Service Graph - Simplified onboarding

The onboarding process of service graph is simplified and you can onboard service graph by:

• Automatically deploying Citrix ADM agent as a Kubernetes job．

• Manually configuring service graph．

Automatically deploying Citrix ADM agent as a Kubernetes job

You can automate the onboarding process of service graph and this process automatically:

• Downloads the YAML required for the Citrix ADM agent.

• Configures the Citrix ADM agent.

• Registers the Kubernetes cluster in Citrix ADM.

• Performs the required settings to populate service graph in Citrix ADM.

Prerequisites

Ensure that you have:

• ACitrix Cloud account．

• InstalledKubernetesversion 1.19 or later.

• InstalledHELMversion 3.x.

• Opened the requiredports．

• Established the connectivity by configuring the static routes. For registering Citrix ADC MPX or VPX in Citrix ADM using the Citrix ADM agent, you must ensure to establish the connection between the cluster nodes and Citrix ADC MPX or VPX.

  Note

  In case you do not want to configure the static routes, you can configure the Citrix node controller. For more information, seehttps://github.com/citrix/citrix-k8s-node-controllerandhttps://github.com/citrix/citrix-helm-charts/tree/master/citrix-node-controller．

Get the client and secret CSV file from Citrix Cloud

After you configure the agent, get the client and secret CSV file from the Citrix Cloud page:

1. Log on to citrix.cloud.com

2. Click theHomeicon and selectIdentity and Access Management

   

3. From theAPI Accesstab, enter a secure client name and clickCreate Client．

   

4. ID and Secret is generated. ClickDownloadand save the CSV file.

   

5. Kubernetes主要节点上,跑下ing command to create an authorization token using the ID and secret:wget https://raw.githubusercontent.com/citrix/citrix-helm-charts/master/generate_token.py

   python3 generate_token.py --accessID= --accessSecret=

   Note

   The authorization token is valid only for 1-hour.

You can configure:

• Citrix ADM agent by creating an automatic secret

Or

• Citrix ADM agent by creating a manual secret

Configure the Citrix ADM by creating an automatic secret

Deploy Citrix ADM agent using the helm chart

Run the following commands in the Kubernetes main node to deploy the Citrix ADM agent:

helm repo add citrix https://citrix.github.io/citrix-helm-charts

helm install citrix-adm citrix/adm-agent-onboarding --namespace --set token=

The Citrix ADM agent is deployed, and the cluster is registered to the Citrix ADM. When you create the agent using the automatic secret, it also enables you to deploy theadm-agent-helper, along with the Citrix ADM agent that can create the Kubernetes Secret containing the Citrix ADM agent credentials.

This process happens automatically when the namespace is labeled ascitrix-cpx=enabled．运行以下命令在Kubernetes主要node:

kubectl label namespace citrix-cpx=enabled

Note

If you want not to deployadm-agent-helper, you can create the login secret manually for the Citrix ADM agent.

Register Citrix ADC VPX/MPX with Citrix ADM

Note

You can register the Citrix ADC VPX/MPX in Citrix ADM only for additional benefit.

To register the Citrix ADC VPX/MPX with Citrix ADM, you must establish the connectivity between Citrix ADC VPX or MPX and cluster nodes, by configuring the static routes. You can ignore this process if you have configured Citrix-node-controller.

You must create a Kubernetes secret containing the Citrix ADC VPX/MPX login credentials in the namespace. After this process, the Citrix ADM agent onboarding is started.

kubectl create secret generic nslogin --from-literal=username= --from-literal=password= -n

You must set the management IP address of Citrix ADC VPX/MPX as an environment variable:adc。知识产权．

helm repo add citrix https://citrix.github.io/citrix-helm-charts

helm install citrix-adm citrix/adm-agent-onboarding --namespace --set adc.IP=,adc.loginSecret=nslogin --set token=

Note

Ensure that the management HTTP port adc.mgmtHTTPPort and HTTPS port adc.mgmtHTTPSPort as 80 and 443 are open.

Configure the Citrix ADM agent by creating a manual secret

Citrix ADC CPX requires Citrix ADM agent login credentials for registering itself to Citrix ADM. You can manually set the namespace to deploy the Citrix ADC CPX.

kubectl create secret generic admlogin --from-literal=username=nsroot --from-literal=password= -n

After you create the secret, you can use the following command to configure the Citrix ADM agent.

helm install citrix-adm citrix/adm-agent-onboarding --namespace --set admAgent.loginSecret=admlogin --set token=

Register Citrix ADC VPX/MPX with Citrix ADM

To register the Citrix ADC VPX/MPX with Citrix ADM, you must establish the connectivity between Citrix ADC VPX or MPX and cluster nodes, by configuring the static routes. You can ignore this process if you have configuredCitrix-node-controller．

After configuring the static routes, you must create a Kubernetes secret containing the Citrix ADC VPX/MPX login credentials in the namespace. After this process, the Citrix ADM agent onboarding is started.

kubectl create secret generic nslogin --from-literal=username= --from-literal=password= -n

You must set the management IP address of Citrix ADC VPX/MPX as an environment variable:adc。知识产权．

helm repo add citrix https://citrix.github.io/citrix-helm-charts

helm install citrix-adm citrix/adm-agent-onboarding --namespace --set adc.IP=,adc.loginSecret=nslogin --set token=

Note

Ensure that the management HTTP port adc.mgmtHTTPPort and HTTPS port adc.mgmtHTTPSPort as 80 and 443 are open.

After you configure the mentioned steps, service graph starts to populate within 15 minutes duration. In Citrix ADM, navigate toApplications > Service Graphand then clickMicroservicesto view service graph.

Examples:

• To generate service graph with Service Mesh Lite, seeService graph example．

• To generate service graph of Citrix integration with Istio Service Mesh, seeService graph with Citrix ADC Observability and Citrix ADM．

Manually configuring service graph

You can populate service graph manually by:

• Configuring the Citrix ADM agent as a microservice in the Kubernetes cluster.

• Completing the other workflows such as registering cluster, adding instances, and enabling licensing and detailed TCP and Web transactions.

  Note

  If you want to use an existing Citrix ADM agent or configure an on-premises Citrix ADM agent using a hypervisor, follow the procedures atSetting up service graphto populate the service graph.

1. Navigate toApplications > Service Graphand select theMicroservicestab.

   You can view the microservices cluster is not configured. Click the option to configure.

   

2. SelectCustom Deployment．

3. Select the deployment type.

4. SelectMicroservicesas the application type.

5. ClickNextto set up the agent.

6. In theDownload Agent Microservicepage, specify the following parameters:

   1. Application ID– A string id to define the service for the agent in the Kubernetes cluster and distinguish this agent from other agents in the same cluster.

   2. Password– Specify a password for CPX to use this password to onboard CPX to Citrix ADM through the agent.

   3. Confirm Password– Specify the same password for confirmation.

      Note

      You must not use the default password (nsroot).

   4. ClickSubmit．

7. ClickDownload YAMLFile orDownload Helm Chart．

8. In the Kubernetes main mode, save the downloaded YAML file and run the following command to register the agent:

   kubectl create -f

   For example,kubectl create -f testing.yaml

   The agent is successfully created.

9. ClickRegister Agent．

   

   The page loads for a few seconds and displays the registered agent.

10. Ensure if the agent is present in the list and clickNext．

    

11. You must register the cluster. ClickAdd More Clustersand specify the following parameters:

    1. Name- Specify a name of your choice.

    2. API Server URL- You can get the API Server URL details from the Kubernetes main node.

       1. Kubernetes主要的节点上,运行命令kubectl cluster-info．

          

       2. Enter the URL that displays for“Kubernetes main is running at.”

    3. Authentication Token- Specify the authentication token. The authentication token is required to validate access for communication between Kubernetes cluster and Citrix ADM. To generate an authentication token:

       On the Kubernetes main node:

       1. Use the following YAML to create a service account:

          apiVersion: v1 kind: ServiceAccount metadata: name:  namespace:  

       2. Runkubectl create -f ．

          The service account is created.

       3. Runkubectl create clusterrolebinding --clusterrole=cluster-admin --serviceaccount=:to bind the cluster role to service account.

          The service account now has the cluster-wide access.

          A token is automatically generated while creating the service account.

       4. Runkubectl describe sa to view the token.

       5. To get the secret string, runkubectl describe secret ．

          

12. Select the agent from the list.

13. ClickCreate．

14. In theClusterspage, the cluster information is displayed. ClickNext．

    

15. Configure the CPX and VPX instances, and clickNext．

    

16. ClickNextto auto-license the virtual servers and to enable detailed web and TCP transactions.

    

17. The configurations are complete. SelectService Graphand clickDone．

    

The Service Graph gets populated in approximately 15 minutes. Navigate toApplications > Service Graphand select theMicroservicestab to view service graph.