AKO in Azure

Overview

This article explains the ClusterIP mode support for Azure IaaS cloud in AKO.
AKO manages the pod routing in the Azure cloud.

Routing in Azure with Two Kubernetes Clusters Syncing to the Same Azure Cloud

When multiple clusters are syncing to the same cloud the pod CIDRs can overlap. Currently, in AKO for each cluster, the SE Group is created. For Azure cloud in addition to the creation of a dedicated SE group, SE Network/ subnet needs to be overridden in the SE group which will be unique per cluster.

Azure

AKO configures the routes for cluster1 and cluster2 in the Azure routing tables for subnet1 and subnet2 respectively.

AKO in Azure (Day 0 Preparation)

The Day 0 preparation checklist required to set up AKO in Azure is as listed below:

Operations on the Azure Side

  • Ensure that the Kubernetes /OpenShift clusters are running in Azure
    • Ensure that clusters are in the same VNET as the SE
  • Create a dedicated subnet for each of the clusters in VNET for SE to be provisioned in
    • subnet1 and subnet2 are created for cluster1 and cluster2 respectively
  • Create the route table in Azure for each subnet created above and associate it to the SE subnet
    • Create RouteTable1 and RouteTable2 and associate to subnet1 and subnet2 respectively
  • Configure NSG rules in Kubernetes cluster’s subnet to allow traffic from SE Subnet
  • Provide permissions to the Avi cloud credential to write on route tables
    • The Avi Controller role for the AKO avi-controller-ako
    • Use the above role to configure the cloud in the Avi. For more information refer to the GCP Cloud Network Configuration article, for more information.

Operations on the Avi Side

  • Create an Azure cloud in Avi.

    Note: Skip this step if the IaaS cloud is already created.

  • Create a Service Engine group for each cluster.

  • Override the Service Engine subnet in each of the SE groups

    • If there are two clusters cluster1 and cluster2
    • Run configure serviceenginegroup seg1
    • Override the se_subnet_id in the SE Group by running the commands shown below:
      
  se_subnet_id subnet1
  Save
    • Similarly override the se_subnet_id for the cluster2

Once all the things are configured and AKO is running, check if the routes for the nodes are created in the routing table for the subnet1 and subnet2 respectively.

Document Revision History

Date Change Summary
December 18, 2020 Published the ClusterIP mode support for Azure Cloud in AKO