Avi Kubernetes Operator Version 1.7 Release Notes
The Avi Vantage platform integration with OpenShift/ Kubernetes provides a redesigned architecture involving a new operator called Avi Kubernetes Operator (AKO). The following illustration outlines the components of the Avi Kubernetes integration.
What’s New in AKO Version 1.7.2
Issues Resolved in AKO Version 1.7.2
- HTTP Rule is rejected if
destinationCAis not defined while defining the TLS section of the rule.
- L4 Pools, with new naming conventions, will not be attached to L4 virtual service if LoadBalancer kubernetes services, without the annotation
enable-shared-vip, are migrated from older AKO version to AKO-1.7.2-beta.
- Issues with VRF context when AKO is deployed in
NodePortmode for non-admin tenant.
- Empty Ingress pool when named ports are used.
Known Issue in AKO Version 1.7.2
secretwill not work in namespaces other than
avi-systemin OpenShift clusters.
What’s New in AKO Version 1.7.1
- AKO now claims support for Kubernetes 1.23
- Multiple AKO instances can be deployed in an OpenShift/Kubernetes cluster
- Support for Shared VIP with Service of type LoadBalancer (under tech preview)
- Multiple certificate support for ingresses/routes through HostRule CRD
- Support for PKI profile reference, secrete reference through HostRule CRD
- Support for OpenShift on OpenStack
- Optimization in
Key Changes in AKO Version 1.7.1
- Control AKO Event broadcasting using ConfigMap
- Allow AKO to continue clean up of avi objects when AKO boots up with
deleteConfigflag set to true.
- In EVH deployment, if AKO is processing two hosts, that belongs to same parent virtual service, AKO continues to process the next host even if the current host has errors except if the error code is:
- Between 500 to 509
- 408, indicating session timeout
- 403, Controller upgrade is in progress
- 401, invalid credentials
System-TCP-Proxyfor L4 virtual services if Avi Controller has Enterprise License.
Issues Resolved in AKO Version 1.7.1
- Do not program FQDN for L4 via external dns when
- Empty FQDN in L4 VSVIP when
- Dedicated virtual service creation of service type LB if Gateways and ServiceLB is used at same time.
- HTTP rule is not getting applied on a route with empty path.
- Ingress fails if client adds port to host header.
- Security vulnerability caused due to third party package import in AKO.
- FQDN aliases not getting added to all the HTTP policies.
- AKO is not updating the ingress status when annotation
passthrough.ako.vmware.com/enabled: "true"is added to the ingress.
- LoadBalancer service creation with named ports in NodePortLocal deployment.
- Every SE Group used in the AviInfraSetting is getting configured with the labels even when
disableStaticRouteSyncis set to
- AKO pod keeps getting error “panic: runtime error: slice bounds out of range” then goes into
Document Revision History
|May, 25 021||Published the Release Notes for AKO version 1.7.1|