• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
NetScaler Blog

NetScaler Blog

Application delivery and security blog

Application delivery and security blog
  • Application delivery
  • Application and API security
  • Application modernization
  • Observability
  • News

How to achieve high-performance and secure Kubernetes ingress with NetScaler and Red Hat OpenShift

March 18, 2024 by Mayur Mohan Patil

How to achieve high-performance and secure Kubernetes ingress with NetScaler and Red Hat OpenShift

Containers have revolutionized software development and deployment by giving DevOps and application teams a way to package their applications together with libraries and other dependencies to provide isolated environments for running their software services. Containerization allows for application portability across environments, which makes it a popular choice for teams deploying applications in hybrid and multi-cloud environments.

Effectively managing containers at scale requires the use of a container orchestrator like Kubernetes, which exposes an application as a network service. While the open source and lightweight Kubernetes platform is the right choice for many companies, those needing out-of-the-box features and support for running workloads in a hybrid cloud environment can benefit from Red Hat OpenShift. By building on Kubernetes to provide an enterprise-grade platform, Red Hat OpenShift simplifies the deployment and management of Kubernetes clusters while adding additional features, developer tools, and security enhancements.

NetScaler enterprise-grade Kubernetes ingress for OpenShift clusters 

NetScaler enables you to optimize, secure, and route ingress traffic to single or multiple OpenShift clusters. Only NetScaler offers a fully automated proxy and ingress controller for Kubernetes environments that runs as a container within a Kubernetes cluster and converts any microservices-based application’s ingress definitions into NetScaler application delivery controller (ADC) configurations. By being able to configure ADCs from within the Kubernetes cluster, NetScaler has visibility within the Kubernetes cluster and can automatically respond to Kubernetes events.

The advantages of using NetScaler with Red Hat OpenShift

Key advantages of using NetScaler and Red Hat OpenShift together for load balancing and securing your microservices are:

  • OpenShift-certified NetScaler Operator for deploying NetScaler Ingress Controller and NetScaler CPX (a containerized application delivery controller) in OpenShift clusters to support stateful applications 
  • SSL offloading and end-to-end SSL for HTTP/HTTPS applications deployed in OpenShift clusters for enhanced security 
  • Automated security configurations (TLS, WAF, bot mitigation, and more)
  • Failover handling for high availability 

NetScaler deployment modes for OpenShift

You can combine NetScaler instances in powerful and flexible topologies that complement organizational boundaries. Single-tier topologies are suited for organizations that need to handle high rates of change. Dual-tier deployments employ high-capacity hardware (NetScaler MPX) or virtualized NetScaler instances (NetScaler VPX) in the first tier to offload security functions and implement relatively static organizational policies while segmenting control between network operators and Kubernetes operators. The second tier includes NetScaler CPX (a containerized ADC) within the OpenShift Cluster and is under the control of the service owners. 

NetScaler ingress for OpenShift (single tier)

In a single-tier topology, NetScaler Ingress Controller is deployed as a standalone pod in the Kubernetes cluster. The controller automates the configuration of NetScaler ADCs (NetScaler MPX or NetScaler VPX) based on the changes to the microservices or the ingress resources. 

This deployment mode helps you easily use your existing NetScaler ADCs for newly migrated OpenShift applications. It provides a single entry for your ingress traffic and ensures secure and scalable access including SSL offloading and end-to-end SSL. It also provides the flexibility to upgrade your OpenShift clusters and applications without any downtime via canary deployments.

    NetScaler ingress for OpenShift (single tier)

NetScaler ingress for OpenShift single tier

NetScaler ingress for OpenShift (dual tier)

In a dual-tier topology, NetScaler MPX (hardware ADC), NetScaler VPX (software ADC), or NetScaler BLX (software ADC for bare metal) in tier 1 proxy the traffic from the client to NetScaler CPX (containerized ADC) in tier 2. The tier 2 NetScaler CPX then routes the traffic to the microservices in the OpenShift cluster. This setup helps you delegate the ingress to the appropriate network admin or platform team. NetScaler CPX provides the flexibility to apply your own ingress policies without impacting other teams. 

NetScaler ingress for OpenShift (dual tier)

NetScaler ingress for OpenShift dual tier

        

Th dual-tier deployment mode provides stability for network operators while allowing OpenShift users to implement high-velocity changes. This deployment is highly preferred when you have significant workloads running as microservices and there is a need for a proxy inside the OpenShift cluster. Two of the key benefits of this deployment model are streamlined traffic management along with a dual layer of NetScaler security.        

See how NetScaler and Red Hat OpenShift work together

In a joint webinar, NetScaler and Red Hat OpenShift product managers and solution architects demonstrate how to use NetScaler and OpenShift for deploying and delivering highly performant and secure applications, including:

  • How to choose the right Kubernetes platform and ingress
  • Why NetScaler for Red Hat OpenShift
    • NetScaler Ingress Controller
    • Containerized ingress proxy: NetScaler CPX
  • NetScaler and Red Hat OpenShift integration
    • Use cases
    • Demo

Watch the NetScaler and Red Hat OpenShift on-demand webinar 

This post was co-authored by Mayur Mohan Patil, NetScaler lead product manager, and Rohit Raveendran, NetScaler principal product marketing manager

Categories: Application delivery Tagged With: Application delivery, Application modernization, Application security, Kubernetes

Primary Sidebar

Popular posts

NetScaler Next-Gen API

Introducing NetScaler Next-Gen API: The declarative API for application developers 

June 17, 2024

Terraform provider for NetScaler SDX

Introducing the Terraform provider for NetScaler SDX

May 30, 2024

NetScaler now accepting GitHub community contributions

May 2, 2024

Introducing NetScaler CPX Express: A DevOps-friendly, free Kubernetes ingress proxy 

March 28, 2024

NetScaler: The power of one

NetScaler: The power of one

March 5, 2024

New utility converts NetScaler configurations into IaC for greater automation

New utility converts NetScaler configurations into IaC for greater automation

April 3, 2025

NetScaler 13.1-FIPS achieves NDcPP certification from NIAP and the CCCS

NetScaler 13.1-FIPS achieves NDcPP certification

February 27, 2025

CVE-2024-12284: High-severity security update for NetScaler Console

CVE-2024-12284: High-severity security update for NetScaler Console

February 18, 2025

Footer

Product resources

  • NetScaler editions
  • Integrations
  • Documentation
  • GitHub
  • Downloads

Support

  • Ask the community
  • Contact support

Company

  • NetScaler.com
  • About NetScaler
  • Contact us
  • Newsroom
  • Careers

  • Legal
  • Do not sell my personal information
  • Cookie preferences
© 2023 Cloud Software Group, Inc. All rights reserved.