NetScaler Console service

Manage the Kubernetes cluster for Service Graph

Kubernetes (K8s) is an open source container orchestration platform that automates the deployment, scaling, and management of cloud-native applications.


  • NetScaler Console supports the visibility of clusters for Service graph with Kubernetes version 1.14–1.23.

You can specify the following aspects of Kubernetes integration in NetScaler Console:

  • Cluster – You can register or unregister Kubernetes clusters for which NetScaler Console monitors all microservices and populates the Service graph. When you register a cluster in NetScaler Console, specify the Kubernetes API server information. Then, select an agent that can reach the Kubernetes cluster.

Before you begin

To monitor and visualize your microservices on Kubernetes clusters and get started on Service Graph, ensure you have:

  • Kubernetes cluster in place.

  • The agent installed and configured to enable communication between NetScaler Console and Kubernetes cluster or managed instances. You can use the managed instances that are present in your data center or cloud.

  • Kubernetes cluster registered in NetScaler Console.

Configure NetScaler agent to register with Kubernetes cluster

To enable communication between Kubernetes cluster and NetScaler Console, you must install and configure an agent. You can deploy an agent on the following platforms:

  • Hypervisor (ESX, XenServer, KVM, Hyper-V)

  • Public Cloud Services (such as Microsoft Azure, AWS)

Follow the procedure to configure an agent.


You can also use an existing agent if one is already deployed.

Configure the NetScaler Console with a secret token to manage a Kubernetes cluster

For NetScaler Console to be able to receive events from Kubernetes, you need to create a service account in Kubernetes for NetScaler Console. And, configure the service account with the necessary RBAC permissions in the Cluster.

  1. Create a service account for NetScaler Console. For example, the service account name can be citrixadm-sa. To create a service account, see Use Multiple Service Accounts.

  2. Use the cluster-admin role to bind the NetScaler Console account. This binding grants a ClusterRole across the cluster to a service account. The following is an example command to bind a cluster-admin role to the service account.

    kubectl create clusterrolebinding citrixadm-sa-admin --clusterrole=cluster-admin --serviceaccount=default:citrixadm-sa

    After binding the NetScaler Console account to the cluster-admin role, the service account has the cluster-wide access. For more information, see kubectl create clusterrolebinding.

  3. Obtain the token from the created service account.

    For example, run the following command to view the token for the citrixadm-sa service account:

    kubectl describe sa citrixadm-sa
  4. Run the following command to obtain the secret string of the token:

    kubectl describe secret <token-name>

Add the Kubernetes cluster in NetScaler Console

After you configure an agent and configure static routes, you must register the Kubernetes cluster in NetScaler Console.

To register the Kubernetes cluster:

  1. Log on to NetScaler Console with administrator credentials.

  2. Navigate to Orchestration > Kubernetes > Cluster. The Clusters page is displayed.

  3. Click Add.

  4. In the Add Cluster page, specify the following parameters:

    1. Name - Specify a name of your choice.

    2. API Server URL - You can get the API Server URL details from the Kubernetes Master node.

      1. On the Kubernetes master node, run the command kubectl cluster-info.

        API Server URL

      2. Enter the URL that displays for “Kubernetes master is running at.”

    3. Authentication Token - Specify the authentication token string obtained while you configure NetScaler Console to manage a Kubernetes cluster. The authentication token is required to validate access for communication between Kubernetes cluster and NetScaler Console. To generate an authentication token:

      1. On the Kubernetes master node, run the following commands:

        kubectl describe secret <token-name>
      2. Copy the token that is generated and paste it as the Authentication Token

        For more information, see Kubernetes documentation.

    4. Select the agent from the list.

    5. Click Create.

      add cluster

Manage the Kubernetes cluster for Service Graph