NetScaler ingress controller

Supported platforms and deployments

This topic provides details about various Kubernetes platforms, deployment topologies, features, and CNIs supported in Cloud-Native deployments that include NetScaler and NetScaler Ingress Controller.

Kubernetes platforms

NetScaler Ingress Controller is supported on the following platforms:

  • Kubernetes v1.10 (and later) on bare metal or self-hosted on public clouds such as, AWS, GCP, or Azure.
  • Google Kubernetes Engine (GKE)
  • Elastic Kubernetes Service (EKS)
  • Azure Kubernetes Service (AKS)
  • Red Hat OpenShift version 3.11 and later
  • Pivotal Container Service (PKS)
  • Diamanti Enterprise Kubernetes Platform
  • Mirantis Kubernetes Engine
  • VMware Tanzu

NetScaler platforms

The following table lists the NetScaler platforms supported by the NetScaler Ingress Controller:

NetScaler Platform Versions
NetScaler MPX 11.1–61.7 and later
NetScaler VPX 11.1–61.7 and later
NetScaler CPX 12.1–51.16 and later

Supported deployment topologies on platforms (on-premises)

The following table lists the various deployment topologies supported by the NetScaler Ingress Controller on the supported Kubernetes (on-premises) platforms:

Deployment Topologies Kubernetes Red Hat OpenShift PKS
Single-Tier (NetScaler MPX or VPX in tier-1) Yes Yes Yes
Dual-Tier (NetScaler MPX or VPX in tier-1 and NetScaler CPXs in tier-2) Yes Yes Yes
Service mesh lite Yes Yes Yes
Services of type LoadBalancer Yes Yes Yes
Services of type NodePort Yes Yes Yes

Supported deployment topologies on cloud platforms

The following table lists the various deployment topologies supported by the NetScaler Ingress Controller on the supported cloud platforms:

Deployment Topologies GKE EKS AKS (Basic mode - Kubenet) AKS (Advanced mode - Azure CNI)  
Single-Tier Cloud topology (NetScaler VPX in tier-1) Yes Yes Yes Yes  
Dual-Tier Cloud topology (NetScaler VPX in tier-1 and NetScaler CPXs in tier-2) Yes No Yes Yes  
Dual-Tier Cloud topology (Cloud LB in tier-1 and NetScaler CPXs in tier-2) Yes No Yes Yes  

Supported NetScaler Ingress Controller feature on platforms

The following table lists the NetScaler Ingress Controller features supported on various cloud-native platforms:

NetScaler Ingress Controller features Kubernetes Google Cloud AWS Azure Red Hat OpenShift PKS  
TCP Ingress Yes Yes Yes Yes Yes Yes  
UDP Ingress Yes Yes Yes Yes Yes Yes  
SSL Ingress Yes Yes Yes Yes Yes Yes  
TCP over SSL Ingress Yes Yes Yes Yes Yes Yes  
HTTP, TCP, or SSL profiles Yes Yes Yes Yes Yes Yes  
NodePort support Yes Yes Yes Yes Yes Yes  
Type LoadBalancer support Yes No Yes No Yes Yes  
Rewrite and Responder CRD Yes Yes Yes Yes Yes Yes  
Rate limit CRD Yes Yes Yes Yes Yes Yes  
Auth CRD Yes Yes Yes Yes Yes Yes  
Advanced content routing Yes Yes Yes Yes Yes Yes  
WAF CRD Yes Yes Yes Yes Yes Yes  
Bot CRD Yes Yes Yes Yes Yes Yes  
OpenShift Routes N/A N/A N/A N/A Yes N/A  
OpenShift router sharding N/A N/A N/A N/A Yes N/A  
Simplified canary using Ingress Yes Yes Yes Yes Yes Yes  

The following table lists the NetScaler Ingress Controller features supported on the respective NetScaler Ingress Controller versions and NetScaler versions:

NetScaler Ingress Controller features NetScaler Ingress Controller versions NetScaler MPX or VPX versions NetScaler CPX versions
TCP Ingress 1.1.1 and later 11.1–61.7 and later 12.1–51.16 and later
UDP Ingress 1.1.1 and later 11.1–61.7 and later 12.1–51.16 and later
SSL Ingress 1.1.1 and later 11.1–61.7 and later 12.1–51.16 and later
TCP over SSL Ingress 1.1.1 and later 11.1–61.7 and later 12.1–51.16 and later
HTTP, TCP, or SSL profiles 1.4.392 11.1–61.7 and later 12.1–51.16 and later
NodePort support 1.1.1 and later 11.1–61.7 and later 12.1–51.16 and later
Type LoadBalancer support 1.2.0 and later 11.1–61.7 and later 12.1–51.16 and later
Rewrite and Responder CRD 1.1.1 and later 11.1–61.7 and later 12.1–51.16 and later
Rate limit CRD 1.4.392 11.1–61.7 and later 12.1–51.16 and later
Auth CRD 1.4.392 11.1–61.7 and later 12.1–51.16 and later
Advanced content routing 1.7.46 12.1–51.16 and later 12.1–51.16 and later
WAF CRD 1.9.2 13.0–65.4 and later 13.0–65.4 and later
Bot CRD 1.11.3 NetScaler VPX version 13.0.67.39 and later Not supported
OpenShift Routes 1.1.3 and later 12.1–51.16 and later 13.0–36.28 and later
OpenShift router sharding 1.2.0 and later 12.1–51.16 and later 13.0–36.28 and later
Simplified canary using Ingress Version 1.13.15 and later 11.1–61.7 and later 12.1–51.16 and later

Container network interfaces (CNIs) for NetScaler CPX

The following table lists the Container network interfaces (CNIs) supported by NetScaler CPX:

Container network interfaces (CNI) NetScaler CPX versions
Flannel 12.1–51.16 and later
Kubenet 12.1–51.16 and later
Calico 13.0–36.28
Canal 13.0–36.28
Calico on GKE 12.1–51.16 and later
OVS 13.0–36.28
Weave 12.1–51.16 and later
Cilium 13-0-71-40 and later

Supported container runtime interfaces for NetScaler CPX

The following table lists the container runtime interfaces (CRIs) supported by NetScaler CPX.

CRI Supported versions of NetScaler CPX
Docker 11.1 and later
CRI-O 13.0–47.103 and later

Support matrix for cloud native solution components

The following matrix provides information on compatibility between the different components of the cloud native solution offered by Citrix.

For example, the first row of this table explains the versions of NetScaler CPX/VPX/MPX which supports different components of the NetScaler cloud native solution. In this table NA is marked if the components are not dependent on each other or when the components are the same.

Product/component NetScaler CPX/VPX/MPX NetScaler Ingress Controller NetScaler Observability Exporter Citrix istio adaptor node controller ADM agent ADM service ADM on-prem NetScaler Metrics Exporter —————– ————- ————- ————————— ————————- ————— —————– ——————————– ——————————– ——————————–
NetScaler CPX/VPX/MPX NA NetScaler Ingress Controller version 1.1.1 onwards is supported with CPX version 12.1+ onwards and VPX/MPX 11.1+ onwards COE version 1.0.001 onwards is supported with VPX/MPX/CPX: 13.0 onwards CIA version 1.0.0-alpha onwards is supported with CPX/VPX/MPX 12.1+ onwards CPX/VPX/MPX 12.0 onwards CPX/VPX/MPX 13.0–47.22 onwards CPX/VPX/MPX 13.0–47.22 onwards CPX/VPX/MPX 11.1 onwards CPX/VPX/MPX 12.1 onwards                    
NetScaler Ingress Controller CPX 12.1+ onwards and VPX/MPX 11.1+ onwards supports NetScaler Ingress Controller version 1.1.1 onwards NA COE version 1.0.001 and onwards is supported with NetScaler Ingress Controller version 1.5.6 onwards NA NA NA NA NA NA                    
NetScaler Observability Exporter CPX/VPX/MPX 13.0 onwards is supported with COE version 1.0.001 onwards NetScaler Ingress Controller version 1.5.6 onwards is supported with COE version 1.0.001 onwards NA CIA version 1.2.0-beta onwards is supported with COE version 1.0.001 onwards NA NA NA NA NA                    
Citrix istio adaptor CPX/VPX/MPX 12.1+ onwards is supported with CIA version 1.2.0-beta onwards NA COE version 1.0.001 is supported with CIA version 1.2.0-beta onwards NA NA NA NA NA NA                    
node controller CPX/VPX/MPX 12.0 onwards NA NA NA NA NA NA NA NA                    
ADM agent CPX/VPX/MPX 13.0–47.22 onwards NA NA NA NA NA NA NA NA                    
ADM service CPX/VPX/MPX 13.0–47.22 onwards NA NA NA NA NA NA NA NA                    
ADM on-prem CPX/VPX/MPX 11.1 onwards NA NA NA NA NA NA NA NA                    
NetScaler Metrics Exporter CPX/VPX/MPX 12.1 onwards NA NA NA NA NA NA NA NA                    

Note:

For better use case coverage, use the latest versions of the components provided in the compatibility table.