-
-
-
-
Importing and synchronizing StyleBooks from GitHub repository
-
Simplified migration of Citrix ADC application configuration using StyleBooks
-
-
Use ADM log messages for managing and monitoring your infrastructure
-
-
Citrix ADC automation using Citrix ADM in Cisco ACI hybrid mode
-
Citrix ADC device package in Cisco ACI's cloud orchestrator mode
-
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Detailed procedures to set up service mesh topology
The prerequisites to deploy the service mesh topology is available at Setting up service graph.
Configure static routes in Citrix ADM
Inside the Kubernetes cluster, all containerized pods use an overlay network. Establishing the communication using those private IP addresses directly is not possible. To enable communication from Citrix ADM to Kubernetes cluster, you must configure static routing in Citrix ADM.
Note
If you are using an on-prem agent, ensure you configure static routes on the agent. Using an SSH client, log on to Citrix ADM agent and configure the static routes.
Consider that you have the following IP addresses for your Kubernetes cluster:
-
Kubernetes master – 101.xx.xx.112
-
Kubernetes worker 1 – 101.xx.xx.111
-
Kubernetes worker 2 – 101.xx.xx.110
On the Kubernetes master, run the following command to identify the pod network to do the static routing:
kubectl get nodes -o jsonpath="{range .items[*]}{'podNetwork: '}{.spec.podCIDR}{'\t'}{'gateway: '}{.status.addresses[0].address}{'\n'}{end}"
The following is an example output after you run the command:
-
Using an SSH client, log on to Citrix ADM
-
Configure the static routing using the command
route add -net <public IP address range> <Kubernetes IP address>
For example:
route add -net 192.168.0.0/24 101.xx.xx.112
route add -net 192.168.1.0/24 101.xx.xx.111
route add -net 192.168.2.0/24 101.xx.xx.110
-
Verify the configuration by using
netstat -rn
-
Append these route commands in
/mpsconfig/svm.conf
file.-
In Citrix ADM, access the svm.conf file using the following command:
vim /mpsconfig/svm.conf
-
Add the static routes in svm.conf file.
For example,
route add -net 192.168.0.0/24 101.xx.xx.112
.
-
Configure the required parameters
In the Kubernetes master:
-
Create secret with ADM Agent Credentials in every namespace where CPX as an ingress gateway / sidecar is deployed.
kubectl create secret generic admlogin --from-literal=username=<username> --from-literal=password=<password> -n <namespace>
-
helm repo add citrix https://citrix.github.io/citrix-helm-charts/
-
Deploy the Citrix ADC CPX as an Ingress Gateway
helm install citrix-adc-istio-ingress-gateway citrix/citrix-adc-istio-ingress-gateway --version 1.2.1 --namespace <namespace> --set ingressGateway.EULA=YES,citrixCPX=true,ADMSettings.ADMFingerPrint=XX:00:X1:00:XX:0X:X0,ADMSettings.ADMIP=<xx.xx.xx.xx>, ingressGateway.image=quay.io/citrix/citrix-k8s-cpx-ingress,ingressGateway.tag=13.0-58.30
The following table lists the configurable parameters in the Helm chart and its default values:
Parameter Description Default Optional/Mandatory (helm) citrixCPX Citrix ADC CPX FALSE Mandatory for Citrix ADC CPX xDSAdaptor.image Image of the Citrix xDS adaptor container quay.io/citrix/citrix-istio-adaptor:1.2.1 Mandatory ADMSettings.ADMIP Citrix ADM IP address null Mandatory for Citrix ADC CPX ADMSettings.ADMFingerPrint The Citrix ADM Fingerprint. Navigate to System > Adminstration, and click View Fingerprint under System Configurations null Optional ingressGateway.EULA End User License Agreement(EULA) terms and conditions. If yes, then user agrees to EULA terms and conditions. NO Mandatory for Citrix ADC CPX ingressGateway.image Image of Citrix ADC CPX designated to run as Ingress Gateway quay.io/citrix/citrix-k8s-cpx-ingress:13.0–58.30 Mandatory for Citrix ADC CPX -
Deploy the Citrix SideCar Injector.
helm install cpx-sidecar-injector citrix/citrix-cpx-istio-sidecar-injector --version 1.2.1 --namespace <namespace> set cpxProxy.EULA=YES,ADMSettings.ADMFingerPrint=xx:xx:xx:xx,ADMSettings.ADMIP=<xx.xx.xx.xx>,cpxProxy.image=quay.io/citrix/citrix-k8s-cpx-ingress,cpxProxy.tag=13.0-58.30
The following table lists the configurable parameters in the Helm chart and its default values:
Parameter Description Default value ADMSettings.ADMIP The Citrix ADM IP address NIL cpxProxy.image Citrix ADC CPX image used as sidecar proxy quay.io/citrix/citrix-k8s-cpx-ingress:13.0–58.30 cpxProxy.imagePullPolicy Image pull policy for Citrix ADC IfNotPresent cpxProxy.EULA End User License Agreement(EULA) terms and conditions. If yes, then user agrees to EULA terms and conditions. NO cpxProxy.cpxSidecarMode Environment variable for Citrix ADC CPX. It indicates that Citrix ADC CPX is running as sidecar mode or not. YES -
Set the label on any Namespace that needs CPX Sidecar Injection.
kubectl label namespace <app-namespace> cpx-injection=enabled
After performing step 3 and 5, you can see the Citrix ADC CPX is registered in Citrix ADM.
Deploy a sample application
Consider that you want to deploy the following applications:
Perform the following procedure to deploy a sample application:
-
kubectl create namespace citrix-system
-
kubectl create namespace bookinfo
-
kubectl label namespace bookinfo cpx-injection=enabled
-
kubectl create secret generic admlogin --from-literal=username=<uername> --from-literal=password=<password> -n citrix-system
Note
You can give a user name and a password of your choice.
-
kubectl create secret generic admlogin --from-literal=username=<username> --from-literal=password=<password> -n bookinfo
Note
You can give a user name and a password of your choice.
-
helm install citrix-adc-istio-ingress-gateway citrix/citrix-adc-istio-ingress-gateway --version 1.2.1 --namespace citrix-system --set ingressGateway.EULA=YES,citrixCPX=true,ADMSettings.ADMFingerPrint=xx:xx:xx:xx,ADMSettings.ADMIP=<ADM agent IP address>,ingressGateway.image=quay.io/citrix/citrix-k8s-cpx-ingress,ingressGateway.tag=13.0-58.30
Note
You must give your ADM fingerprint and ADM agent or ADM IP address
-
helm install cpx-sidecar-injector citrix/citrix-cpx-istio-sidecar-injector --namespace citrix-system --set cpxProxy.EULA=YES,ADMSettings.ADMFingerPrint=xx:xx:xx:xx,ADMSettings.ADMIP=<ADM agent IP address>,cpxProxy.image=quay.io/citrix/citrix-k8s-cpx-ingress,cpxProxy.tag=13.0-58.30
Note
You must give your ADM fingerprint and ADM agent or ADM IP address
-
helm install bookinfo bookinfo/ --namespace bookinfo --set citrixIngressGateway.namespace=citrix-system
Add Kubernetes cluster in Citrix ADM
To add the Kubernetes cluster:
-
Log on to Citrix ADM with administrator credentials.
-
Navigate to Orchestration > Kubernetes > Cluster. The Clusters page is displayed.
-
Click Add.
-
In the Add Cluster page, specify the following parameters:
-
Name - Specify a name of your choice.
-
API Server URL - You can get the API Server URL details from the Kubernetes Master node.
-
On the Kubernetes master node, run the command
kubectl cluster-info
. -
Enter the URL that displays for “Kubernetes master is running at.”
-
-
Authentication Token - Specify the authentication token. The authentication token is required to validate access for communication between Kubernetes cluster and Citrix ADM. To generate an authentication token:
On the Kubernetes master node:
-
Use the following YAML to create a service account:
apiVersion: v1 kind: ServiceAccount metadata: name: <name> namespace: <namespace> <!--NeedCopy-->
-
Run
kubectl create -f <yaml file>
.The service account is created.
-
Run
kubectl create clusterrolebinding <name> --clusterrole=cluster-admin --serviceaccount=<namespace>:<name>
to bind the cluster role to service account.The service account now has the cluster-wide access.
A token is automatically generated while creating the service account.
-
Run
kubectl describe sa <name>
to view the token. -
To get the secret string, run
kubectl describe secret <token-name>
.
-
-
Select the agent from the list.
Note
If you are using an ADM agent, ensure to select the same agent that you have added in the CPX YAML.
-
Click Create.
-
Enable auto select virtual servers for licensing
Note
Ensure you have sufficient virtual server licenses. For more information, see Licensing
After you add Kubernetes cluster in Citrix ADM, you must ensure to auto-select virtual servers for licensing. Virtual servers must be licensed to display data in Service Graph. To auto-select virtual servers:
-
Navigate to System > Licensing & Analytics.
-
Under Virtual Server License Summary, enable Auto-select Virtual Servers and Auto-select non addressable Virtual Servers.
Enable Web Transaction and TCP Transaction settings
After you add the Kubernetes cluster and enable the auto-select virtual servers, change the Web Transaction Settings and TCP Transactions Settings to All.
-
Navigate to Analytics > Settings.
The Settings page is displayed.
-
Click Enable Features for Analytics.
-
Under Web Transaction Settings, select All.
-
Under TCP Transactions Settings, select All.
-
Click OK.
Send traffic to microservices
Next, you must send traffic to microservices to get the service graph populated in Citrix ADM.
-
Determine the Ingress IP and port
export INGRESS_HOST=$(kubectl get pods -l app=citrix-ingressgateway -n citrix-system -o 'jsonpath={.items[0].status.hostIP}')
export INGRESS_PORT=$(kubectl -n citrix-system get service citrix-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}')
export SECURE_INGRESS_PORT=$(kubectl -n citrix-system get service citrix-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].nodePort}')
-
Access the Bookinfo front end application using cURL. The
productpage
service must return 200 OK response.curl -kv https://$INGRESS_HOST:$SECURE_INGRESS_PORT/productpage
curl -v http://$INGRESS_HOST:$INGRESS_PORT/productpage
-
Visit
https://$INGRESS_HOST:$SECURE_INGRESS_PORT/productpage
from a browser.The Bookinfo page is displayed.
-
Ensure that $INGRESS_HOST and $SECURE_INGRESS_PORT is replaced by an IP address and a port value.
After you send traffic to microservices, the service graph is populated approximately in 10 minutes duration.
Using the service graph, you can analyze various service details such as metrics, errors, and so on. For more information, see Service graph.
Share
Share
This Preview product documentation is Cloud Software Group Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Cloud Software Group Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Cloud Software Group product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.