Skip to content
Go Shell Other
Branch: master
Clone or download
Latest commit c62a3e0 Nov 9, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
adsclient Supporting Istio version 1.3.0 Oct 11, 2019
charts Update README.md Nov 9, 2019
deployment Updating Citrix ADC Version Nov 4, 2019
docs Updating Citrix ADC Version Nov 4, 2019
examples/citrix-adc-in-istio Supporting Istio version 1.3.0 Oct 11, 2019
istio-adaptor istio-adaptor v1.0.0:Citrix Solution to leverage Citrix ADC as Ingres… Sep 12, 2019
license istio-adaptor v1.0.0:Citrix Solution to leverage Citrix ADC as Ingres… Sep 12, 2019
nsconfigengine
tests Supporting Istio version 1.3.0 Oct 11, 2019
vendor Supporting Istio version 1.3.0 Oct 11, 2019
.goreleaser.yml istio-adaptor v1.0.0:Citrix Solution to leverage Citrix ADC as Ingres… Sep 12, 2019
Dockerfile istio-adaptor v1.0.0:Citrix Solution to leverage Citrix ADC as Ingres… Sep 12, 2019
Makefile istio-adaptor v1.0.0:Citrix Solution to leverage Citrix ADC as Ingres… Sep 12, 2019
README.md Supporting Istio version 1.3.0 Oct 11, 2019
Version Supporting Istio version 1.3.0 Oct 11, 2019

README.md

Citrix Logo

Citrix ADC integration with Istio

Docker Repository on Quay License GitHub issues GitHub stars HitCount


Description

This repository contains various integrations of Citrix ADC with Istio 1.3.0.

Table of Contents

  1. Introduction
  2. Citrix ADC as an Ingress Gateway for Istio
  3. Citrix ADC as a Sidecar Proxy for Istio
  4. Architecture
  5. Deployment Options
  6. Features
  7. Release Notes
  8. Contributions
  9. Questions
  10. Issues
  11. Code of Conduct
  12. Licensing

Introduction

A service mesh is an infrastructure layer that handles communication between microservices and provides capabilities like service discovery, load balancing, security, and monitoring. Istio is an open source and platform-independent service mesh that connects, monitors, and secures microservices. Citrix ADC has advanced traffic management capabilities for enhancing application performance and provides comprehensive security. Citrix ADC integrations with Istio allow you to secure and optimize traffic for applications in the service mesh using Citrix ADC features.

Citrix ADC can be integrated with Istio in two ways:

  • Citrix ADC CPX, MPX, or VPX as an Istio Ingress Gateway to the service mesh.
  • Citrix ADC CPX as a sidecar proxy with application containers in the service mesh. Both modes can be combined to have a unified data plane solution.

Citrix ADC as an Ingress Gateway for Istio

An Istio ingress gateway acts as an entry point for the incoming traffic and secures and controls access to the service mesh from outside. It also performs routing and load balancing. Citrix ADC CPX, MPX, or VPX can be deployed as an ingress gateway to the Istio service mesh.

Citrix ADC as a Sidecar Proxy for Istio

In Istio service mesh, a sidecar proxy runs alongside application pods and it intercepts and manages incoming and outgoing traffic for applications. Citrix ADC CPX can be deployed as the sidecar proxy in application pods. A sidecar proxy applies the configured routing policies or rules to the ingress and egress traffic from the pod.

Architecture

For detailed information on the integration of Citrix ADC with Istio Servicemesh, see Architecture. The primary component that enables the integration is istio-adaptor. istio-adaptor translates xDS API calls from the Istio control plane into NITRO API calls to the Citrix ADC.

Deployment Options

In Istio service mesh, Citrix ADC can act as an Ingress and/or sidecar proxy in the data plane. Citrix ADC can act as an Ingress Gateway for services deployed with or without sidecar (sidecar can be Citrix CPX or Envoy). Below table gives a glimpse about working combinations of Citrix ADC and Envoy proxy.

Ingress Gateway Sidecar Proxy Supported
Citrix ADC Citrix ADC CPX Yes
Citrix ADC Envoyproxy Yes
Envoyproxy Citrix ADC CPX Yes

You can deploy Citrix ADC with Istio using Kubernetes YAML or Helm charts. To deploy Citrix ADC with Istio using Kubernetes YAML, see Deployment.

To deploy Citrix ADC with Istio using Helm charts, see the following links:

Features

Features supported on Citrix ADC in Istio Servicemesh can be broadly categorized in below sections.

  1. Traffic Management
  2. Security
  3. Telemetry

Traffic Management

Citrix ADC supports following traffic management features in Istio.

  • Service discovery
  • Load balancing
  • Secure Ingress
  • Weighted clusters
  • HTTP rewrite
  • HTTP redirect
  • HTTP fault injection

Security

SSL/TLS Certificates required for applications are maintained and managed by Citadel in Istio control plane. Few important features supported on Citrix ADC are:

Authentication policy

  • End user authentication or origin authentication using JWT authentication
  • Transport authentication or service-to-service authentication using mutual TLS

Monitoring of Istio certificates and keys

Istio-adaptor monitors the folder where Istio deploys certificates and keys for mutual TLS authentication between Citrix ADC proxies. After an update of certificate and key, Istio-adaptor loads the new certificate and key to Citrix ADC.

Telemetry

Statistical data of Citrix ADC Ingress device can be exported to the Prometheus using Citrix ADC Metrics Exporter. Prometheus already installed as a part of Istio package. By default, Citrix ADC Metrics Exporter is also deployed along with Citrix ADC Ingress Gateway. Citrix ADC Metrics Exporter fetches statistical data from Citrix ADC and exports it to Prometheus running in Istio service mesh. When you add Prometheus as a data source in Grafana, you can visualize this statistical data in the Grafana dashboard.

The detailed list of fields supported on Citrix ADC as per the Istio CRDs (Destination Rule, Virtual Service, Policy, Gateway, Service Entry) can be found here.

Release Notes

Click here for the release notes of the latest Citrix istio-adaptor.

Contributions

Contributions are always welcome! Please read the Developer Guide.

Questions

For questions and support, the following channels are available:

To request an invitation to participate in the Slack channel, provide your email address using this form: https://podio.com/webforms/22979270/1633242

Issues

Please report issues in detail. Use the following command to collect the logs:

Get Logs: kubectl logs <podname> -c istio-adaptor -n <namespace> > log_file

Code of Conduct

This project adheres to the Kubernetes Community Code of Conduct. By participating in this project, you agree to abide by its terms.

Licensing

citrix-istio-adaptor is licensed with Apache License 2.0

You can’t perform that action at this time.