Avi Kubernetes Operator Version 1.4 Release Notes
The Avi Vantage platform integration with OpenShift/ Kubernetes provides a redesigned architecture involving a new operator called Avi Kubernetes Operator (AKO). The following illustration outlines the components of the Avi Kubernetes integration.
What’s New in AKO Version 1.4.3
- Support for allowing AKO to get installed in user-provided namespace (other than avi-system).
Issues Resolved in AKO Version 1.4.3
Skip status updates on Service of type
LoadBalancerduring bootup when the
layer7Onlyflag is set to true.
Fixed multi-host Ingress status updates during bootup
Unblock AKO run if CRDs are not installed in cluster.
Incorrect virtual service uuid annotation update for OpenShift secure routes when
InsecureEdgeTerminationwas set to Allow in routes.
Issues Resolved in AKO Version 1.4.2
If the DNS is not configured, AKO does not generate a hostname for the service of type
loadbalancerobject. In such a scenario, the hostname field is not updated on the service annotation. Here, during reboots, AKO deletes the status of the service for which we encounter the error. This issue is resolved, ensuring that Service of type
loadbalancersdo not lose their status on reboots.
Failure in lb-service obtaining IP after expanding the IPAM range which is exhausted. If AKO is unable to obtain a free IP from the controller, the service of type
loadbalancersof shared virtual services for layer 7 Ingress will not get created till the IPAM subnet range is expanded and AKO is rebooted. This issue is resolved, allowing AKO to automatically retry in case of failures. Once the subnet range is expanded, AKO automatically fetches a free IP and syncs the respective services.
The SSL key certificates specified in the HostRule were getting mapped to the EVH child instead of the EVH parent. This issue is now resolved, rightly mapping the SSL Key Certificate with the EVH parent.
Multi-VIP with AWS always assigns IP address from a single subnet, because AKO was unable to allocate IPs from multiple subnets owing to a pointer issue. This issue is now resolved, allowing AKO to fetch an IP address from each of the subnet, if multiple VIP subnets are specified.
enable_rhiis displayed since setting the RHI field on the
virtualserviceto false was not allowed in the Essentials license Tier. This issue is resolved, enabling AKO to function with the RHI license by not configuring the field at all.
AKO version 1.4.1 does not watch endpoints object in NodePort mode. AKO never listened to Endpoint objects in the Nodeport mode. However with the
skipnodeportannotation, the regular clusterIPs are populated against the pool servers which are fetched from the Endpoint objects. This issue is now resolved enabling AKO to listen to endpoint object updates.
httppolicysetrules are missing a
switchingAction, AKO panics. This fixes the issue by avoiding failures, even if the
httppolicysetobjects do not have switchingAction.
What’s New in AKO Version 1.4.1
Support for shared L4 VIP across multiple service of type
Option to add global FQDN for a hostname via Host Rule
Temporary support for HTTP Caching for secure ingresses/routes via Pool objects
Option to use dedicated Virtual Service per Ingress hostname
Persistence profile in HTTPRule CRD
Extended Virtual Hosting support for Avi Enterprise License
Note: Enhanced Virtual Hosting is currently under Tech Preview.
Key Changes in AKO 1.4.1
- The field
networkNamein values.yaml is changed to
- AKO qualification for Kubernetes 1.19, 1.20, 1.21
End of Support
namespacesharding is deprecated starting from AKO version 1.4
Known Issues in AKO 1.4.1
- With Avi Controller version 20.1.4, there are restrictions on the length of pool object names in the Controller. To comply with this change, the namespace/hostname/ingress names have to be adjusted accordingly. The current restriction on the controller is 128 characters with 119 characters being usable.
- The current restriction on the number of DNS records supported per shared virtual service is 1000 on the Avi Controller. Hence if the shard size is chosen as SMALL, then the collective DNS records (hostnames) in a cluster must be less than 1000 for layer 7 ingress.
- If a Hostrule CRD is used to program a GSLB FQDN in AKO that maps to a secure local FQDN, a redirect rule is not added for the GS FQDN.
- In EVH mode, status IP updates could be inconsistent if multiple Ingresses share the same hostname.
Document Revision History
|April 28, 2021
|Published the Release Notes for AKO version 1.4.1