Networking/v1 Ingress Support
AKO
partially supports networking/v1 ingress. AKO
automatically detects whether ingress-class
api is enabled/available in the cluster it is operating in. If the ingress-class
api is enabled, AKO
switches to use the IngressClass
objects, instead of the previously available alternative of using kubernetes.io/ingress.class
annotations in Ingress objects.The following networking/v1 ingress specific features are supported in
AKO
:- IngressClass
- Default IngressClass
IngressClass object
IngressClass corresponding to
AKO
as the ingress Controller gets deployed as part of helm install/upgrade. Helm autodetects the presence of IngressClass
api enabled on the cluster, and if it does, creates the IngressClass
object. The IngressClass
object will look something like this:apiVersion: networking.k8s.io/v1 kind: IngressClass metadata: name: avi-lb spec: controller: ako.vmware.com/avi-lb parameters: apiGroup: ako.vmware.com kind: IngressParameters name: external-lb
The
IngressClass
can be defined using other names. However, it is important that the .spec.controller
value specified matches ako.vmware.com/avi-lb
.As part of the helm install/upgrade, if the
defaultIngController
is set to true
, AKO
’s helm chart would apply the ingressclass.kubernetes.io/is-default-class
as follows:metadata: name: avi-lb annotations: ingressclass.kubernetes.io/is-default-class: "true"
Setting the
ingressclass.kubernetes.io/is-default-class
to true
enables AKO
to implement all Ingresses, even if the ingressClassName
is not explicitly specified/the value is None in the Ingress objects. The ingressclass.kubernetes.io/is-default-class
annotation comes in handy when upgrading to an IngressClass
enabled cluster. This is because while upgrading Ingresses from the ingress class annotation approach to the IngressClass
object approach, the upgraded Ingresses would result in having ingressClassName
set to None.Ingress and IngressClass
To provide a Controller to implement a given ingress, in addition to creating the
IngressClass
object, the ingressClassName
must be specified, that matches the IngressClass
name. The ingress looks as shown below:apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: name: my-ingress spec: ingressClassName: avi-lb rules: - host: myinsecurehost.avi.internal http: paths: - path: /foo backend: serviceName: service1 servicePort: 80
Alternatively, if the
ingressClassName
is empty, AKO
checks foringressclass.kubernetes.io/is-default-class
to be set to true
on an IngressClass
belonging to AKO
(with .spec.controller: ako.vmware.com/avi-lb
).Removing IngressClass from the cluster would delete all Ingress associated objects from
NSX Advanced Load Balancer
. Therefore it is suggested to handle IngressClass
with caution.