A10 Kubernetes Connector for Thunder ADC

Thunder ADC is deployed external to Kubernetes cluster. Initial configuration is done on Thunder or through Harmony Controller.

For users looking for ADC functionality, A10 provides an Kubernetes Connector for and Thunder ADC. The Kubernetes Connector monitors the application service containers as well as Ingress resources for any change. As soon as any of them changes, Kubernetes Connector calls appropriate aXAPIs to inform about the change to Harmony Controller. This change immediately reaches all Thunder ADCs because of continuous synchronization between Thunder ADC and Harmony Controller.

Deployment Architecture

_images/ingress_thunder.png

Handling Scale with Kubernetes Connector

Scaling of Application Services

As a Kubernetes service configured with Ingress resource scales up or down, a trigger is received by the Kubernetes Connector and ADC configuration is updated using the aXAPIs.

Deployment and Configuration

The A10 Thunder ADC appliance can be integrated with Kubernetes Cluster to manage application traffic running on Kubernetes PODs.

To redirect user traffic using Thunder appliance, administrator need to configure the below steps:

  1. Manually setup/configure Virtual Server IP and port on Thunder/vThunder device.
  2. Deploy A10 Kubernetes Connector in Kubernetes cluster.
  3. Create Node-Port service in Kubernetes cluster.
_images/virtual-servers.png
_images/service-gp1.png

Once deployed, the Kubernetes Connector monitors the application PODs status running in Kubernetes cluster and automatically updates the Service configuration to Thunder ADC’s specified partition by creating Node IPs as Real Servers, Service Group and HTTP template.

Administrator needs to associate Service Group to Virtual service and HTTP template.

Note: The Kubernetes Connector does not update Thunder device configuration for example, Interface IP address, NAT policies, SSL certificate, aFlex templates, L4-L7 rules etc.

Creating a Secret

Kubernetes secret objects let you store and manage sensitive information, such as passwords, OAuth tokens, and ssh keys.

  1. Download the below sample file to create a secret.

  2. Create an secret using the command:

    kubectl create -f secret.yaml
    
  3. Edit the following fields if required and fill in the appropriate values from your environment.

    • User Name - Enter the user name for Thunder.
    • Password - Enter the password for Password.
  4. To update the secret, use the following command:

    kubectl edit sa rbac
    
  5. To delete the secret in default namespace, use the following command:

    kubectl delete sa rbac
    

Set-up Role-based Access Control

Role-based Access control (RBAC) is a method of regulating access to computer or network resources based on the roles of individual users within an enterprise. To deploy the Kubernetes connector, you need to create RBAC YAML as mentioned below in the sample file.

  1. Download the below sample file to create an Ingress resource.

  2. Create an RBAC using the command:

    kubectl create -f rbac.yaml
    
  3. Edit the following fields if required and fill in the appropriate values from your environment.

    • Service Account - Allows to grant particular roles to particular service accounts.
  4. To update host, TLS secret (for SSL application), path, back-end service information (service name, service port) in Ingress resource, use the following command:

    kubectl edit sa rbac
    
  5. To delete the RBAC in default namespace, use the following command:

    kubectl delete sa rbac
    

Deploy the A10 Kubernetes Connector

A10 provides a configuration template YAML file for creating the A10 Kubernetes Connector. Only single instance of the Kubernetes Connector is required to run them in the entire cluster.

  1. Download the below sample file to deploy the A10 Kubernetes Connector.

  2. Deploy the Kubernetes Connector using the command:

    kubectl create -f hc-ingress-controller.yaml
    
  3. Edit the following fields if required and fill in the appropriate values from your environment.

    • app Label - Name of the Kubernetes Connector.
    • Name - Name of the Kubernetes Connector.
    • Image - Kubernetes Connector image and this can be downloaded from the docker hub repository.
    • Environment Values - The environment values are vThunder URL, vThunder credentials, provider values.
  4. Set-up Role-based Access Control (RBAC) to allow API access for Kubernetes Connector and refer to the documentation for additional information.

  5. To update the Kubernetes Connector in default namespace, use the following command:

    kubectl edit deployment hc-ingress-controller
    
  6. To delete the deployment in default namespace, use the following command:

    kubectl delete deployment hc-ingress-controller
    

Create an Ingress Resource

Ingress resource is the object that allows users to define load balancing and content switching rules. A10 provides a configuration template YAML file for creating the Ingress resources in the respective namespace.

  1. Download the below sample file to create an Ingress resource.

  2. Create an Ingress resource using the command:

    kubectl create -f hc-ingress-resource.yaml
    
  3. Edit the following fields if required and fill in the appropriate values from your environment.

    • Name - Name of the Ingress Resource.
    • Host - Front-end domain name
    • Path - service path
    • Service Name - Kubernetes service name
    • Service Port - Kubernetes service port
  4. To update host, TLS secret (for SSL application), path, back-end service information (service name, service port) in Ingress resource, use the following command:

    kubectl edit ingress hc-ingress-resource
    
  5. To delete the Ingress resource in default namespace, use the following command:

    kubectl delete ingress hc-ingress-resource
    

Note - Real server, service group, and HTTP templates are generated automatically by Kubernetes connector and apply the HTTP template to the virtual server manually.