How to Deploy the A10 Networks Secure Service Mesh in Red Hat OpenShift

Arshad Khan
June 12, 2019

How to Deploy the A10 Networks Secure Service Mesh in Red Hat OpenShift

What is Red Hat OpenShift?

Red Hat OpenShift is a comprehensive enterprise-grade platform built for containers with Kubernetes. With Red Hat OpenShift, developers can easily deploy applications using a library of supported technologies, so teams can choose the languages, frameworks, and databases they use to build and deploy their services. (visit here to know more about Red Hat OpenShift)

What is A10 Networks’ Secure Service Mesh?

A10 Networks’ Secure Service Mesh solution provides an easy, automated way to integrate enterprise-grade security and load-balancing/traffic management with comprehensive application visibility and analytics with no change to applications, and across their entire lifecycle.

The unified solution offers a highly scalable, software-defined distributed architecture incorporating three key components: A10 Lightning ADC, A10 Kubernetes Connector, and A10 Harmony Controller. (For more information visit product documentation about A10 Secure Service Mesh.)

Managing Application Traffic in Red Hat OpenShift using A10 Lightning ADC

The A10 Lightning ADC daemon-set can be deployed in a Kubernetes cluster to manage containerized application traffic within the cluster. The Lightning ADC management capabilities include load balancing and application security. The Harmony Controller provides centralized management for ADCs and analytics for the applications. For more information visit the Secure Service Mesh solution brief.

Deployment Architecture

Deployment Architecture

Prerequisites to deploying the A10 Networks Solution in Red Hat OpenShift

Understanding system prerequisites

Deploying A10 Networks Secure Service Mesh solution in Red Hat OpenShift

Red Hat OpenShift provides configuration options using a web-based GUI and command line lnterface (CLI) to deploy the application YAML files.

Note: The deployment and configuration steps mentioned below are using the CLI. Watch this video to learn more about the deployment steps using GUI


Assuming that you have A10 Harmony Controller and Red Hat OpenShift installed and working, follow the below steps to setup the Secure Service Mesh solution.

Create a Tenant account

  • Open a browser and login in to the A10 Harmony Portal using provider credentials and create a tenant account.
  • Now, create a Lightning ADC manual cluster in the tenant. Once you create a Lightning ADC manual cluster, make a note of the “cluster-id” and “API server URL” information as shown in the image.

create a Lightning ADC manual cluster in the tenant

Create the A10 Lightning ADC Daemon-set

  • Once you have a manual Lightning ADC cluster-id generated, you can create a Lightning ADC daemon-set by using cluster-id and API server URL parameters defined in daemon-set yaml file.
  • Deploy a A10 Lightning ADC daemon-set by downloading the sample LADC_daemon_Set.yaml file to a master node.
  • Edit the sample LADC_daemon_Set.yaml file and input the “ladc_cluster_id” and “API server URL” details into the file and save the changes to the file.
  • Use the below command to deploy the A10 Lightning ADC daemon-set.
    # oc create -f LADC_demon_Set.yaml

Create a Secret

  • Place the Harmony Controller access credentials in a Kubernetes secret using sample “secret.yaml” file.
  • Edit the file and input the tenant username and password in base64 format and save the changes to the file.
  • Create the tenant credential as a Kubernetes secret using the following command.
    # oc create -f secret.yaml

Create role-based Access Control

  • Deploy role-based access (RBAC) by downloading the sample “RABC.yaml” file.
    # oc create -f RBAC.yaml

Create a A10 Kubernetes Connector

  • Deploy A10 Kubernetes Connector by downloading the sample “deploy_A10_Kubernetes_Connector.yaml” file.
  • Edit the file and input the parameters like Harmony Controller URL, tenant name, LADC cluster name, and save the changes to the file.
  • Deploy the A10 Kubernetes Connector by using the following command
    # oc create -f deploy_A10_Kubernetes_Connector.yaml

Create an Ingress Resource

An ingress resource is the object that allows users to define load balancing and content switching rules.

  • Create an ingress resource by downloading sample “ingress_resource.yaml” file.
  • Edit the file and input the parameters like service name, hostname, back-end service name port number.
  • Deploy the ingress controller resource using the below command.
    # oc create -f ingress_resource.yaml

Deploy the Kubernetes Headless Service

When a Kubernetes service is created, by default, Kube-proxy plays the role of a load balancer. When Lightning ADC is added in the path, Kube-proxy becomes redundant. Deploying the application service as a headless service eliminates Kube-proxy from the path and traffic will be routed to Lightning ADC.

  • Access the application URL, i.e http://myapplication.com using a browser. The application FQDN should be configured in DNS pointing towards the Kubernetes Node(s) IP address.
  • To view application traffic analytics, log-on to the A10 Harmony Controller portal GUI.

The A10 Harmony portal, “analytics dashboard” shows the real-time application user traffic stats like current traffic throughput, response time, connection details along with several metrics for different categories like client summary, ADC performance, application response time and server health, etc. The analytics metrics data helps admins to troubleshoot the application slowness or application access-related problems.

information summary about the client's geo location

The above image shows the information summary about the client’s geo location, client requests and server response codes, number of client requests received by Lightning ADC. This helps admins to identify and control user traffic.

round-trip HTTP request/response time

The above image shows the round-trip HTTP request/response time chart measured at different break-points. This helps the admin to visualize the latency at each of the break-points, providing a quick summary to quickly figure out if there are any issues that may need to be investigated.


Red Hat OpenShift provides a simple Kubernetes platform for users to deploy their own container-based applications using a library of supported technologies. This reduces the complexity and operational overhead of managing applications in Kubernetes. In addition, the A10 Lightning ADC daemon-set manages and monitors application traffic and provides application traffic visibility, security and granular analytics. The A10 Kubernetes Connector communicates the configuration specified in ingress resources or service labels to the A10 Harmony Controller via Harmony APIs and creates the required application configuration.


Arshad Khan
June 12, 2019

About Arshad Khan

Arshad serves as Senior Product Marketing Engineer at A10 Networks. Prior to joining A10 he worked in technical marketing, pre-sales and channel management roles at Appcito (which acquired in June 2016), Barracuda Networks, Radware and Westcon. He has several years of experience working in the application delivery, IT security and networking industry. READ MORE

How cloud-ready and modernized are your application services?

Take this brief multi-cloud application services assessment and receive a customized report.

Take the Survey How cloud-ready and modernized are your application services?