Citrix ADC with Google Anthos: Consistent, reliable app delivery for Kubernetes apps

In the first blog post in our Citrix ADC with Google Anthos series, we talked about the importance of modern app delivery and security for hybrid multi-cloud for IT transformation and app modernization, and how Citrix ADC and Google Anthos together can provide consistent, reliable app delivery and security, for all workloads (hybrid and multi-cloud), by applying enterprise cloud-native patterns.

In this blog post, we will cover how Citrix ADC can work seamlessly with Google Kubernetes Engine (GKE) to provide consistent, reliable app delivery for Kubernetes apps. We will focus on Citrix ADC‘s autoscaling capabilities, why they’re important, and how Citrix ADC is designed to work with the underlying Anthos GKE cluster for meeting increased user demand. We will see how GitOps paradigm can enhance continuous configuration, and we will make use of Anthos Config Management for Automating ADC Day 2 operations.

Citrix ADC is an application delivery controller designed to accelerate application performance, enhance application availability with advanced L4-7 load balancing, and lower application server expenses by offloading computationally intensive tasks. Citrix ADC architecture is designed to do so by leveraging its Virtual Servers and Service Groups concept.

To better understand how Citrix ADC is designed to do that, check out our product documentation. The documentation on understanding Citrix ADC, how a simple load balancing configuration works, how content switching works and managing a large scale deployment are great resources.

Citrix has worked to make ADC capabilities available for modern apps and has released a suite of components for microservices-based architectures that can seamlessly be deployed in a Kubernetes cluster. With Citrix Ingress Controller, an implementation of Kubernetes Ingress Controller, and the help of Citrix Node Controller, you can manage and route traffic into a Kubernetes cluster using Citrix ADCs. By using Citrix Ingress Controller, you can configure Citrix ADC according to the ingress rules, integrate your Citrix ADCs with the Kubernetes environment, and leverage Citrix ADC‘s top level app delivery and security capabilities for your modern apps. By creating smart annotations, Kubernetes CRDs and more, Citrix made ADC enterprise-level capabilities available in the form of Configuration as Code. Authentication, rate limiting, rewrite/responder policies, content routing, WAF, bot management, CORS and more can be easily configured as code. This leads to easy configuration without requiring any previous experience with Citrix ADCs.

DevOps, CloudOps and SecOps teams can leverage these to introduce a new level of network and security automation. By being able to configure ADCs from within the Kubernetes cluster, Citrix ADC has visibility within the Kubernetes cluster and can auto adopt and respond to Kubernetes events.

Architecture

Here, we’ll focus on deploying a Tier-1 Citrix ADC (VPX) in front of a Google Anthos GKE cluster within GCP. We will leverage Google Anthos Configuration Management for consistent deployment of Citrix components into the Anthos GKE cluster and highlight how Citrix ADC is automatically configured from the GKE cluster to add new Virtual Servers and Service Group Members as an application is deployed and scaled to meet user demand.

Anthos Configuration Management (ACM) is a GitOps-centric tool that synchronizes configuration into an Anthos Kubernetes cluster from a Git repository. This lab automation has been written with GitHub as the Git repository tool of choice.

The following diagram shows the infrastructure used by our Lab that we’ll deploy (click image to view larger).

Citrix ADC VPX

A single Citrix ADC VPX instance is deployed with two network interfaces:

nic0 provides access for management (NSIP) and access to back-end servers (SNIP).
nic1 provides access for deployed applications (VIPs).
Each interface is assigned an internal private IP address and an external public IP address.
The instance is deployed as a pre-emptible node to reduce lab costs.
The instance automatically configures the password with Terraform.
The instance is then automatically configured by the Citrix Ingress Controller and Citrix Node Controller deployed in the GKE cluster.

VPCs and Firewall Rules

Two VPCs are used in this deployment:

The default VPC and subnets are used for instance and GKE cluster deployment.
The vip-vpc is used only to host VIP addresses, which route the traffic back to the services in the default VPC.
Default firewall rules apply to the default VPC.
Ports 80/443 are permitted into the vip-vpc.

GKE Cluster with Anthos Configuration Management

A single GKE cluster is deployed as a zonal cluster:

Autoscaling is enabled with a minimum of one node and configurable maximum.
The Google Anthos Config Management (ACM) operator is deployed into the GKE cluster and configured to sync the cluster configuration from a GitHub repository.
Citrix Ingress Controller and Citrix Node Controller components are automatically installed via ACM into the ctx-ingress namespace.
Worker nodes are deployed as pre-emptible nodes to reduce lab costs.

GitHub Repository

A dedicated GitHub repository is created and loaded with a basic cluster configuration:

A basic hierarchical format is used for ease of navigation through namespaces and manifests.
Citrix Ingress Controller and Citrix Node Controller deployment manifests are built from templates and added to this repository, along with their other required roles / rolebindings / services / etc.
This repository is created and destroyed by Terraform.

Online Boutique Demo Application

The online boutique demo application provides a μServices-based application that will be used to highlight the autoscaling application use case. It has been modified slightly for this environment:

An ingress resource has been added to receive all traffic through the Citrix VPX.
A Horizontal Pod Autoscaler has been added for the frontend resource to demonstrate scaling capabilities.
The loadgen deployment has been modified to send traffic through the Citrix VPX.
Application components are controlled through Anthos Config Management and the source git Repo.

To learn more on how to deploy this lab and see autoscaling in action, please visit Citrix ADC with Google Anthos – Autoscaling Lab and our Citrix Cloud Native Networking (CNN) hands-on guides.

Additional Information

To read more about how Citrix can help you on your app modernization journey, please visit our Microservices App Delivery Best Practices library.

Learn how to configure Citrix components on your specific requirements in our Developer Docs.

To read more about Citrix Ingress Controller, visit our Citrix ADC ingress controller documentation.

For more details about why you need an application delivery controller (ADC) along with a management and orchestration platform, check out our six must-haves for application delivery in hybrid- and multi-cloud environments.

For more about the role of application delivery in the cloud-native journey, see our seven key considerations for microservices-based application delivery

To learn more on how Citrix ADC bridges the gap between traditional and DevOps app delivery, read The ADC Guide to Managing Hybrid (IT and DevOps) Application Delivery

What’s Next?

Stay tuned for our next blog post, where we will discuss how Citrix Web App Firewall can work with Anthos Policy Controller to provide app protection and policy enforcement for Kubernetes apps.

Looking to get started or take the next step in your app modernization? Our team is now offering free consultations! Send an email to appmodernization@citrix.com to schedule your session or request a call and a specialist will promptly reply with options to connect.

Want to join our Citrix cloud-native Slack channel? Sign up now to receive an invitation.

Topics

Products

You might be interested in

Enable secure web, SaaS app delivery and safe browsing with Citrix browsers

Stay Informed.
Subscribe Today.

Mitigating risk from Cambium Networks cnMaestro SQL injection vulnerability

Critical security update now available for Citrix ADC, Citrix Gateway

Enable secure web, SaaS app delivery and safe browsing with Citrix browsers

Mitigating risk from Cambium Networks cnMaestro SQL injection vulnerability

Critical security update now available for Citrix ADC, Citrix Gateway

How NetScaler CPX License Aggregator simplifies CPX licensing in Kubernetes

Worried about the latest OpenSSL vulnerability? NetScaler can help.

How banks can build better customer relationships with digital technology

Remote Access Without VPN: Is It Secure?

AWS環境でのNetScalerを考える

Reducing zero-day vulnerability in Microsoft Exchange Server with Citrix Web App Firewall

What’s new with Citrix: Join our April webinar for licensing and LTSR updates

Connect your Mac desktops with HDX & DaaS! Citrix VDA for macOS is Public Tech Preview!

Feature matrix comparison among Linux VDA LTSR releases

What’s new with HDX in the 2402 LTSR

Now Available: Citrix Virtual Apps and Desktops 2402 Long Term Service Release

Take your Citrix journey to the next level with the Citrix Administrator Academy

Citrix Public Sector April 2024 Update!

Unlocking New Possibilities with Intel GPUs in Citrix Environments

Citrix Autoscale: Unlock better user experiences, maximize resource utilization, and achieve better cost management

Manage Plug-ins across devices with Global App Configuration Service