OpenShift router sharding helps you to distribute a set of routes among multiple OpenShift routers. This helps with distributing resources among different nodes, which is especially important when your cluster grows and you need to focus on the efficiency of your resources.
Many OpenShift rollouts start with at least two physical clusters — one for development and one for production. While this has perceived advantage like simplification of the mental model, OpenShift’s automated resilience, enhanced access controls, and advanced routing features can logically isolate dev and prod environments on a single cluster.
The Kubernetes scheduler at the core of OpenShift maximizes the density of applications running on each node. With additional configuration, you can achieve even greater density and compute savings through features like Quality of Service.
By default, an OpenShift router selects all routes from all namespaces. In router sharding, labels are added to routes and/or namespaces and label selectors to routers for filtering routes. Each router shard selects only routes with specific labels that match its label selection parameters.
Integrating Citrix ADC with OpenShift
You can integrate Citrix ADC with OpenShift in two ways, both of which support OpenShift router sharding:
- Citrix ADC CPX deployed as an OpenShift router, along with Citrix Ingress Controller inside the cluster
- Citrix Ingress Controller as a router plug-in for Citrix ADC MPX or VPX, deployed outside the cluster
You’ll need one Citrix Ingress Controller instance per shard to configure router sharding for a Citrix ADC deployment on OpenShift. The Citrix Ingress Controller instance is deployed with route or namespace labels or with both as environment variables, depending on the criteria required for sharding.
When the Citrix Ingress Controller processes a route, it compares the route’s labels or route’s namespace labels with the selection criteria configured on it. If the route satisfies the criteria, the appropriate configuration is applied to Citrix ADC.
In router sharding, a subset of routes is selected based on selection expressions, which are a combination of multiple values and operations. For example, consider routes with various labels for service level agreement (sla), geographical location (geo), hardware requirements (hw), department (dept), type, and frequency:
| Label | Values |
| sla | high, medium, low |
| geo | east, west |
| hw | modest, strong |
| dept | finance, dev, ops |
| type | static, dynamic |
| frequency | high, weekly |
The following table shows selectors for route labels or namespace labels and a few sample selection expressions based on labels in the example. Route selection criteria are configured on the Citrix Ingress Controller by using environment variables ROUTE_LABELS and NAMESPACE_LABELS.
| Type of selector | Example |
| OR operation | ROUTE_LABELS=’dept in (dev, ops)’ |
| AND operation | ROUTE_LABELS=’hw=strong,type=dynamic,geo=west’ |
| NOT operation | ROUTE_LABELS=’dept!= finance’ |
| Exact match | NAMESPACE_LABELS=’frequency=weekly’ |
| Exact match with both route and namespace labels | NAMESPACE_LABELS=’frequency=weekly’ ROUTE_LABELS=’sla=low’ |
| Key based matching independent of value | NAMESPACE_LABELS=’name’ |
| NOT operation with key based matching independent of value | NAMESPACE_LABELS=’!name’ |
Please note, the label selectors use the language supported by Kubernetes labels.
If you want, you can change route or namespace labels by editing them later. Once you change the labels, router shard is revalidated, and the Citrix ingress controller updates the configuration on Citrix ADC based on the change.
Deploy Citrix ADC CPX with OpenShift router sharding
Follow these steps to deploy CPX with OpenShift router sharding support:
1) Download the yaml file using the following command:
wget https://raw.githubusercontent.com/citrix/citrix-k8s-ingress-controller/master/deployment/openshift/manifest/cpx_cic_side_car.yaml
2) Edit the yaml file and specify the route labels and namespace label selectors as environment variables. The following example shows how to specify a sample route label and namespace label in the yaml file. This example selects routes with label “name” values as either abc or xyz and with namespace label as frequency=high.
env:
- name: "ROUTE_LABELS"
value: "name in (abc,xyz)"
- name: "NAMESPACE_LABELS"
value: "frequency=high"3) Deploy the Citrix ingress controller using the following command.
oc create -f cpx_cic_side_car.yaml
Deploy the Citrix ingress controller router plug-in with OpenShift router sharding support
Follow these steps to deploy a Citrix ingress controller router plug-in with router sharding:
1) Download the yaml file using the following command:
wget https://raw.githubusercontent.com/citrix/citrix-k8s-ingress-controller/master/deployment/openshift/manifest/cic.yaml
2) Edit the yaml file and specify the route labels and namespace label selectors as environment variables. The following example shows how to specify a sample route label and namespace label in the yaml file. This example selects routes with label “name” values as either abc or xyz and with namespace label as frequency=high.
env:
- name: "ROUTE_LABELS"
value: "name in (abc,xyz)
- name: "NAMESPACE_LABELS"
value: "frequency=high"3) Deploy the Citrix ingress controller using the following command.
oc create -f cic.yaml
Create an OpenShift route and verify the route configuration on Citrix ADC VPX
Here’s how you create an OpenShift route with labels and verify the router shard configuration. In this example, route configuration is verified on a Citrix ADC VPX deployment.
Perform the following steps to create a sample route with labels.
1) Define the route in a YAML file. Following is an example for a sample route named as yaml.
apiVersion: v1
kind: Route
metadata:
name: web-backend-route
namespace: default
labels:
sla: low
name: abc
spec:
host: web-frontend.cpx-lab.org
path: "/web-backend"
port:
targetPort: 80
to:
kind: Service
name: web-backend
2) Use the following command to deploy the route.
oc create -f route.yaml
3) Add labels to the namespace where you create the route.
oc label namespace default 'frequency=high'
Verify route configuration
You can verify the OpenShift route configuration on a Citrix ADC VPX with the following steps:
1) Log on to Citrix ADC VPX by performing the following:
-
- Use an SSH client such as PuTTy, to open an SSH connection to Citrix ADC VPX.
- Log on to Citrix ADC VPX by using the administrator credentials.
2) Check if the service group is created using the following command.
show serviceGroup
3) Verify the route configuration on Citrix ADC VPX using the show serviceGroup command output. The following is a sample route configuration from the show serviceGroup command output.
show serviceGroup
k8s-web-backend-route_default_80_k8s-web-backend_default_80_svc - HTTP
State: ENABLED Effective State: DOWN Monitor Threshold : 0
Max Conn: 0 Max Req: 0 Max Bandwidth: 0 kbits
Use Source IP: NO
Client Keepalive(CKA): NO
TCP Buffering(TCPB): NO
HTTP Compression(CMP): NO
Idle timeout: Client: 180 sec Server: 360 sec
Client IP: DISABLED
Cacheable: NO
SC: OFF
SP: OFF
Down state flush: ENABLED
Monitor Connection Close : NONE
Appflow logging: ENABLED
ContentInspection profile name: ???
Process Local: DISABLED
Traffic Domain: 0Router sharding is a helpful feature for users who want to distribute routes among various nodes. By splitting the traffic, we can ensure that we reduce the number of clusters we use and enable optimal resource management.
Learn more Citrix ADC, router sharding, and how to enable router sharding for production and development traffic.
Citrix Tech Bytes – Created by Citrix Experts, made for Citrix Technologists! Learn from passionate Citrix Experts and gain technical insights into the latest Citrix Technologies.
Click here for more Tech Bytes and subscribe.
Want specific Tech Bytes? Let us know! tech-content-feedback@citrix.com.
