Avi Kubernetes Operator Version 1.4 Release Notes

The Avi Vantage platform integration with OpenShift/ Kubernetes provides a redesigned architecture involving a new operator called Avi Kubernetes Operator (AKO). The following illustration outlines the components of the Avi Kubernetes integration.

What’s New in AKO Version 1.4.3

• Support for allowing AKO to get installed in user-provided namespace (other than avi-system).

Issues Resolved in AKO Version 1.4.3

• Skip status updates on Service of type LoadBalancer during bootup when the layer7Only flag is set to true.

• Fixed multi-host Ingress status updates during bootup

• Unblock AKO run if CRDs are not installed in cluster.

• Incorrect virtual service uuid annotation update for OpenShift secure routes when InsecureEdgeTermination was set to Allow in routes.

Issues Resolved in AKO Version 1.4.2

• If the DNS is not configured, AKO does not generate a hostname for the service of type loadbalancer object. In such a scenario, the hostname field is not updated on the service annotation. Here, during reboots, AKO deletes the status of the service for which we encounter the error. This issue is resolved, ensuring that Service of type loadbalancers do not lose their status on reboots.

• Failure in lb-service obtaining IP after expanding the IPAM range which is exhausted. If AKO is unable to obtain a free IP from the controller, the service of type loadbalancers of shared virtual services for layer 7 Ingress will not get created till the IPAM subnet range is expanded and AKO is rebooted. This issue is resolved, allowing AKO to automatically retry in case of failures. Once the subnet range is expanded, AKO automatically fetches a free IP and syncs the respective services.

• The SSL key certificates specified in the HostRule were getting mapped to the EVH child instead of the EVH parent. This issue is now resolved, rightly mapping the SSL Key Certificate with the EVH parent.

• Multi-VIP with AWS always assigns IP address from a single subnet, because AKO was unable to allocate IPs from multiple subnets owing to a pointer issue. This issue is now resolved, allowing AKO to fetch an IP address from each of the subnet, if multiple VIP subnets are specified.

• The error enable_rhi is displayed since setting the RHI field on the virtualservice to false was not allowed in the Essentials license Tier. This issue is resolved, enabling AKO to function with the RHI license by not configuring the field at all.

• AKO version 1.4.1 does not watch endpoints object in NodePort mode. AKO never listened to Endpoint objects in the Nodeport mode. However with the skipnodeport annotation, the regular clusterIPs are populated against the pool servers which are fetched from the Endpoint objects. This issue is now resolved enabling AKO to listen to endpoint object updates.

• If the httppolicyset rules are missing a switchingAction, AKO panics. This fixes the issue by avoiding failures, even if the httppolicyset objects do not have switchingAction.

What’s New in AKO Version 1.4.1

• AviInfraSetting CRD for selecting specific Avi controller infra attributes

• Support for shared L4 VIP across multiple service of type loadbalancers

• Selective namespace sync for L4 objects including GatewayAPI and Services of type LB

• Option to add global FQDN for a hostname via Host Rule

• Temporary support for HTTP Caching for secure ingresses/routes via Pool objects

• Option to use dedicated Virtual Service per Ingress hostname

• Support for Node Port Local with Antrea CNI.(Supported from Antrea .13 onwards)

• Persistence profile in HTTPRule CRD

• Option to use a default secret for Ingresses via annotation

• AWS multi-VIP support

• Extended Virtual Hosting support for Avi Enterprise License
  Note: Enhanced Virtual Hosting is currently under Tech Preview.

Key Changes in AKO 1.4.1

• The field networkName in values.yaml is changed to vipNetworkList
• AKO qualification for Kubernetes 1.19, 1.20, 1.21

End of Support

• namespace sharding is deprecated starting from AKO version 1.4

Known Issues in AKO 1.4.1

• With Avi Controller version 20.1.4, there are restrictions on the length of pool object names in the Controller. To comply with this change, the namespace/hostname/ingress names have to be adjusted accordingly. The current restriction on the controller is 128 characters with 119 characters being usable.
• The current restriction on the number of DNS records supported per shared virtual service is 1000 on the Avi Controller. Hence if the shard size is chosen as SMALL, then the collective DNS records (hostnames) in a cluster must be less than 1000 for layer 7 ingress.
• If a Hostrule CRD is used to program a GSLB FQDN in AKO that maps to a secure local FQDN, a redirect rule is not added for the GS FQDN.
• In EVH mode, status IP updates could be inconsistent if multiple Ingresses share the same hostname.

Document Revision History

Date	Change Summary
April 28, 2021	Published the Release Notes for AKO version 1.4.1