Namespace Sync in AKO

Overview

Namespace sync helps in syncing ingresses/routes from specific namespace(s) to the Avi Controller.

Starting with AKO version 1.3.1, new parameters have been introduced as config options in AKO’s values.yaml.

To use this feature, set the value of these parameters to a non-empty string.

Parameter Description Default Value
AKOSettings.namespaceSelector.labelKey The key used as a label-based selection for the namespaces Empty
AKOSettings.namespaceSelector.labelValue Value used as a label-based selection for the namespaces Empty

When AKO is booted up with this setting, label the namespace with the same key:value pair mentioned in values of labelKey and labelValue

For example, if the values are labelKey: app and labelValue: migrate in the values.yaml, then label the namespace as app: migrate.

Note: If any of the parameters specified are not defined (empty), this will result in disabling the namespace sync functionality and it will result in syncing up ingresses/routes from all namespaces with the Avi Controller. Any changes in values of these parameters will require an AKO reboot.


apiVersion: v1
    kind: Namespace
    metadata:
      creationTimestamp: "2020-12-04T13:20:42Z"
      labels:
        app: migrate
      name: red
      resourceVersion: "14055620"
      selfLink: /api/v1/namespaces/red
      uid: a424bf13-2f4a-4005-a84d-f2fb65acfda0
    spec:
      finalizers:
      - kubernetes
    status:
      phase: Active

Valid labelling of a namespace will sync ingresses/routes from that namespace with the Avi controller.

Ingresses/routes from namespaces, with no labels or invalid labels, will not be synced with the Avi Controller.

When the label of a namespace is changed from valid to invalid, it will result in pool deletion for an insecure ingress/ route and SNI virtual service deletion for a secure ingress/route from the Avi Controller.

For example, if the label of the namespace ‘red’ is changed from app: migrate (valid) to app: migrate1 (invalid), then the pools associated with, insecure ingresses/routes and SNI virtual services associated with secure ingresses/routes of the namespace red, will be deleted from the Avi Controller.

On changing the label of a namespace from invalid to valid, it results in adding ingresses/routes of that namespace with the Avi Controller.

Document Revision History

Date Change Summary
December 18, 2020 Published the article for Namespace Sync in AKO