Why use Citrix ADC/CPX for ingress with Rancher and Kubernetes

Cloud Automate


What is the problem? 



When we are looking at what makes Cloud great, we think of things like scalability, automation, and speed.  The challenge is, we must have the right tools to get us to that wonderful, yet elusive place called, “Automationland.”  Let’s start our journey in the cloud with our orchestration platform, Kubernetes – an open source container orchestration system. 



Kubernetes has been described as “Magical” or “Powerful” and unfortunately “Very Complex.”  Rightly so, it’s all those things with the features and benefits to handle almost any type of environment.  You can run it in the Cloud or your datacenter, even on your laptop for development.   



I’m the type of person that doesn’t like being locked into providers if there’s something not working correctly it’s time to move on.  One of the problems with that is once you get used to doing Cloud deployments one way it can be difficult to learn another provider and make the switch.  But, isn’t the Cloud supposed to be flexible?  I would hope so.  Shouldn’t you have one pane of glass to view your stats, monitor, and deploy? 



Enter Rancher



Rancher is a “Complete Container Management Platform.”  If you’re running containers whether on-prem, on one Cloud or several, Rancher is a must-have.  It still allows the complex functionality you may need while eliminating the overwhelming everyday details and daunting tasks involved in running a Kubernetes Cluster. 



Rancher makes things simple, quick, and much less frustrating. Since Rancher is completely agnostic as to where your resources run why not run cross-Cloud workloads starting from lowest to highest cost.   It only takes a couple of clicks to do this in Rancher.










I know, it seems like a dream come true.  One might think, what’s the catch here.  Let’s face it, Rancher isn’t perfect, but neither are Cloud providers.  When setting up an enterprise environment some may just choose to go with the defaults, particularly if it’s not an area they specialize in.  The one area I disagree with, which is also the area I specialize in, is in load balancing.



When you are talking enterprise orchestration in the Cloud, you must be scalable, and the tools need to be smart enough to talk to each other.  This eliminates doing everything manually or
coming up with workarounds.



Enter the Enterprise Class Load Balancer (and then some)



By default, Rancher utilizes the Cloud provider for layer 4 load balancing, which is supported by some but not all providers.  For layer 7 load balancing (http/https) it becomes more frustrating.  In Rancher it will utilize Google GKE or Amazon EKS.  That means if you’re running in multiple Clouds or switching between them, your configuration rules will be different so be aware that your apps and the entire deployment architecture may need to be changed for each Cloud.  And don’t even bother with the fact it is not supported in Azure. Sure, you can send all requests to your apps and let them sort out how to route them but why have the additional hassle and load on your backend app servers?



Rancher’s documentation regarding supported load balancing:




Support for Layer-4 Load Balancing by cloud provider




Support for Layer-7 Load Balancing by cloud provider



With load balancing you need options, flexibility, reliability and support.



If you’re going to run a Tesla to manage your container infrastructure, why drive it on a train track? 
You might be able to go fast but you’ll be severely limited on where you can go.



Load balancing should improve the distribution of requests within your resources, not hinder it by being featureless.  The network doorway to your apps contains an unimaginable amount of data. Data which could help improve user experience and even alert you to a potential problem before it becomes a disaster.  Shouldn’t you have easy access to review this important information?  Citrix ADC CPX integrates with Grafana and Prometheus so you get the flexibility in Prometheus and all the pretty graphs you could ever want with Grafana.




Prometheus Dashboard Requests




Prometheus Dashboard Utilization



There’re two choices I trust and recommend when it comes to load balancing.  One is open source
HAProxy.  It’s full-featured and provides the tools a business needs when it comes to load balancing.  There’s a better choice though, it’s the choice enterprise businesses have been using for years and it supports Kubernetes and Rancher built in.  That’s Citrix ADC CPX appliance (previously NetScaler).



Now, I’m an open source guy.  I’ve been using open source software before it was called open source software.  Most of the web is run on open source.  I recommend open source when the shoe fits well, which is quite often.  Sometimes though when you’re looking for a well-polished, proven, supported, enterprise-class solution the shoe might fit but you’re going to experience some pain walking around.  That’s why I highly recommend Citrix ADC in all enterprise load balancing situations.



The Citrix ADC CPX provides loads (pun intended) of advanced features such as:



  • Content-switching – Present different content to different users based on policies.
  • Responder – Direct users to different servers based on who sent the request and where it was from.
  • Redirect – Redirect user requests to cache.
  • Rewrite – Modify requests to and from the server.
  • TCP optimization – Accelerate TCP requests.
  • DDoS protection – Protects against distributed denial of service attacks.



The Citrix ADC CPX is the same code base as the very popular ADC with the benefit of being packaged for micro services.  The Citrix ADC CPX interfaces well with Kubernetes.  When you scale up or deploy services the Citrix ADC CPX recognizes the change and auto-adjusts the load balancing accordingly. If one server becomes slow it can re-route traffic to a faster server.   Since it runs the same code base as Citrix MPX/VPX the same configuration can be deployed across your entire infrastructure.



What We Learned



Cloud is all about scale, flexibility and speed.  We know that we can orchestrate everything we need with Kubernetes, and we can run that infrastructure across any Cloud with Rancher.  The key to having all these services running together and adapting to changes and new requirements happens at the ingress point – your Load Balancers.  With Citrix ADC CPX, you not only have an enterprise-class load balancer, but you can use the data coming into your infrastructure to adapt and respond without any intervention.  And that my friends, is the doorway to “Automationland.”




Source: The Wizard of Oz | 1939




Recent Blogs