Skip to content

Annotations

The following are the annotations supported by Citrix:

Annotations Possible value Description Default
ingress.citrix.com/frontend-ip IP address Use this annotation to customize the virtual IP address (VIP). This IP address is configured in Citrix ADC as VIP. The annotation is mandatory if you are using Citrix ADC VPX or MPX.
Note: Do not use the annotation if you want to use the Citrix ADC IP address as VIP.
Citrix ADC IP address is used as VIP.
ingress.citrix.com/secure-port Port number Use this annotation to configure the port for HTTPS traffic. This port is configured in Citrix ADC as a port value for corresponding Content Switching (CS) virtual server. 443
ingress.citrix.com/insecure-port Port number Use this annotation to configure the port for HTTP, TCP, or UDP traffic. This port is configured in Citrix ADC as a port value for corresponding CS virtual server. 80
ingress.citrix.com/insecure-termination allow, redirect, or disallow Use allow to allow HTTP traffic, Use redirect to redirect the HTTP request to HTTPS, or Use disallow if you want to drop the HTTP traffic.

For example: ingress.citrix.com/insecure-termination: "redirect"
disallow
ingress.citrix.com/secure-backend In JSON form, list of services for secure-backend Use True, if you want to establish secure HTTPS between Citrix ADC and the application, Use False, if you want to establish insecure HTTP connection Citrix ADC to the application.

For example: ingress.citrix.com/secure-backend: {"app1":"True", "app2":"False", "app3":"True"}
False
kubernetes.io/ingress.class ingress class name It is a way to associate a particular ingress resource with an ingress controller.

For example: kubernetes.io/ingress.class:"Citrix"
Configures all ingresses
ingress.citrix.com/secure-service-type ssl or ssl_tcp The annotation allows L4 load balancing with SSL over TCP as protocol. Use ssl_tcp, if you want to use SSL over TCP. ssl
ingress.citrix.com/insecure-service-type http, tcp, udp, or any The annotation allows L4 load balancing with tcp/udp/any as protocol. Use tcp, if you want TCP as the protocol. Use udp, if you want UDP as the protocol. http
ingress.citrix.com/path-match-method prefix or exact Use this annotation for ingress path matching.
- Use prefix for Citrix ingress controller to consider any path string as a prefix expression.
- Use exact for Citrix ingress controller to consider the path as a exact match.

For example, ingress.citrix.com/path-match-method: "prefix" annotation defines the Citrix ingress controller to consider any path string as a prefix expression.
prefix

Smart annotations

Smart annotation is an option provided by Citrix ingress controller to efficiently enable Citrix ADC features using Citrix ADC entity name. Citrix ingress controller converts the Ingress in Kubernetes to a set of Citrix ADC objects. You can efficiently control these objects using smart annotations.

Important

To use smart annotations, you must have good understanding of Citrix ADC features and their respective entity names. For more information on Citrix ADC features and entity names, see Citrix ADC Documentation.

Smart annotation takes JSON format as input. The key and value that you pass in the JSON format must match the Citrix ADC NITRO format. For more information on Citrix ADC NITRO API, see Citrix ADC 12.1 REST APIs - NITRO Documentation.

For example, if you want to enable SRCIPDESTIPHASH based lb method, you must use the corresponding NITRO key and value format lbmethod, SRCIPDESTIPHASH respectively.

The following table details the smart annotations provided by Citrix ingress controller:

Citrix ADC Entity Name Smart Annotation Example
lbvserver ingress.citrix.com/lbvserver ingress.citrix.com/lbvserver: '{"citrix-svc":{"lbmethod":"SRCIPDESTIPHASH"}}'
servicegroup ingress.citrix.com/servicegroup ingress.citrix.com/servicegroup: '{"frontend":{"cip": "Enabled","cipHeader":"X-Forwarded-For"}}'
monitor ingress.citrix.com/monitor ingress.citrix.com/monitor: '{"frontend":{"type":"http"}}'

Sample ingress YAML with smart annotations

The following is a sample Ingress YAML. It includes smart annotations to enable Citrix ADC features using the entities such as, lbvserver, servicegroup, and monitor:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: citrix
  annotations:
    ingress.citrix.com/insecure-port: "80"
    ingress.citrix.com/frontend-ip: "192.168.1.1"
    ingress.citrix.com/lbvserver: '{"citrix-svc":{"lbmethod":"LEASTCONNECTION", “persistenceType":"SOURCEIP"}}'
    ingress.citrix.com/servicegroup: '{"citrix-svc":{"usip":"yes"}}'
    ingress.citrix.com/monitor: '{"citrix-svc":{"type":"http"}}'
spec:
  rules:
  - host:  citrix.org
    http:
      paths:
      - path: /
        backend:
          serviceName: citrix-svc
          servicePort: 80

The sample Ingress YAML includes use cases related to the service, citrix-svc, and the following table explains the smart annotations used in the sample:

Smart Annotation Description
ingress.citrix.com/lbvserver: '{"citrix-svc":{"lbmethod":"LEASTCONNECTION", “persistenceType":"SOURCEIP"}}' Sets the load balancing method as Least Connection and also configures Source IP address persistence.
ingress.citrix.com/servicegroup: '{"citrix-svc":{"usip":"yes"}}' Enables Use Source IP Mode (USIP) on the Ingress Citrix ADC device. When you enable USIP on the Citrix ADC, it uses the client's IP address for communication with the back-end pods.
ingress.citrix.com/monitor: '{"citrix-svc":{"type":"http"}}' Creates a custom HTTP monitor for the servicegroup.