This topic tells you how to set up Avi Kubernetes Operator (AKO) as the load balancer for ingress instead of the default software load balancer in Tanzu Platform.
The ako.tanzu.vmware.com Capability is configured once for a cluster group and changes the default traffic path for all Spaces deployed in that cluster group.
This feature is distinct from using Avi for global server load balancing (GSLB) through the DNS provider.
Before you begin
Before you can configure AKO as the load balancer for ingress, you must:
-
Have an Avi Controller v22.1.3 or later.
Configuring AKO works best when paired with a Tanzu Kubernetes Grid workload cluster with the Avi integration enabled.
- Create a separate cluster group with the desired set of Capabilities manually installed. This is because configuring AKO involves customizing the
ingress.tanzu.vmware.comCapability, which is part of the default cluster group set of Capabilities.
Overview of steps
The following provides an overview of the steps to set up AKO as the load balancer for ingress:
Configure AKO
When installing the AKO Capability, you must be aware of the following caveats.
Configuring this Capability requires information that is unique to the clusters in a single vCenter cluster. All of the clusters in a cluster group receive the same configuration, which might limit the use of a cluster group across multiple Availability Targets.
If the Avi Controller is the same one used for GSLB, You must configure AKO to use a different Service Engine Group. This is because the GSLB health checks cannot route back to the same Service Engine.
To configure and install the AKO Capability:
- Navigate to Spaces > Capabilities.
- Click Avi Kubernetes Operator (AKO) in the list of available Capabilities.
- Click Install Package.
- Select the cluster group to install the Capability on.
- Expand Advanced Configuration.
- Select the YAML option.
-
Enter the YAML configuration for the package. For example:
ControllerSettings: controllerHost: AVI-CONTROLLER-IP-ADDRESS vrfName: VRF-CONTEXT-NAME cloudName: "CLOUD-NAME" serviceEngineGroupName: SERVICE-ENGINE-GROUP-NAME AKOSettings: clusterName: CLUSTER-NAME L7Settings: serviceType: SERVICE-TYPE NetworkSettings: nsxtT1LR: T1-ROUTER vipNetworkList: - networkName: NETWORK-NAME avicredentials: username: USERNAME password: PASSWORD certificateAuthorityData: | -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE-----Where:
AVI-CONTROLLER-IP-ADDRESSis the IP address of the Avi Controller.- (Optional)
VRF-CONTEXT-NAMEis the name of the VRFContext. All Avi objects will be under this VRF. Applicable only in Vcenter Cloud. If omitted, it defaults to"". - (Optional)
CLOUD-NAMEis the configured cloud name on the Avi controller. If omitted, it defaults to"Default-Cloud". - (Optional)
SERVICE-ENGINE-GROUP-NAMEis the name of the Service Engine Group. If omitted, it defaults to"Default-Group". - (Optional)
CLUSTER-NAMEdetermines the prefix of objects in Avi. Choose a unique value. - (Optional)
SERVICE-TYPEis the service type of the L7 ingress controller. Choose eitherClusterIPorNodePort. T1-ROUTERis the full path of the T1 router, for example,/infra/tier-1s/t1_d990825d-9236-416d-96e4-058b756b23b4_rtr.NETWORK-NAMEis the network information of the VIP network. Multiple networks are allowed only for AWS Cloud.USERNAMEis the Avi Controller username.PASSWORDis the Avi Controller password.
-
Click Install Package.
Configure ingress
To configure and install the ingress Capability:
- Navigate to Spaces > Capabilities.
- Click Ingress in the list of available Capabilities.
- Click Install Package.
- Select the cluster group to install the Capability on.
- Expand Advanced Configuration.
- Change systemConfig > gatewayClass to
avi-lb. - Change spaceConfig > gatewayServiceType to
NodePortif you choseNodePortin your AKO configuration.
Content feedback and comments