Networking/v1 Ingress Support
AKO partially supports networking/v1 ingress, released for general availability starting with Kubernetes version 1.19.
The following networking/v1 ingress specific features are supported in AKO:
- Default IngressClass
AKO automatically detects whether ingress-class api is enabled/available in the cluster it is operating in. If the ingress-class api is enabled, AKO switches to use the IngressClass objects, instead of the previously available alternative of using kubernetes.io/ingress.class annotations in Ingress objects.
Avi IngressClass object
IngressClass corresponding to AKO as the ingress Controller gets deployed as part of helm install/upgrade. Helm autodetects the presence of IngressClass api enabled on the cluster, and if it does, creates the IngressClass object. The IngressClass object should look something like this:
apiVersion: networking.k8s.io/v1 kind: IngressClass metadata: name: avi-lb spec: controller: ako.vmware.com/avi-lb parameters: apiGroup: ako.vmware.com kind: IngressParameters name: external-lb
The IngressClass can be defined using other names. However, it is important that the
.spec.controller value specified matches
As part of the helm install/upgrade, if the
defaultIngController is set to true, AKO’s helm chart would apply the
ingressclass.kubernetes.io/is-default-class as follows:
metadata: name: avi-lb annotations: ingressclass.kubernetes.io/is-default-class: "true"
ingressclass.kubernetes.io/is-default-class to true enables AKO to implement all Ingresses, even if the
ingressClassName is not explicitly specified/the value is
None in the Ingress objects. The
ingressclass.kubernetes.io/is-default-class annotation comes in handy when upgrading to an IngressClass enabled cluster. This is because while upgrading Ingresses from the ingress class annotation approach to the IngressClass object approach, the upgraded Ingresses would result in having
ingressClassName set to
Ingress and Avi IngressClass
To provide a Controller to implement a given ingress, in addition to creating the IngressClass object, the ingressClassName should be specified, that matches the IngressClass name. The ingress looks as shown below:
apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: name: my-ingress spec: ingressClassName: avi-lb rules: - host: myinsecurehost.avi.internal http: paths: - path: /foo backend: serviceName: service1 servicePort: 80
Alternatively, if the
ingressClassName is empty, AKO checks for
ingressclass.kubernetes.io/is-default-class to be set to
true on an IngressClass belonging to AKO (with
Note: Removing an Avi IngressClass from the cluster would delete all Ingress associated objects from Avi, therefore it is suggested to handle IngressClass with caution.
Document Revision History
|December 18, 2020||Published the article for Networking/v1 Ingress Support|