AKO in Azure
Overview
This article explains the ClusterIP mode support for Azure IaaS cloud in AKO.
AKO manages the pod routing in the Azure cloud.
Routing in Azure with Two Kubernetes Clusters Syncing to the Same Azure Cloud
When multiple clusters are syncing to the same cloud the pod CIDRs can overlap. Currently, in AKO for each cluster, the SE Group is created. For Azure cloud in addition to the creation of a dedicated SE group, SE Network/ subnet needs to be overridden in the SE group which will be unique per cluster.
AKO configures the routes for cluster1 and cluster2 in the Azure routing tables for subnet1 and subnet2 respectively.
AKO in Azure (Day 0 Preparation)
The Day 0 preparation checklist required to set up AKO in Azure is as listed below:
Operations on the Azure Side
- Ensure that the Kubernetes /OpenShift clusters are running in Azure
- Ensure that clusters are in the same VNET as the SE
- Create a dedicated subnet for each of the clusters in VNET for SE to be provisioned in
subnet1
andsubnet2
are created for cluster1 and cluster2 respectively
- Create the route table in Azure for each subnet created above and associate it to the SE subnet
- Create
RouteTable1
andRouteTable2
and associate to subnet1 and subnet2 respectively
- Create
- Configure NSG rules in Kubernetes cluster’s subnet to allow traffic from SE Subnet
- Provide permissions to the Avi cloud credential to write on route tables
- The Avi Controller role for AKO avi-controller-ako
- Use the above role to configure the cloud in the Avi. For more information refer to the GCP Cloud Network Configuration article, for more information.
Operations on the Avi Side
-
Create an Azure cloud in Avi.
Note: Skip this step if the IaaS cloud is already created.
-
Create a Service Engine group for each cluster.
-
Override the Service Engine subnet in each of the SE groups
- If there are two clusters
cluster1
andcluster2
- Run configure
serviceenginegroup seg1
- Override the
data_network_id
in the SE Group by running the commands shown below:
data_network_id subnet1 Save
- Similarly override the
data_network_id
for thecluster2
- If there are two clusters
Once all the things are configured and AKO is running, check if the routes for the nodes are created in the routing table for the subnet1 and subnet2 respectively.
Document Revision History
Date | Change Summary |
---|---|
December 18, 2020 | Published the ClusterIP mode support for Azure Cloud in AKO |