Deploy the Citrix ingress controller for Citrix ADC with admin partitions¶
Citrix ingress controller is used to automatically configure one or more Citrix ADC based on the Ingress resource configuration. The ingress Citrix ADC appliance (MPX or VPX) can be partitioned into logical entities called admin partitions, where each partition can be configured and used as a separate Citrix ADC appliance. For more information, see Admin Partition. Citrix ingress controller can also be deployed to configure Citrix ADC with admin partitions.
For Citrix ADC with admin partitions, you must deploy a single instance of Citrix ingress controller for each partition. And, the partition must be associated with a partition user specific to the Citrix ingress controller instance.
- Admin partitions are configured on the Citrix ADC appliance. For instructions see, Configure admin partitions.
- Create a partition user specifically for the Citrix ingress controller. Citrix ingress controller configures the Citrix ADC using this partition user account. Ensure that you do not associate this partition user to other partitions in the Citrix ADC appliance.
For SSL-related use cases in the admin partition, ensure that you use Citrix ADC version 12.0–56.8 and above.
To deploy the Citrix ingress controller for Citrix ADC with admin partitions:
Download the citrix-k8s-ingress-controller.yaml using the following command:
Edit the citrix-k8s-ingress-controller.yaml file and enter the values for the following environmental variables:
Environment Variable Mandatory or Optional Description NS_IP Mandatory The IP address of the Citrix ADC appliance. For more details, see Prerequisites. NS_USER and NS_PASSWORD Mandatory The user name and password of the partition user that you have created for the Citrix ingress controller. For more details, see Prerequisites. NS_VIP Mandatory Citrix ingress controller uses the IP address provided in this environment variable to configure a virtual IP address to the Citrix ADC that receives the Ingress traffic. Note: NS_VIP acts as a fallback when the frontend-ip annotation is not provided in Ingress yaml. Only Supported for Ingress. NS_ENABLE_MONITORING Mandatory Set the value
Yesto monitor Citrix ADC. Note: Ensure that you disable Citrix ADC monitoring for Citrix ADC with admin partitions. Set the value to
EULA Mandatory The End User License Agreement. Specify the value as
Kubernetes_url Optional The kube-apiserver url that Citrix ingress controller uses to register the events. If the value is not specified, Citrix ingress controller uses the internal kube-apiserver IP address. LOGLEVEL Optional The log levels to control the logs generated by Citrix ingress controller. By default, the value is set to DEBUG. The supported values are: CRITICAL, ERROR, WARNING, INFO, and DEBUG. For more information, see Log Levels NS_PROTOCOL and NS_PORT Optional Defines the protocol and port that must be used by the Citrix ingress controller to communicate with Citrix ADC. By default, the Citrix ingress controller uses HTTPS on port 443. You can also use HTTP on port 80. ingress-classes Optional If multiple ingress load balancers are used to load balance different ingress resources. You can use this environment variable to specify the Citrix ingress controller to configure Citrix ADC associated with a specific ingress class. For information on Ingress classes, see Ingress class support
Once you update the environment variables, save the YAML file and deploy it using the following command:
kubectl create -f citrix-k8s-ingress-controller.yaml
Verify if the Citrix ingress controller is deployed successfully using the following command:
kubectl get pods --all-namespaces