How to Deploy the A10 Networks Secure Service Mesh in Red Hat OpenShift

What is Red Hat OpenShift?

Red Hat OpenShift is a comprehensive enterprise-grade platform built for containers with Kubernetes. With Red Hat OpenShift, developers can easily deploy applications using a library of supported technologies, so teams can choose the languages, frameworks, and databases they use to build and deploy their services. (visit here to know more about Red Hat OpenShift)

What is A10 Networks’ Secure Service Mesh?

A10 Networks’ Secure Service Mesh solution provides an easy, automated way to integrate enterprise-grade security and load-balancing/traffic management with comprehensive application visibility and analytics with no change to applications, and across their entire lifecycle.

The unified solution offers a highly scalable, software-defined distributed architecture incorporating three key components: A10 Lightning ADC, A10 Kubernetes Connector, and A10 Harmony Controller. (For more information visit product documentation about A10 Secure Service Mesh.)

Managing Application Traffic in Red Hat OpenShift using A10 Lightning ADC

The A10 Lightning ADC daemon-set can be deployed in a Kubernetes cluster to manage containerized application traffic within the cluster. The Lightning ADC management capabilities include load balancing and application security. The Harmony Controller provides centralized management for ADCs and analytics for the applications. For more information visit the Secure Service Mesh solution brief.

Deployment Architecture
Deployment Architecture

Prerequisites to deploying the A10 Networks Solution in Red Hat OpenShift

Understanding system prerequisites

Deploying A10 Networks Secure Service Mesh solution in Red Hat OpenShift

Red Hat OpenShift provides configuration options using a web-based GUI and command line lnterface (CLI) to deploy the application YAML files.

Note: The deployment and configuration steps mentioned below are using the CLI. Watch this video to learn more about the deployment steps using GUI

 

Assuming that you have A10 Harmony Controller and Red Hat OpenShift installed and working, follow the below steps to setup the Secure Service Mesh solution.

Create a Tenant account

create a Lightning ADC manual cluster in the tenant

Create the A10 Lightning ADC Daemon-set

Create a Secret

Create role-based Access Control

Create a A10 Kubernetes Connector

Create an Ingress Resource

An ingress resource is the object that allows users to define load balancing and content switching rules.

Deploy the Kubernetes Headless Service

When a Kubernetes service is created, by default, Kube-proxy plays the role of a load balancer. When Lightning ADC is added in the path, Kube-proxy becomes redundant. Deploying the application service as a headless service eliminates Kube-proxy from the path and traffic will be routed to Lightning ADC.

The A10 Harmony portal, “analytics dashboard” shows the real-time application user traffic stats like current traffic throughput, response time, connection details along with several metrics for different categories like client summary, ADC performance, application response time and server health, etc. The analytics metrics data helps admins to troubleshoot the application slowness or application access-related problems.

information summary about the client's geo location

The above image shows the information summary about the client’s geo location, client requests and server response codes, number of client requests received by Lightning ADC. This helps admins to identify and control user traffic.

round-trip HTTP request/response time

The above image shows the round-trip HTTP request/response time chart measured at different break-points. This helps the admin to visualize the latency at each of the break-points, providing a quick summary to quickly figure out if there are any issues that may need to be investigated.

Summary

Red Hat OpenShift provides a simple Kubernetes platform for users to deploy their own container-based applications using a library of supported technologies. This reduces the complexity and operational overhead of managing applications in Kubernetes. In addition, the A10 Lightning ADC daemon-set manages and monitors application traffic and provides application traffic visibility, security and granular analytics. The A10 Kubernetes Connector communicates the configuration specified in ingress resources or service labels to the A10 Harmony Controller via Harmony APIs and creates the required application configuration.


|

June 12, 2019

About Arshad Khan

Arshad serves as Senior Product Marketing Engineer at A10 Networks. Prior to joining A10 he worked in technical marketing, pre-sales and channel management roles at Appcito (which acquired in June 2016), Barracuda Networks, Radware and Westcon. He has several years of experience working in the application delivery, IT security and networking industry. READ MORE