Shared VIP
Overview
AKO provides support for sharing VIP among multiple Kubernetes Services of type LoadBalancer deployed in the same namespace. Generally, with LoadBalancer services, AKO creates dedicated L4 virtual services in the Avi Controller, but multiple LoadBalancer services can also be combined to share a single VIP.
Shared VIP is supported only when ClusterIP is set as the service type in the AKO configuration.
Note: The ability to share a single VIP among multiple LoadBalancer services is currently under tech preview.
Sharing Single VIP
Sharing of single VIP among multiple services is achieved by providing an annotation to multiple LoadBalancer Services, where VIP sharing is intended. The annotation to be applied is ako.vmware.com/enable-shared-vip with a string value as shown below:
apiVersion: v1
kind: Service
metadata:
annotations:
ako.vmware.com/enable-shared-vip: "shared-vip-key-1"
name: sharedvip-avisvc-lb1
namespace: default
spec:
type: LoadBalancer
ports:
- port: 80
targetPort: 8080
selector:
app: avi-server
---
apiVersion: v1
kind: Service
metadata:
annotations:
ako.vmware.com/enable-shared-vip: "shared-vip-key-1"
name: sharedvip-avisvc-lb2
namespace: default
spec:
type: LoadBalancer
ports:
- port: 80
protocol: UDP
targetPort: 8080
selector:
app: avi-server
AKO creates a single L4 virtual service (with a single VIP) based on the annotation value, and the port, protocol, app selector information will be used to configure pools and backend servers for this virtual service. After the successful creation of the corresponding Virtual Service and VIP, the Status of both the LoadBalancer Services will reflect the single VIP configured on the Avi controller.
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
sharedvip-avisvc-lb1 LoadBalancer 10.108.153.227 100.64.196.61 80:31658/TCP 6d23h
sharedvip-avisvc-lb2 LoadBalancer 10.102.147.29 100.64.196.61 80:31331/UDP 6d23h
Incase there is a requirement to set a preferred static VIP through the .spec.loadBalancerIP field in the service, all LoadBalancer services sharing the annotation value must have the same preferred VIP provided in the spec. If two Services under the same Annotation value have different static VIP set, no virtual service will be configured. This is treated as a misconfiguration and will be logged in AKO accordingly.
An example of configuring multiple LoadBalancer services to share a preferred VIP is shown below:
apiVersion: v1
kind: Service
metadata:
annotations:
ako.vmware.com/enable-shared-vip: "shared-vip-key-1"
name: sharedvip-avisvc-lb1
namespace: default
spec:
type: LoadBalancer
loadBalancerIP: 100.64.196.75
ports:
- port: 80
targetPort: 8080
selector:
app: avi-server
---
apiVersion: v1
kind: Service
metadata:
annotations:
ako.vmware.com/enable-shared-vip: "shared-vip-key-1"
name: sharedvip-avisvc-lb2
namespace: default
spec:
type: LoadBalancer
loadBalancerIP: 100.64.196.75
ports:
- port: 80
protocol: UDP
targetPort: 8080
selector:
app: avi-server
The expected status message should have the VIP matching the preferred static IP provided in the Service spec.
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
sharedvip-avisvc-lb1 LoadBalancer 10.108.153.227 100.64.196.75 80:31658/TCP 6d23h
sharedvip-avisvc-lb2 LoadBalancer 10.102.147.29 100.64.196.75 80:31331/UDP 6d23h
Note: Consider the following when configuring the services with the aforementioned annotation:
- Ensure that LoadBalancer services which are intended to share a VIP, must have the same annotation value. As shown in the example above, the annotation value
shared-vip-key-1is same for both Services. - In order to avoid any errors while configuring the virtual service on the Avi controller, it is required that there is no conflicting Port-Protocol pairs in the LoadBalancer services that share the annotation value. From the example, both services are exposing a unique, non-conflicting Port-Protocol for the backend application i.e. 80/TCP and 80/UDP.
- The annotation must be provided only on service of type LoadBalancers.
AviInfrasetting Support
AviInfraSetting resources can be attached to LoadBalancer Kubernetes services using the annotation aviinfrasetting.ako.vmware.com/name: >aviinfra-crd-name<. For more information, refer Avi Infra Setting.