Avi Kubernetes Operator Version 1.7 Release Notes

The Avi Vantage platform integration with OpenShift/ Kubernetes provides a redesigned architecture involving a new operator called Avi Kubernetes Operator (AKO). The following illustration outlines the components of the Avi Kubernetes integration.

AKO

Release Notes for AKO Version 1.7.6

Issue Resolved in AKO Version 1.7.6

  • AKO does not create static routes when a value greater than 2147483647 is specified for LocalAs (Local Autonomous System ID) field in Bgp profile or the LocalAs or RemoteAs field in Bgp peers. This scenario is applicable only when Bgp profile is specified for the VRF Context.

Release Notes for AKO Version 1.7.5

Key Change in AKO Version 1.7.5

  • Annotation external-dns.alpha.kubernetes.io/hostname on the Service of Type LoadBalancer overrides the autoFQDN feature for it.

Release Notes for AKO Version 1.7.4

Issue Resolved in AKO Version 1.7.4

  • During AKO boot up, if there is an error to list AKO CRD objects, AKO disables CRD handling. That results in deletion of existing avi controller objects.

Key Changes in AKO Version 1.7.4

  • Autogenerated domain is not added to a dedicated virtual service when autoFQDN is set to flat or default.
  • FQDN present under the GSLB section of hostrule will not be added to the VS VIP’s application domain of a dedicated virtual services.

Release Notes for AKO Version 1.7.3

What’s New in AKO Version 1.7.3

  • Security vulnerabilities in net, text and sys packages.

Release Notes for AKO Version 1.7.2

What’s New in AKO Version 1.7.2

Issues Resolved in AKO Version 1.7.2

  • HTTP Rule is rejected if pkiProfile or destinationCA is not defined while defining the TLS section of the rule.
  • L4 Pools, with new naming conventions, will not be attached to L4 virtual service if LoadBalancer kubernetes services, without the annotation ako.vmware.com/enable-shared-vip, are migrated from older AKO version to AKO-1.7.2-beta.
  • Issues with VRF context when AKO is deployed in NodePort mode for non-admin tenant.
  • Empty Ingress pool when named ports are used.

Known Issue in AKO Version 1.7.2

  • hostrule with sslKeyCertificate of type secret will not work in namespaces other than avi-system in OpenShift clusters.

Release Notes for AKO Version 1.7.1

What’s New in AKO Version 1.7.1

  • AKO now claims support for Kubernetes 1.23
  • Multiple AKO instances can be deployed in an OpenShift/Kubernetes cluster
  • Support for Shared VIP with Service of type LoadBalancer (under tech preview)
  • Multiple certificate support for ingresses/routes through HostRule CRD
  • Support for PKI profile reference, secrete reference through HostRule CRD
  • Support for OpenShift on OpenStack
  • Optimization in nodeport mode using nodefilters

Key Changes in AKO Version 1.7.1

  • Control AKO Event broadcasting using ConfigMap enableEvents flag.
  • Allow AKO to continue clean up of avi objects when AKO boots up with deleteConfig flag set to true.
  • In EVH deployment, if AKO is processing two hosts, that belongs to same parent virtual service, AKO continues to process the next host even if the current host has errors except if the error code is:
    1. Between 500 to 509
    2. 408, indicating session timeout
    3. 403, Controller upgrade is in progress
    4. 401, invalid credentials
  • Set Network Profile to System-TCP-Proxy for L4 virtual services if Avi Controller has Enterprise License.

Issues Resolved in AKO Version 1.7.1

  • Do not program FQDN for L4 via external dns when autoFQDN is disabled.
  • Empty FQDN in L4 VSVIP when autoFqdn is disabled
  • Dedicated virtual service creation of service type LB if Gateways and ServiceLB is used at same time.
  • HTTP rule is not getting applied on a route with empty path.
  • Ingress fails if client adds port to host header.
  • Security vulnerability caused due to third party package import in AKO.
  • FQDN aliases not getting added to all the HTTP policies.
  • AKO is not updating the ingress status when annotation passthrough.ako.vmware.com/enabled: "true" is added to the ingress.
  • LoadBalancer service creation with named ports in NodePortLocal deployment.
  • Every SE Group used in the AviInfraSetting is getting configured with the labels even when disableStaticRouteSync is set to true.
  • AKO pod keeps getting error “panic: runtime error: slice bounds out of range” then goes into CrashLoopBackOff state.

Document Revision History

Date Change Summary
December, 18 2023 Published the Release Notes for AKO version 1.7.6
May, 25 2021 Published the Release Notes for AKO version 1.7.1