The Citrix API gateway provides a single entry point for APIs by ensuring secure and reliable access to APIs and microservices on your system. Citrix provides an enterprise-grade API gateway for north-south API traffic for Kubernetes clusters. The Citrix API gateway integrates with Kubernetes through the Citrix Ingress Controller and Citrix ADC (MPX, VPX, or CPX) deployed as the ingress gateway for on-premises and cloud deployments.
Rancher provides a catalog of application templates that help you to deploy the Citrix API gateway. In this blog post, I’ll look at how you can deploy the API gateway using Rancher.
The Citrix API gateway catalog installs the custom resource definitions (CRDs) required for the API gateway functionality. Because this catalog leverages the Citrix Ingress Controller, you need to create an instance of the API gateway CRD, which is the Citrix Ingress Controller. If you already have a Citrix Ingress Controller instance in the cluster, you will need to install it again.
API gateway supports the following CRDs:
- Auth CRD (authpolicies.citrix.com) – Authentication policies are used to enforce access restrictions to resources hosted by an application or an API server.
- Content routing CRDs (httproutes.citrix.com and listeners.citrix.com) – Kubernetes-native ingress supports only basic host and path-based routing. Using content routing CRDs, you can expose the advanced content routing abilities provided by Citrix ADC like routing based on header values or query strings.
- Rate limit CRD (ratelimits.citrix.com) – In a Kubernetes deployment, you can rate limit the requests to the resources on the back-end server or services using the rate limiting feature provided by the ingress Citrix ADC.
- Rewrite and responder CRD (rewritepolicies.citrix.com) – In a Kubernetes environment, to deploy specific Layer 7 policies (such as redirecting HTTP traffic to a specific URL) requires you to add appropriate libraries within the microservices and manually configure the policies. Instead, you can use the Rewrite and Responder features provided by the ingress Citrix ADC device to deploy these policies.
- VIP CRD (vips.citrix.com) – Citrix provides a VIP CRD for asynchronous communication between the IPAM controller and the Citrix Ingress Controller. The IPAM controller is provided by Citrix for IP address management.
Citrix provides a VIP CRD for asynchronous communication between the IPAM controller and the Citrix Ingress Controller. The IPAM controller is provided by Citrix for IP address management.
Prerequisites
You must import to the Rancher platform the cluster in which you want to deploy the API gateway.
Importing the Cluster to the Rancher Platform
Follow these steps to import your cluster to the Rancher platform:
- Log in to the Rancher platform.
- In the Clusters page, click Add Cluster.
- In the Add Cluster, select Cluster Type page and choose Import an existing cluster
- Specify the Cluster Name.
- Specify Member Roles, Labels, and Annotations.
- Click Create.
Deploying Citrix API Gateway Using Rancher
Perform the following steps to deploy the API gateway on the cluster using the Rancher platform:
- Log in to the Rancher platform.
- From the global drop-down list, select the cluster that you have imported.
- Select the Apps tab and click Launch.
- From the Catalog page, choose the citrix-api-gateway.
- Specify the mandatory and required fields in Deployment settings, ADC settings, CIC Image settings, and Exporter settings. The mandatory fields include:
- Namespace: Specify the namespace where you want to create the CIC. You can also use Edit as YAML option to specify the same in the YAML file.
- Accept License: Select Yes to accept the terms and conditions of Citrix license.
- Login File Name: Specify the name of the secret. Secret file is used for Citrix ADC login.
- Citrix ADC IP: The NSIP or SNIP of the Citrix ADC device. For HA, specify the SNIP as the IP address.
- Click Preview to verify the information, then click Launch.
Conclusion
The Rancher catalog will ease the installation process for Citrix API gateway and enable all the required features to be configured on the go. Learn more about Citrix ADC and Citrix API gateway.