Containers have revolutionized software development and deployment by giving DevOps and application teams a way to package their applications together with libraries and other dependencies to provide isolated environments for running their software services. Containerization allows for application portability across environments, which makes it a popular choice for teams deploying applications in hybrid and multi-cloud environments.
Effectively managing containers at scale requires the use of a container orchestrator like Kubernetes, which exposes an application as a network service. While the open source and lightweight Kubernetes platform is the right choice for many companies, those needing out-of-the-box features and support for running workloads in a hybrid cloud environment can benefit from Red Hat OpenShift. By building on Kubernetes to provide an enterprise-grade platform, Red Hat OpenShift simplifies the deployment and management of Kubernetes clusters while adding additional features, developer tools, and security enhancements.
NetScaler enterprise-grade Kubernetes ingress for OpenShift clusters
NetScaler enables you to optimize, secure, and route ingress traffic to single or multiple OpenShift clusters. Only NetScaler offers a fully automated proxy and ingress controller for Kubernetes environments that runs as a container within a Kubernetes cluster and converts any microservices-based application’s ingress definitions into NetScaler application delivery controller (ADC) configurations. By being able to configure ADCs from within the Kubernetes cluster, NetScaler has visibility within the Kubernetes cluster and can automatically respond to Kubernetes events.
The advantages of using NetScaler with Red Hat OpenShift
Key advantages of using NetScaler and Red Hat OpenShift together for load balancing and securing your microservices are:
- OpenShift-certified NetScaler Operator for deploying NetScaler Ingress Controller and NetScaler CPX (a containerized application delivery controller) in OpenShift clusters to support stateful applications
- SSL offloading and end-to-end SSL for HTTP/HTTPS applications deployed in OpenShift clusters for enhanced security
- Automated security configurations (TLS, WAF, bot mitigation, and more)
- Failover handling for high availability
NetScaler deployment modes for OpenShift
You can combine NetScaler instances in powerful and flexible topologies that complement organizational boundaries. Single-tier topologies are suited for organizations that need to handle high rates of change. Dual-tier deployments employ high-capacity hardware (NetScaler MPX) or virtualized NetScaler instances (NetScaler VPX) in the first tier to offload security functions and implement relatively static organizational policies while segmenting control between network operators and Kubernetes operators. The second tier includes NetScaler CPX (a containerized ADC) within the OpenShift Cluster and is under the control of the service owners.
NetScaler ingress for OpenShift (single tier)
In a single-tier topology, NetScaler Ingress Controller is deployed as a standalone pod in the Kubernetes cluster. The controller automates the configuration of NetScaler ADCs (NetScaler MPX or NetScaler VPX) based on the changes to the microservices or the ingress resources.
This deployment mode helps you easily use your existing NetScaler ADCs for newly migrated OpenShift applications. It provides a single entry for your ingress traffic and ensures secure and scalable access including SSL offloading and end-to-end SSL. It also provides the flexibility to upgrade your OpenShift clusters and applications without any downtime via canary deployments.
NetScaler ingress for OpenShift (single tier)
NetScaler ingress for OpenShift (dual tier)
In a dual-tier topology, NetScaler MPX (hardware ADC), NetScaler VPX (software ADC), or NetScaler BLX (software ADC for bare metal) in tier 1 proxy the traffic from the client to NetScaler CPX (containerized ADC) in tier 2. The tier 2 NetScaler CPX then routes the traffic to the microservices in the OpenShift cluster. This setup helps you delegate the ingress to the appropriate network admin or platform team. NetScaler CPX provides the flexibility to apply your own ingress policies without impacting other teams.
NetScaler ingress for OpenShift (dual tier)
Th dual-tier deployment mode provides stability for network operators while allowing OpenShift users to implement high-velocity changes. This deployment is highly preferred when you have significant workloads running as microservices and there is a need for a proxy inside the OpenShift cluster. Two of the key benefits of this deployment model are streamlined traffic management along with a dual layer of NetScaler security.
See how NetScaler and Red Hat OpenShift work together
In a joint webinar, NetScaler and Red Hat OpenShift product managers and solution architects demonstrate how to use NetScaler and OpenShift for deploying and delivering highly performant and secure applications, including:
- How to choose the right Kubernetes platform and ingress
- Why NetScaler for Red Hat OpenShift
- NetScaler Ingress Controller
- Containerized ingress proxy: NetScaler CPX
- NetScaler and Red Hat OpenShift integration
- Use cases
- Demo
Watch the NetScaler and Red Hat OpenShift on-demand webinar
This post was co-authored by Mayur Mohan Patil, NetScaler lead product manager, and Rohit Raveendran, NetScaler principal product marketing manager