Avi Kubernetes Operator All Versions

AKO 1.13 1.12 1.11 1.10

LoadBalancerClass support for LB Services with
AKO

Starting with version 1.12.1,
AKO
 supports
spec.LoadBalancerClass
 field in Loadbalancer type services.

Conditions for Validation

AKO
 will now check if it is the default LoadBalancer controller using the boolean parameter
defaultLBController
 that can be found under the
L4Settings
 field in values.yaml. Based on this value,
AKO
 will exhibit 2 behaviours:
L4Settings:
  defaultLBController: "true"
  1. If
    defaultLBController
     ==
    true
    :
    AKO
     will ingest all
    Loadbalancer
     services which either do not have
    spec.LoadBalancerClass
     field populated or explicitly have
    spec.LoadBalancerClass
     ==
    "ako.vmware.com/avi-lb"
    .
    AKO
     will not ingest any
    Loadbalancer
     service which have
    spec.LoadBalancerClass
     !=
    "ako.vmware.com/avi-lb"
    .
    LB Service with valid LoadBalancerClass field
    apiVersion: v1
kind: Service
metadata:
  name: avisvc-lb
  namespace: red
spec:
  loadBalancerClass: ako.vmware.com/avi-lb
  type: LoadBalancer
  ports:
    - port: 80
      targetPort: 8080
      name: eighty
  selector:
    app: avi-server
    LB Service with empty LoadBalancerClass field
    apiVersion: v1
kind: Service
metadata:
  name: avisvc-lb
  namespace: red
spec:
  type: LoadBalancer
  ports:
    - port: 80
      targetPort: 8080
      name: eighty
  selector:
    app: avi-server
  2. If
    defaultLBController
     == false:
    AKO
     will ingest only those
    LoadBalancer
     services which have
    spec.LoadBalancerClass
     ==
    "ako.vmware.com/avi-lb"
    .
    AKO
     will not ingest any
    LoadBalancer
     services which either do not have
    spec.LoadBalancerClass
     field populated or have
    spec.LoadBalancerClass
     !=
    "ako.vmware.com/avi-lb"
    .
    LB Service with invalid LoadBalancerClass field
    apiVersion: v1
kind: Service
metadata:
  name: avisvc-lb
  namespace: red
spec:
  loadBalancerClass: <not-avi-lb-value>
  type: LoadBalancer
  ports:
    - port: 80
      targetPort: 8080
      name: eighty
  selector:
    app: avi-server
  1. By default,
    AKO
     will have
    defaultLBController
     == true.
  2. After the service is created,
    spec.LoadBalancerClass
     field is immutable. To change the value of the field, the service manifest must be updated and the service needs to be re-created.

Shared VIP Services

For a dedicated virtual service to successfully come up with multiple LoadBalancer Services with shared-vip annotation, all the services must pass the validation check according to the conditions mentioned above. Failure of any single shared VIP service validation will invalidate the Dedicated virtual service.
Invalid shared-vip configuration
apiVersion: v1
kind: Service
metadata:
  annotations:
    ako.vmware.com/enable-shared-vip: "shared-vip-key-1"
  name: sharedvip-avisvc-lb1
  namespace: default
spec:
  loadBalancerClass: ako.vmware.com/avi-lb
  type: LoadBalancer
  ports:
  - port: 80
    targetPort: 8080
  selector:
    app: avi-server
---
apiVersion: v1
kind: Service
metadata:
  annotations:
    ako.vmware.com/enable-shared-vip: "shared-vip-key-1"
  name: sharedvip-avisvc-lb2
  namespace: default
spec:
  loadBalancerClass: <not-avi-lb-value> # 1 LB Service has invalid LBClass value
  type: LoadBalancer
  ports:
  - port: 80
    protocol: UDP
    targetPort: 8080
  selector:
    app: avi-server
Deleting the invalid service(s) (in this case,
sharedvip-avisvc-lb2
) from the cluster will validate the remaining services and a dedicated virtual service will come up successfully.

CRDs

Application of aviinfrasetting and l4rule CRDs will first validate any corresponding
LoadBalancer
 services for LBClass. CRDs will only be applied to validated
LoadBalancer
 services.
apiVersion: v1
  kind: Service
  metadata:
    name: my-service
    annotations:
      aviinfrasetting.ako.vmware.com/name: "my-infrasetting"
      ako.vmware.com/l4rule: my-l4-rule
  spec:
    loadBalancerClass: <not-avi-lb-value>
    selector:
      app.kubernetes.io/name: MyApp
    ports:
      - protocol: TCP
        port: 80
        targetPort: 9376
    clusterIP: 10.0.171.239
    type: LoadBalancer

Advanced L4 (WCP)

LoadBalancerClass
 validation is not used for any
LoadBalancer
 Services that use Gateway labels. Instead, GatewayClass validation is used for such services.
This applies only to advanced L4, not to ServiceAPI.
apiVersion: v1
kind: Service
metadata:
  name: avisvc-lb
  namespace: red
  labels:
    service.route.lbapi.run.tanzu.vmware.com/gateway-name: my-gateway
    service.route.lbapi.run.tanzu.vmware.com/gateway-namespace: red
    service.route.lbapi.run.tanzu.vmware.com/type: direct
spec:
  loadBalancerClass: <not-avi-lb-value> # loadBalancerClass field populated with invalid AVI controller value
  type: LoadBalancer
  ports:
  - port: 80
    targetPort: 8080
    name: eighty
  selector:
    app: avi-server
This
LoadBalancer
 Service will appear as a dedicated virtual service as
AKO
 will skip
spec.LoadBalancerClass
 validation because it has gateway labels.

Content feedback and comments