Kubernetes is an open-source container orchestration platform, designed to meet the needs of one of the largest technology companies in the world. It has gained significant popularity and industry adoption over the last few years as a result of its extensive customizability and rich community support.
Pulse Secure’s Virtual Application Delivery Controller (vADC) has supported customers through the rapid increase in deployment automation and developer-oriented solutions over the years with its flexible deployment and licensing model and has been a recognized by Gartner as a leading vendor and a key player in Mode 2 Application Development and Mode 1/Mode 2 Hybrid ADC use cases. As businesses migrate workloads into Kubernetes, they can continue to rely on Pulse Secure’s Virtual Traffic Manager (vTM) solution to deliver their applications efficiently, reliably, and securely.
vTM can be deployed into Kubernetes clusters using standard resources and deployment patterns, allowing it to take full advantage of Kubernetes features, such as horizontal autoscaling, and provide maximum flexibility to support the needs of operational teams.
The following provides some comparisons between the different ways in which vTM can be deployed in Kubernetes:
Per-cluster or per-application traffic managers
A set of traffic managers can manage all the applications deployed in the cluster using expressive routing logic to direct incoming traffic to the appropriate application. This deployment style provides a convenient single point of policy enforcement for the cluster.
Alternatively, traffic managers can be deployed independently for each application in the cluster, providing greater isolation and security between applications.
Host networking or Kubernetes networking
Traffic managers deployed in host networking mode can receive traffic sent directly to the Kubernetes cluster nodes on standard ports and distribute it to the applications deployed in the cluster.
Alternatively, traffic managers can be deployed entirely inside the cluster, receiving traffic from outside the cluster through a LoadBalancer or NodePort service. Deploying this way provides greater scalability, as traffic manager pods can be deployed on any cluster nodes, and also makes the cluster more portable.
Restricted nodes or full access to the cluster
Traffic manager instances can be given exclusive access to a specific set of cluster nodes by using the taint and affinity features of Kubernetes. This technique ensures that even if the rest of the cluster is overloaded, the traffic manager will continue to operate and will be able to redirect traffic or return an appropriate error response to the client. It also allows the traffic manager to protect other cluster nodes from becoming overloaded when ingress traffic spikes occur.
Pulse Secure vADC offers an extensive application delivery feature set to support delivery of applications deployed in Kubernetes, including:
For more information and resources on how to use Pulse vADC in a Kubernetes environment, see:
https://github.com/pulse-vadc/kubernetes-vtm
https://pulsesecure.net/vadc-community