How to Deploy the A10 Networks Secure Service Mesh in Red Hat OpenShift
What is Red Hat OpenShift?
Red Hat OpenShift is a comprehensive enterprise-grade platform built for containers with Kubernetes. With Red Hat OpenShift, developers can easily deploy applications using a library of supported technologies, so teams can choose the languages, frameworks, and databases they use to build and deploy their services. (visit here to know more about Red Hat OpenShift)
What is A10 Networks’ Secure Service Mesh?
A10 Networks’ Secure Service Mesh solution provides an easy, automated way to integrate enterprise-grade security and load-balancing/traffic management with comprehensive application visibility and analytics with no change to applications, and across their entire lifecycle.
The unified solution offers a highly scalable, software-defined distributed architecture incorporating three key components: A10 Lightning ADC, A10 Kubernetes Connector, and A10 Harmony Controller. (For more information visit product documentation about A10 Secure Service Mesh.)
Managing Application Traffic in Red Hat OpenShift using A10 Lightning ADC
The A10 Lightning ADC daemon-set can be deployed in a Kubernetes cluster to manage containerized application traffic within the cluster. The Lightning ADC management capabilities include load balancing and application security. The Harmony Controller provides centralized management for ADCs and analytics for the applications. For more information visit the Secure Service Mesh solution brief.
Prerequisites to deploying the A10 Networks Solution in Red Hat OpenShift
Understanding system prerequisites
- Set up master and worker nodes to deploy OpenShift on a physical or virtual system
- Install the Red Hat OpenShift
- Enable privileged containers to run in OpenShift
- Deploy A10 Networks Secure Service Mesh solution that includes Lightning ADC as daemon-set and Kubernetes Connector and Harmony Controller
- Deploy A10 Harmony Controller in the data center
- Log on to Harmony Controller and create a manual Lightning ADC Cluster
- Create RBAC (Service Account) for A10 Kubernetes Connector
Deploying A10 Networks Secure Service Mesh solution in Red Hat OpenShift
Red Hat OpenShift provides configuration options using a web-based GUI and command line lnterface (CLI) to deploy the application YAML files.
Note: The deployment and configuration steps mentioned below are using the CLI. Watch this video to learn more about the deployment steps using GUI
Assuming that you have A10 Harmony Controller and Red Hat OpenShift installed and working, follow the below steps to setup the Secure Service Mesh solution.
Create a Tenant account
- Open a browser and login in to the A10 Harmony Portal using provider credentials and create a tenant account.
- Now, create a Lightning ADC manual cluster in the tenant. Once you create a Lightning ADC manual cluster, make a note of the “cluster-id” and “API server URL” information as shown in the image.
Create the A10 Lightning ADC Daemon-set
- Once you have a manual Lightning ADC cluster-id generated, you can create a Lightning ADC daemon-set by using cluster-id and API server URL parameters defined in daemon-set yaml file.
- Deploy a A10 Lightning ADC daemon-set by downloading the sample LADC_daemon_Set.yaml file to a master node.
- Edit the sample LADC_daemon_Set.yaml file and input the “ladc_cluster_id” and “API server URL” details into the file and save the changes to the file.
- Use the below command to deploy the A10 Lightning ADC daemon-set.
# oc create -f LADC_demon_Set.yaml
Create a Secret
- Place the Harmony Controller access credentials in a Kubernetes secret using sample “secret.yaml” file.
- Edit the file and input the tenant username and password in base64 format and save the changes to the file.
- Create the tenant credential as a Kubernetes secret using the following command.
# oc create -f secret.yaml
Create role-based Access Control
- Deploy role-based access (RBAC) by downloading the sample “RABC.yaml” file.
# oc create -f RBAC.yaml
Create a A10 Kubernetes Connector
- Deploy A10 Kubernetes Connector by downloading the sample “deploy_A10_Kubernetes_Connector.yaml” file.
- Edit the file and input the parameters like Harmony Controller URL, tenant name, LADC cluster name, and save the changes to the file.
- Deploy the A10 Kubernetes Connector by using the following command
# oc create -f deploy_A10_Kubernetes_Connector.yaml
Create an Ingress Resource
An ingress resource is the object that allows users to define load balancing and content switching rules.
- Create an ingress resource by downloading sample “ingress_resource.yaml” file.
- Edit the file and input the parameters like service name, hostname, back-end service name port number.
- Deploy the ingress controller resource using the below command.
# oc create -f ingress_resource.yaml
Deploy the Kubernetes Headless Service
When a Kubernetes service is created, by default, Kube-proxy plays the role of a load balancer. When Lightning ADC is added in the path, Kube-proxy becomes redundant. Deploying the application service as a headless service eliminates Kube-proxy from the path and traffic will be routed to Lightning ADC.
- Access the application URL, i.e http://myapplication.com using a browser. The application FQDN should be configured in DNS pointing towards the Kubernetes Node(s) IP address.
- To view application traffic analytics, log-on to the A10 Harmony Controller portal GUI.
The A10 Harmony portal, “analytics dashboard” shows the real-time application user traffic stats like current traffic throughput, response time, connection details along with several metrics for different categories like client summary, ADC performance, application response time and server health, etc. The analytics metrics data helps admins to troubleshoot the application slowness or application access-related problems.
The above image shows the information summary about the client’s geo location, client requests and server response codes, number of client requests received by Lightning ADC. This helps admins to identify and control user traffic.
The above image shows the round-trip HTTP request/response time chart measured at different break-points. This helps the admin to visualize the latency at each of the break-points, providing a quick summary to quickly figure out if there are any issues that may need to be investigated.
Red Hat OpenShift provides a simple Kubernetes platform for users to deploy their own container-based applications using a library of supported technologies. This reduces the complexity and operational overhead of managing applications in Kubernetes. In addition, the A10 Lightning ADC daemon-set manages and monitors application traffic and provides application traffic visibility, security and granular analytics. The A10 Kubernetes Connector communicates the configuration specified in ingress resources or service labels to the A10 Harmony Controller via Harmony APIs and creates the required application configuration.