VMware

Unlocking the Full Potential of vSphere 8 with Tanzu and NSX-T

Introduction:

Avi Vantage is a powerful and feature-rich load balancer that supports L7 traffic management, application firewall, and SSL/TLS termination. To use Avi Vantage as an Ingress controller in a Kubernetes cluster, we need to follow a specific configuration process. This guide explains how to configure Avi Vantage as an Ingress controller for a TKC (Turbine, Kubernetes, and Cloud) cluster.

Prerequisites:

1. Avi Vantage installed and configured in your NSX environment.

2. A TKC cluster with Antrea installed and configured.

3. Familiarity with Kubernetes and the TKC architecture.

Step 1 – Prepare Networks

To use Avi Vantage as an Ingress controller, we need to prepare the networks for IPAM and DNS. We will create two networks: one for the management network and another for the dataplane network.

Management Network:

1. Go to Administration > Networks > Network Profiles.

2. Click on the “+” button to create a new network profile.

3. Give it a name (e.g., “ls-avi-se-mgmt”), and select “NSX” as the network type.

4. Select “Deselect DHCP” and enter the IP subnet (e.g., 10.10.10.0/24).

5. Select “Use for Service Engines.”

6. Click save.

Dataplane Network:

1. Go to Administration > Networks > Network Profiles.

2. Click on the “+” button to create a new network profile.

3. Give it a name (e.g., “ls-avi-se-dataplane”), and select “NSX” as the network type.

4. Select “Use for Service Engines.”

5. Deselect “DHCP” and enter the IP subnet (e.g., 10.10.20.0/24).

6. Click save.

Step 2 – Configure IPAM

To configure IPAM, we need to create an IPAM pool for the SEs in the management network. We will also define a range for the SEs to get an IP from.

1. Go to Administration > Networks > IPAM/DNS Profiles.

2. Click on the “+” button to create a new profile.

3. Give it a name (e.g., “ls-avi-generic-se-data”), and select “NSX” as the network type.

4. Select “Use for Service Engines.”

5. Deselect “DHCP” and enter the IP subnet (e.g., 10.10.30.0/24).

6. Click save.

Step 3 – Define VIP Networks

We need to define at least one VIP network for our services. This network will only be used as a dataplane network, and we will configure BPG on it.

1. Go to Administration > Networks > Network Profiles.

2. Click on the “+” button to create a new profile.

3. Give it a name (e.g., “ls-avi-vip”), and select “NSX” as the network type.

4. Select “Use for Service Engines.”

5. Deselect “DHCP” and enter the IP subnet (e.g., 10.10.40.0/24).

6. Click save.

Step 4 – Configure BPG

To configure BPG on our VIP network, we need to define a label for BGP peering. We will use the “ls-avi-vip” label defined in step 3.

1. Go to Administration > Networks > Labels.

2. Click on the “+” button to create a new label.

3. Give it a name (e.g., “BGP Peer for ls-avi-vip”).

4. Select “NSX” as the network type.

5. Click save.

Step 5 – Apply AviInfraSetting

Now that we have defined our networks, IPAM pool, and BPG settings, we can apply the AviInfraSetting to override some of the default settings configured in our values.yaml. We will use this feature to adjust some of the settings for certain services or applications. Let’s create an example AviInfraSetting to adjust the Ingress settings for a specific service.

Example:

Suppose we have a service called “my-service” that needs to be exposed on a different VIP network (e.g., 10.10.50.0/24). We can create an AviInfraSetting to override the default Ingress settings for this service.

1. Go to Administration > Networks > AviInfraSettings.

2. Click on the “+” button to create a new setting.

3. Give it a name (e.g., “AviInfraSetting-my-service”).

4. Select the service type (e.g., “Ingress”).

5. In the “Overrides” section, add the following settings:

* VIP Network: 10.10.50.0/24

* BPG Label: ls-avi-vip

6. Click save.

Step 6 – Apply AviInfraSetting to Ingress

Now that we have created the AviInfraSetting, we can apply it to our Ingress resource. Let’s update our Ingress resource to refer to the new AviInfraSetting.

Example:

Suppose we have an Ingress resource called “my-ingress” that needs to expose the “my-service” service on a different VIP network. We can update the Ingress resource to refer to the new AviInfraSetting.

1. Go to Administration > Networks > Ingress Resources.

2. Click on the “+” button next to the “my-ingress” resource.

3. In the “Overrides” section, add the following setting:

* AviInfraSetting: my-service-avis-infra-setting

4. Click save.

Conclusion:

In this guide, we have explained how to configure Avi Vantage as an Ingress controller for a TKC cluster. We have covered the following topics:

1. Preparing networks for IPAM and DNS.

2. Configuring IPAM for Service Engines.

3. Defining VIP Networks for dataplane and BPG.

4. Configuring BPG on VIP Networks.

5. Applying AviInfraSetting to override some of the default settings configured in our values.yaml.

We hope this guide helps you configure Avi Vantage as an Ingress controller for your TKC cluster.