This repository contains an integration of Citrix ADC with the xDS-API based service mesh.
A service mesh is an infrastructure layer that manages communication between microservices. It provides capabilities such as service discovery, load balancing, security, and monitoring. A service mesh helps to connect, monitor, and secure microservices. Citrix ADC has advanced traffic management capabilities for enhancing application performance and it provides comprehensive security. Citrix ADC integration with service meshes allows you to secure and optimize the traffic for applications in a service mesh using Citrix ADC features.
The xDS-adaptor
is a container provided by Citrix for integrating Citrix ADC with service mesh control plane implementations based on xDS APIs (Istio, Consul, and so on). It communicates with the service mesh control plane and listens for updates by acting as a gRPC client to the control plane API server. Based on the updates from the control plane, the xDS-Adaptor generates the equivalent Citrix ADC configuration.
Citrix ADC integration with Istio allows you to secure and optimize traffic for applications in the service mesh using the Citrix ADC features.
For more information on how to integrate Citrix ADC with Istio, see Citrix ADC integration with Istio.
The features which are supported on a Citrix ADC in a service mesh can be broadly categorized into the following:
- Traffic management
- Security
- Observability
Citrix ADC supports the following traffic management features in a service mesh.
- Service discovery
- Load balancing
- Secure ingress
- Weighted clusters
- HTTP rewrite
- HTTP redirect
Some important security features, which are supported on the Citrix ADC, are the following:
- Authentication policy
- Monitoring of service mesh certificates and keys
- Transport authentication or service-to-service authentication using mutual TLS.
The xDS-adaptor
monitors the folder where a service mesh deploys certificates and keys for mutual TLS authentication between Citrix ADC proxies. After an update of certificate and key, the xDS-adaptor
loads the new certificate and key to the Citrix ADC.
When a service is deployed in a service mesh, users may be interested to get insights about the service behavior. Citrix ADC proxy provides a rich set of in-built metrics to provide insights about the service behavior. When Citrix ADC CPX is deployed as a sidecar, these metrics represent the telemetry data for an application. It helps to reduce the burden of application developers by eliminating the need to include a lot of instrumentation code in the application. Instead, the developer can focus on the core application logic.
Citrix has built a couple of auxiliary tools such as Citrix ADC Metrics Exporter and Citrix ADC Observability Exporter which help to export metrics and transactional data to observability tools such as Prometheus, Zipkin, Kafka, and so on.
The statistical data of a Citrix ADC ingress device can be exported to the Prometheus using Citrix ADC Metrics Exporter.
Citrix ADC Observability Exporter is a microservice designed to collect metrics from Citrix ADCs, and export them to observability tools such as Zipkin, Kafka, and Prometheus. For more information about Citrix ADC Observability Exporter, see this link.
Following is a list of blogs which explains the integration of Citrix ADC with service mesh.
- Citrix ADC as an Istio Ingress Gateway: Part 1 Deployment
- Citrix ADC as an Istio Ingress Gateway: Part 2 Configuration
- Citrix ADC in OpenShift Service Mesh
- Traffic Mirroring: Risk-free app upgrades in Istio with Citrix ADC
- End-user authentication in an Istio service mesh with Citrix
- Outlier detection using Citrix ADC in Istio service mesh
Click here for the release notes of the latest Citrix ADC xDS-adaptor
.
Contributions are always welcome! Read the Developer Guide.
For questions and support, the following channels are available:
To request an invitation to participate in the Slack channel, provide your email address using this form: https://podio.com/webforms/22979270/1633242
Report issues in detail. You can use the following command to collect the logs:
Get Logs: kubectl logs <podname> -c xds-adaptor -n <namespace> > log_file
This project adheres to the Kubernetes Community Code of Conduct. By participating in this project, you agree to abide by its terms.
The Citrix ADC xDS-adaptor
is licensed with Apache License 2.0