This blog post was co-authored by Raghul Christus, Software Engineer at Citrix.

We often see customers start their Kubernetes journey with a single control plane node, where the Kubernetes control plane components all run on the same node. As they plan to take their cluster to production, they’ll start to look for an HA control plane that uses multiple nodes to enable high availability of control plane components.

In this blog post, we will look at how, through automation, Citrix ADC can make it easy to load balance the HA control plane.

Here is the recommended Kubernetes control plane:

As you can see, a highly available Kubernetes cluster requires a load balancer to provide availability to the control plane in the event a node fails and to balance the load into the control plane. All the apiserver instances are added to the target pool for the Citrix front-end load balancer, as shown in image below:

Major platforms like OpenShift, Anthos, and Rancher have different control plane components and requirements. Let’s look at how you can use our automation capabilities to configure Citrix ADC to load balance the OpenShift control plane.

Before starting the cluster installation, you should review the OpenShift requirements. Then, take the following steps to configure the Citrix ADC to load balance the OpenShift control plane.

Install Terraform

If you’re on macOS, use the following command to install Terraform on your Mac:

brew install terraform

For guidance on installing Terraform on other operating systems, see the official Terraform installation guide.

Install Citrix ADC Terraform Provider Plug-In

Download and install the Citrix ADC Terraform provider plug-in from the Citrix ADC Terraform Provider Official Repo. You can download a release from the releases page and untar the binary into “~/.terraform.d/plugins/”.

Clone Our GitHub Repository

Execute the following command to clone our GitHub repository:

git clone https://github.com/citrix/citrix-k8s-ingress-controller.git

cd citrix-k8s-ingsress-controller/deployment/openshift/citrix-adc-for-control-plane/

Initialize the Terraform

Execute the following command to initialize the terraform for further use:

terraform init

Create a Terraform Execution Plan

Execute the following command to create an execution plan with the required ADC config:

terraform plan -var citrix_adc_ip=”<citrix-adc-ip>” -var citrix_adc_username=”<citrix-adc-username>” -var citrix_adc_password='<citrix-adc-password>’ -var lb_ip_address=”<vip-of-citrix-adc>” -var ‘api_backend_addresses=[“1.1.1.1″,”1.1.1.2″,”1.1.1.3”]’ -var ‘ingress_backend_addresses=[“2.2.2.1″,”2.2.2.2″,”2.2.2.3”]’

Please note, the values used in this step are provided only as an example. You will need to replace them according to your OpenShift setup.

The variables used in this example are as follows.

Variables Description
citrix_adc_ip Management IP address of the Citrix ADC
citrix_adc_username Username of the Citrix ADC
citrix_adc_password Password of the Citrix ADC
lb_ip_address VIP for the Citrix ADC – provided in the installer configuration file
api_backend_addresses Kubernetes control plane node IP addresses
ingress_backend_addresses Kubernetes compute node IP addresses

Apply the Configs on Citrix ADC

Execute the following command to apply the required configs on Citrix ADC:

terraform apply -var citrix_adc_ip=”<citrix-adc-ip>” -var citrix_adc_username=”<citrix-adc-username>” -var citrix_adc_password='<citrix-adc-password>’ -var lb_ip_address=”<vip-of-citrix-adc>” -var ‘api_backend_addresses=[“1.1.1.1″,”1.1.1.2″,”1.1.1.3”]’ -var ‘ingress_backend_addresses=[“2.2.2.1″,”2.2.2.2″,”2.2.2.3”]’ -auto-approve

Verify Configs on Citrix ADC

The “terraform apply” command creates the necessary load balancing virtual servers on the Citrix ADC. If the OpenShift Master and Worker nodes are up and running, the status of the load balancing virtual servers will also be up. See the snapshot below of the Citrix ADC virtual servers configured to load balance the OpenShift control plane components. Click the image to view larger.

When the load balancing virtual servers are up, you can connect to the OpenShift API server or the OpenShift console using the Citrix ADC VIP (variable named “lb_ip_address”) specified during the “terraform apply” step.

What Does the Automation Do?

This Terraform automation creates load balancing virtual servers to load balance the OpenShift control plane components. The OpenShift control plane components that we load balance are listed below.

  • API Server
  • Machine Config Server
  • HTTP Ingress
  • HTTPS Ingress

For more details on the OpenShift control plane components, please read the OpenShift Control Plane Architecture documentation.

Clean Up

In case of misconfiguration, you can use the “terraform destroy” command to unconfigure your Citrix ADC.

terraform destroy -var citrix_adc_ip=”<citrix-adc-ip>” -var citrix_adc_username=”<citrix-adc-username>” -var citrix_adc_password='<citrix-adc-password>’ -var lb_ip_address=”<vip-of-citrix-adc>” -var ‘api_backend_addresses=[“1.1.1.1″,”1.1.1.2″,”1.1.1.3”]’ -var ‘ingress_backend_addresses=[“2.2.2.1″,”2.2.2.2″,”2.2.2.3”]’ -auto-approve

Please note, if this command is executed on a working OpenShift setup, it would leave the setup unusable because the control plane VIP would be unconfigured.

Learn More

OpenShift supports multiple control planes for high availability in a production environment. As we’ve shown in this blog post, you can configure Citrix ADC in a few easy steps to be used as a load balancer for an OpenShift control plane. Just remember, you must have a load balancer in front of these for managing the OpenShift cluster control plane traffic.

Check out the following resources, which will help you as you configure your Citrix ADC to load balance an OpenShift control plane: