-
-
NetScaler GSLB controller for applications deployed in distributed Kubernetes clusters
-
-
Deploy NetScaler ingress controller with OpenShift router sharding support
-
Deploy NetScaler ingress controller using OpenShift Operator
-
Deploy NetScaler Observability Exporter using OpenShift Operator
-
Deploy NetScaler CPX as an Ingress in Azure Kubernetes Engine
-
Deploy NetScaler ingress controller in an Azure Kubernetes Service cluster with NetScaler VPX
-
Deploy NetScaler ingress controller for NetScaler with admin partitions
-
Multi-cloud and GSLB solution with Amazon EKS and Microsoft AKS clusters
-
-
SSL certificate for services of type LoadBalancer through the Kubernetes secret resource
-
BGP advertisement for type LoadBalancer services and Ingresses using NetScaler CPX
-
NetScaler CPX integration with MetalLB in layer 2 mode for on-premises Kubernetes clusters
-
Advanced content routing for Kubernetes Ingress using the HTTPRoute CRD
-
IP address management using the NetScaler IPAM controller for Ingress resources
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Configure static route on Ingress NetScaler VPX or MPX
In a Kubernetes cluster, pods run on an overlay network. The overlay network can be Flannel, Calico, Weave, and so on. The pods in the cluster are assigned with an IP address from the overlay network which is different from the host network.
The Ingress NetScaler VPX or MPX outside the Kubernetes cluster receives all the Ingress traffic to the microservices deployed in the Kubernetes cluster. You need to establish network connectivity between the Ingress NetScaler instance and the pods for the ingress traffic to reach the microservices.
One of the ways to achieve network connectivity between pods and NetScaler VPX or MPX instance outside the Kubernetes cluster is to configure routes on the NetScaler instance to the overlay network.
You can either do this manually or NetScaler Ingress Controller provides an option to automatically configure the network.
Note:
Ensure that the NetScaler instance (MPX or VPX) has SNIP configured on the host network. The host network is the network on which the Kubernetes nodes communicate with each other.
Manually configure route on the NetScaler instance
Perform the following:
-
On the master node in the Kubernetes cluster, get the podCIDR using the following command:
# kubectl get nodes -o jsonpath="{range .items[*]}{'podNetwork: '}{.spec.podCIDR}{'\t'}{'gateway: '}{.status.addresses[0].address}{'\n'}{end}" podNetwork: 10.244.0.0/24 gateway: 10.106.162.108 podNetwork: 10.244.2.0/24 gateway: 10.106.162.109 podNetwork: 10.244.1.0/24 gateway: 10.106.162.106
If you are using Calico CNI then use the following command to get the podCIDR:
# kubectl get nodes -o jsonpath="{range .items[*]}{'podNetwork: '}{.metadata.annotations.projectcalico\.org/IPv4IPIPTunnelAddr}{'\tgateway: '}{.metadata.annotations.projectcalico\.org/IPv4Address}{'\n'}" podNetwork: 192.168.109.0 gateway: 10.106.162.108/24 podNetwork: 192.168.174.0 gateway: 10.106.162.109/24 podNetwork: 192.168.76.128 gateway: 10.106.162.106/24
-
Log on to the NetScaler instance.
-
Add route on the NetScaler instance using the podCIDR information. Use the following command:
add route <pod_network> <podCIDR_netmask> <gateway>
For example,
add route 192.244.0.0 255.255.255.0 192.106.162.108 add route 192.244.2.0 255.255.255.0 192.106.162.109 add route 192.244.1.0 255.255.255.0 192.106.162.106
Automatically configure route on the NetScaler instance
In the citrix-k8s-ingress-controller.yaml file, you can use an argument,feature-node-watch
to automatically configure route on the associated NetScaler instance.
Set the feature-node-watch
argument to true
to enable automatic route configuration.
You can specify this argument in the citrix-k8s-ingress-controller.yaml file as follows:
spec: serviceAccountName: cic-k8s-role containers: - name: cic-k8s-ingress-controller image: “quay.io/citrix/citrix-k8s-ingress-controller:1.36.5” # feature-node-watch argument configures route(s) on the Ingress NetScaler # to provide connectivity to the pod network. By default, this feature is disabled. args: - –feature-node-watch true
By default, the feature-node-watch
argument is set to false
. Set the argument to true
to enable the automatic route configuration.
For automatic route configuration, you must provide permissions to listen to the events of nodes resource type. You can provide the required permissions in the citrix-k8s-ingress-controller.yaml file as follows:
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: cic-k8s-role
rules:
- apiGroups: [""]
resources: ["services", "endpoints", "ingresses", "pods", "secrets", "nodes"]
verbs: ["*"]
<!--NeedCopy-->
Share
Share
This Preview product documentation is Cloud Software Group Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Cloud Software Group Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Cloud Software Group product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.