion: v1
        kind: ServiceAccount
        metadata:
          name: <name>
          namespace: <namespace>
        <!--NeedCopy-->
        

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据

词条统计

浏览:90 次

字数:14107

最后编辑:7 年前

编辑次数:0 次

    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文