-
-
BIND DNS integration with IPAM controller and ingress controller
-
-
SSL certificate for services of type LoadBalancer through the Kubernetes secret resource
-
BGP advertisement for type LoadBalancer services and Ingresses using NetScaler CPX
-
NetScaler CPX integration with MetalLB in layer 2 mode for on-premises Kubernetes clusters
-
Advanced content routing for Kubernetes Ingress using the HTTPRoute CRD
-
IP address management using the NetScaler IPAM controller for Ingress resources
-
Deploy NetScaler ingress controller for NetScaler with admin partitions
-
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
BIND DNS integration with IPAM controller and ingress controller
BIND 9 is a complete implementation of the DNS protocol. BIND 9 can be configured as an authoritative name server, a resolver, and, on supported hosts, a stub resolver. For more information, see Bind 9.
NetScaler Ingress Controller supports assigning IP addresses to Ingresses and services of type LoadBalancer by using the ipam-range annotation. The IPAM controller uses the VIP CustomResourceDefinition (CRD) for internal communication with NetScaler Ingress Controller. The VIP CRD is automatically installed as part of the Helm installation of the IPAM controller and now supports the hostname field associated with the VIP.
Prerequisites
- Deploy ingress controller using the helm values with IPAM enabled as true and set your service class and ingress class. The following example uses a helm chart to deploy NetScaler Ingress Controller with the desired configurations:
helm install nsic netscaler/netscaler-ingress-controller --set nsIP=<NSIP>,license.accept=yes,adcCredentialSecret=nslogin,ingressClass[0]=cic-vpx,serviceClass[0]=cic-vpx,ipam=true,entityPrefix=demo
<!--NeedCopy-->
- Set up TSIG (Transaction SIGnatures) and provide access controls in binddns following the documentation TSIG. Note the TSIG KEY and TSIG Secret for later use.
Deploy IPAM controller with BIND DNS
Deploy the IPAM controller with the following configurations for enabling BIND DNS:
-
Create a BIND DNS TSIG KEY and TSIG SECRET as a Kubernetes secret:
kubectl create secret generic binddns-tsig-secret --from-literal=tsigKey=<TSIG Key Name> --from-literal=tsigSecret=<TSIG Secret> -n <namespace> <!--NeedCopy--> -
Install the IPAM controller with the following command:
helm install my-release netscaler/netscaler-ipam-controller \ --set vipRange=<IP_RANGE> \ --set dns.enabled=true \ --set dns.type=binddns \ --set dns.binddns.server=<BIND_SERVER_IP:PORT> \ --set dns.binddns.zone=example.com \ --set dns.binddns.tsigKeySecret=binddns-tsig-secret <!--NeedCopy-->
Use cases
There are currently two ways host names are supported:
- ingress
- service type
LoadBalancer
Ingress
For ingress, you must provide the IPAM range with the following annotation with the desired ingress class:
ingress.citrix.com/ipam-range: prod
<!--NeedCopy-->
The following example provides the details:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
ingress.citrix.com/ipam-range: prod
name: web-ingress
spec:
ingressClassName: cic-vpx
defaultBackend:
service:
name: frontend
port:
number: 80
rules:
- host: web-frontend.example.com
http:
paths:
- backend:
service:
name: frontend
port:
number: 80
path: /
pathType: ImplementationSpecific
- host: web-backend.example.com
http:
paths:
- backend:
service:
name: backend
port:
number: 80
path: /
pathType: ImplementationSpecific
<!--NeedCopy-->
After the ingress is created, the respective VIP object is created with host names provided in the spec.rules[].host field for each rule.
apiVersion: citrix.com/v1
kind: vip
metadata:
name: ingress-web-ingress
namespace: default
spec:
description: VIP for the web-ingress Service
hostname:
- web-frontend.example.com
- web-backend.example.com
ipaddress:
kind: ingress
name: web-ingress
range-name: prod
<!--NeedCopy-->
The IPAM controller reads this VIP and assigns an IP from the IP ranges, if available. Once IP allocation is completed, IPAM calls BIND DNS with the list of host names and the IP address which is assigned for the hostnames in BIND DNS as an A record.
Service
For service of type LoadBalancer, you must provide the IPAM range with the following annotation:
service.citrix.com/ipam-range: 'prod'
<!--NeedCopy-->
Host name in the following annotation:
service.citrix.com/external-hostname: 'svc.lb.example.com'
<!--NeedCopy-->
Service class in the service YAML.
apiVersion: v1
kind: Service
metadata:
name: apache
annotations:
service.citrix.com/ipam-range: 'prod'
service.citrix.com/external-hostname: 'svc.lb.example.com'
service.citrix.com/class: 'cic-vpx'
labels:
name: apache
spec:
externalTrafficPolicy: Local
type: LoadBalancer
selector:
name: apache
ports:
- name: http
port: 80
targetPort: http
<!--NeedCopy-->
This creates a VIP object with host name as given in the external-hostname annotation.
apiVersion: citrix.com/v1
kind: vip
metadata:
name: service-apache
namespace: default
spec:
description: VIP for the apache Service
hostname:
- svc.lb.example.com
ipaddress:
kind: service
name: apache
range-name: prod
<!--NeedCopy-->
The IPAM controller reads this VIP and assigns an available IP address from the configured IP range. After the IP address is assigned, the IPAM controller creates an A record in BIND DNS that maps each host name to the assigned IP address.
Share
Share
In this article
This Preview product documentation is Cloud Software Group Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Cloud Software Group Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Cloud Software Group product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.