Multiple AKO Instances in a Cluster
AKO
Instances in a ClusterMultiple
AKO
instances can be deployed in a cluster to create namespace based isolation. This will allow AKO
to operate over a group of Kubernetes namespaces, in order to handle objects from these namespaces only.To run multiple
AKO
, the following features are used:- Namespace Sync Feature
- AKOinstallation in User Provided Namespace
- Configuring MultipleAKOInstances
- PrimaryAKOinstallation
- Non-PrimaryAKOInstallation
- Avi Object Name Convention
Namespace Sync Feature
The namespace sync feature allows Kubernetes/OpenShift objects from specific namespaces to be synced with
AKO
based NSX Advanced Load Balancer Controller
. For that, namespace has to be labelled with same key:value pair as the labelKey
and labelValue
mentioned in values.yaml
file. For more information on namespace sync feature, see Namespace Sync in AKO.
AKO installation in User Provided Namespace
AKO
installation in User Provided NamespaceWhile installing
AKO
, using helm, flag -n
or --namespace
can be used to specify namespace in which AKO
has to be installed. If this flag is not specified, AKO
will be installed in the avi-system
namespace.Configuring Multiple AKO Instances
AKO
InstancesIn multiple
AKO
deployment, one AKO
instance works as primary AKO
instance. This AKO
instance is responsible for VRF, static route configuration apart from syncing up Kubernetes/OpenShift objects from set of namespaces.The flag primaryInstance present in
values.yaml
denotes whether AKO
instance is primary or not. This flag takes boolean true
/false
value. True
indicates AKO
instance is primary.- In multipleAKOdeployment, only oneAKOinstance must be primary.
- EachAKOmust be deployed in a different namespace.
Primary AKO installation
AKO
installationIn the following example, primary
AKO
instance is running in avi-system
namespace with namespace sync filter app: migrate. So this AKO
will sync up Kubernetes/OpenShift objects from namespaces who has labels app: migrate
.helm install ako/ako --generate-name --version 1.10.1 -f /path/to/values.yaml --set ControllerSettings.controllerHost=<controller IP or Hostname> --set avicredentials.username=<avi-ctrl-username> --set avicredentials.password=<avi-ctrl-password> --set AKOSettings.namespaceSelector.labelKey="app" --set AKOSettings.namespaceSelector.labelValue="migrate" --set AKOSettings.primaryInstance=true --namespace=avi-system
The helm install command without
primaryInstance
parameter will deploy primary AKO
instance.Non-Primary AKO Installation
AKO
InstallationIn the following example, non-primary
AKO
instance is running in blue namespace with namespace sync filter key: value2
. So this AKO
will sync up Kubernetes/OpenShift objects from namespaces who has labels key: value2
.helm install ako/ako --generate-name --version 1.10.1 -f /path/to/values.yaml --set ControllerSettings.controllerHost=<controller IP or Hostname> --set avicredentials.username=<avi-ctrl-username> --set avicredentials.password=<avi-ctrl-password> --set AKOSettings.namespaceSelector.labelKey="key" --set AKOSettings.namespaceSelector.labelValue="value2" --set AKOSettings.primaryInstance=false --namespace=blue
Few things that to be considered in multiple
AKO
instances deployment:- AllAKOinstances must interact with sameNSX Advanced Load Balancer Controller
- Each Kubernetes/OpenShift namespace must be handled by oneAKOonly
- AllAKOmust be deployed either inClusterIPorNodePortorNodePortLocalmode
Avi Object Name Convention
- For non-primaryAKOinstance, naming convention for shared VS is:Shared-VS-Name = <cluster-name>–<AKO-namespace>-Shared-L7-<Shard number>. Here<AKO-namespace>is namespace in whichAKOpod is deployed.
- Non-primaryAKOinstance will create objects withusername=ako-<cluster-name>-<AKO-namespace>