Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

cSRX as a Service with Ingress Controller on AWS EKS

The cSRX can be deployed as a service using a Network Load Balancer with NGINX Ingress Controller on Amazon EKS. The cSRX deployed as a service in a deployment object allows you to scale-up and scale down by distributing the traffic among different cSRX PODs. Also, cSRX functions as a firewall, protecting workloads deployed in the cluster with rich advanced security services.
Figure 1: AWS EKS Ingress Controller AWS EKS Ingress Controller

To deploy the cSRX as Ingress controller on AWS EKS:

  1. Define and deploy cSRX as K8s POD or as ReplicaSet. This type of deployment is the standard K8s to define and to manage resource. Also, allows you to deploy cSRX container on specified work nodes, update or rollback based on your request.
  2. Use Kubectl and YAML templates to define and to deploy cSRX related resource on command line. K8s API server can process the request from other applications.
  3. Expose cSRX as K8s service with load balancing. EKS supports Kubernetes Network Load Balancer (NLB) and EKS specific Application Load Balancer (ALB).
  4. The cSRX POD will be identified with predefined selectors and exposed with supported load balancer. The load balancer can be the NGINX ingress controller and AWS NLB as external load balancer.
  5. Connect cSRX container to the external network using Multus with flannel CNI. cSRX requires at least three interfaces (1 management port and 2 revenue ports).