AKO Explained

calendar 26-10-2022 · 6 min read · kubernetes ingress loadbalancing ako  ·
Share on: linkedin copy

Overview

What is AKO?

AKO is an operator which works as an ingress controller and performs Avi-specific functions in an OpenShift/Kubernetes environment with the Avi Controller. It runs as a pod in the cluster and translates the required OpenShift/Kubernetes objects to Avi objects and automates the implementation of ingresses/routes/services on the Service Engines (SE) via the Avi Controller. ref: link

How to install AKO

AKO is very easy installed with Helm. Four basic steps needs to be done.

  1. Create a namespace for AKO in your kubernetes cluster: kubectl create ns avi-system
  2. Add AKO Helm reposistory: helm repo add ako https://projects.registry.vmware.com/chartrepo/ako
  3. Get the current values for the versions you want: helm show values ako/ako --version 1.9.1 > values.yaml
  4. Deploy (after values have been edited to suit your environment): helm install ako/ako --generate-name --version 1.9.1 -f values.yaml -n avi-system

AKO Helm values explained

Before deploying AKO there are some parameters that should be configured, or most likely the deployment will fail. Below is an example file where the different fields are explained:

  1# Default values for ako.
  2# This is a YAML-formatted file.
  3# Declare variables to be passed into your templates.
  4
  5replicaCount: 1
  6
  7image:
  8  repository: projects.registry.vmware.com/ako/ako #If using your own registry update accordingly
  9  pullPolicy: IfNotPresent
 10
 11### This section outlines the generic AKO settings
 12AKOSettings:
 13  primaryInstance: true # Defines AKO instance is primary or not. Value `true` indicates that AKO instance is primary. In a multiple AKO deployment in a cluster, only one AKO instance should be primary. Default value: true.
 14  enableEvents: 'true' # Enables/disables Event broadcasting via AKO 
 15  logLevel: WARN   # enum: INFO|DEBUG|WARN|ERROR
 16  fullSyncFrequency: '1800' # This frequency controls how often AKO polls the Avi controller to update itself with cloud configurations.
 17  apiServerPort: 8080 # Internal port for AKO's API server for the liveness probe of the AKO pod default=8080
 18  deleteConfig: 'false' # Has to be set to true in configmap if user wants to delete AKO created objects from AVI 
 19  disableStaticRouteSync: 'false' # If the POD networks are reachable from the Avi SE, set this knob to true.
 20  clusterName: my-cluster   # A unique identifier for the kubernetes cluster, that helps distinguish the objects for this cluster in the avi controller. // MUST-EDIT
 21  cniPlugin: '' # Set the string if your CNI is calico or openshift. enum: calico|canal|flannel|openshift|antrea|ncp
 22  enableEVH: false # This enables the Enhanced Virtual Hosting Model in Avi Controller for the Virtual Services
 23  layer7Only: false # If this flag is switched on, then AKO will only do layer 7 loadbalancing.Must be true if used in a TKC cluster / Tanzu with vSphere
 24  # NamespaceSelector contains label key and value used for namespacemigration
 25  # Same label has to be present on namespace/s which needs migration/sync to AKO
 26  namespaceSelector:
 27    labelKey: ''
 28    labelValue: ''
 29  servicesAPI: false # Flag that enables AKO in services API mode: https://kubernetes-sigs.github.io/service-apis/. Currently implemented only for L4. This flag uses the upstream GA APIs which are not backward compatible 
 30                     # with the advancedL4 APIs which uses a fork and a version of v1alpha1pre1 
 31  vipPerNamespace: 'false' # Enabling this flag would tell AKO to create Parent VS per Namespace in EVH mode
 32  istioEnabled: false # This flag needs to be enabled when AKO is be to brought up in an Istio environment
 33  # This is the list of system namespaces from which AKO will not listen any Kubernetes or Openshift object event.
 34  blockedNamespaceList: []
 35  # blockedNamespaceList:
 36  #   - kube-system
 37  #   - kube-public
 38  ipFamily: '' # This flag can take values V4 or V6 (default V4). This is for the backend pools to use ipv6 or ipv4. For frontside VS, use v6cidr
 39
 40
 41### This section outlines the network settings for virtualservices. 
 42NetworkSettings:
 43  ## This list of network and cidrs are used in pool placement network for vcenter cloud.
 44  ## Node Network details are not needed when in nodeport mode / static routes are disabled / non vcenter clouds.
 45  nodeNetworkList: []
 46  # nodeNetworkList:
 47  #   - networkName: "network-name"
 48  #     cidrs:
 49  #       - 10.0.0.1/24
 50  #       - 11.0.0.1/24
 51  enableRHI: false # This is a cluster wide setting for BGP peering.
 52  nsxtT1LR: '' # T1 Logical Segment mapping for backend network. Only applies to NSX-T cloud.
 53  bgpPeerLabels: [] # Select BGP peers using bgpPeerLabels, for selective VsVip advertisement.
 54  # bgpPeerLabels:
 55  #   - peer1
 56  #   - peer2
 57  vipNetworkList: [] # Network information of the VIP network. Multiple networks allowed only for AWS Cloud.
 58  # vipNetworkList:
 59  #  - networkName: net1
 60  #    cidr: 100.1.1.0/24
 61  #    v6cidr: 2002::1234:abcd:ffff:c0a8:101/64 # Setting this will enable the VS networks to use ipv6 
 62### This section outlines all the knobs  used to control Layer 7 loadbalancing settings in AKO.
 63L7Settings:
 64  defaultIngController: 'true'
 65  noPGForSNI: false # Switching this knob to true, will get rid of poolgroups from SNI VSes. Do not use this flag, if you don't want http caching. This will be deprecated once the controller support caching on PGs.
 66  serviceType: ClusterIP # enum NodePort|ClusterIP|NodePortLocal. NodePortLocal can only be used if Antrea is the CNI
 67  shardVSSize: LARGE   # Use this to control the layer 7 VS numbers. This applies to both secure/insecure VSes but does not apply for passthrough. ENUMs: LARGE, MEDIUM, SMALL, DEDICATED
 68  passthroughShardSize: SMALL   # Control the passthrough virtualservice numbers using this ENUM. ENUMs: LARGE, MEDIUM, SMALL
 69  enableMCI: 'false' # Enabling this flag would tell AKO to start processing multi-cluster ingress objects.
 70
 71### This section outlines all the knobs  used to control Layer 4 loadbalancing settings in AKO.
 72L4Settings:
 73  defaultDomain: '' # If multiple sub-domains are configured in the cloud, use this knob to set the default sub-domain to use for L4 VSes.
 74  autoFQDN: default   # ENUM: default(<svc>.<ns>.<subdomain>), flat (<svc>-<ns>.<subdomain>), "disabled" If the value is disabled then the FQDN generation is disabled.
 75
 76### This section outlines settings on the Avi controller that affects AKO's functionality.
 77ControllerSettings:
 78  serviceEngineGroupName: Default-Group   # Name of the ServiceEngine Group.
 79  controllerVersion: '' # The controller API version
 80  cloudName: Default-Cloud   # The configured cloud name on the Avi controller.
 81  controllerHost: '' # IP address or Hostname of Avi Controller
 82  tenantName: admin   # Name of the tenant where all the AKO objects will be created in AVI.
 83
 84nodePortSelector: # Only applicable if serviceType is NodePort
 85  key: ''
 86  value: ''
 87
 88resources:
 89  limits:
 90    cpu: 350m
 91    memory: 400Mi
 92  requests:
 93    cpu: 200m
 94    memory: 300Mi
 95
 96securityContext: {}
 97
 98podSecurityContext: {}
 99
100rbac:
101  # Creates the pod security policy if set to true
102  pspEnable: false
103
104
105avicredentials:
106  username: ''
107  password: ''
108  authtoken:
109  certificateAuthorityData:
110
111
112persistentVolumeClaim: ''
113mountPath: /log
114logFile: avi.log

More info here