NSX ALB + Harbor + OpenShift 4.8 UPI安装配置实验笔记系列目录
目录
1). 在ocp中新建一个项目
oc new-project avi-system
2). 更新helm repo库:
-
- helm repo add ako https://projects.registry.vmware.com/chartrepo/ako
3). 查看AKO版本:
helm search repo
4). 后成values.yaml文件,并修改:
helm show values ako/ako --version 1.6.4 > values.yaml
修改后的values.yaml内容如下(在实际生产环境中因安全管控,NodePort方式会较少使用,所以此LAB仅测试了Cluster IP方式):
- # Default values for ako.
- # This is a YAML-formatted file.
- # Declare variables to be passed into your templates.
-
- replicaCount: 1
-
- image:
- repository: projects.registry.vmware.com/ako/ako
- pullPolicy: IfNotPresent
-
- ### This section outlines the generic AKO settings
- AKOSettings:
- enableEvents: 'true' # Enables/disables Event broadcasting via AKO
- logLevel: WARN # enum: INFO|DEBUG|WARN|ERROR
- fullSyncFrequency: '1800' # This frequency controls how often AKO polls the Avi controller to update itself with cloud configurations.
- apiServerPort: 8080 # Internal port for AKO's API server for the liveness probe of the AKO pod default=8080
- deleteConfig: 'false' # Has to be set to true in configmap if user wants to delete AKO created objects from AVI
- disableStaticRouteSync: 'false' # If the POD networks are reachable from the Avi SE, set this knob to true.
- clusterName: ocp # A unique identifier for the kubernetes cluster, that helps distinguish the objects for this cluster in the avi controller. // MUST-EDIT
- cniPlugin: 'openshift' # Set the string if your CNI is calico or openshift. enum: calico|canal|flannel|openshift|antrea|ncp
- enableEVH: false # This enables the Enhanced Virtual Hosting Model in Avi Controller for the Virtual Services
- layer7Only: false # If this flag is switched on, then AKO will only do layer 7 loadbalancing.
- # NamespaceSelector contains label key and value used for namespacemigration
- # Same label has to be present on namespace/s which needs migration/sync to AKO
- namespaceSelector:
- labelKey: ''
- labelValue: ''
- servicesAPI: true # Flag that enables AKO in services API mode: https://kubernetes-sigs.github.io/service-apis/. Currently implemented only for L4. This flag uses the upstream GA APIs which are not backward compatible
- # with the advancedL4 APIs which uses a fork and a version of v1alpha1pre1
- vipPerNamespace: 'false' # Enabling this flag would tell AKO to create Parent VS per Namespace in EVH mode
-
- ### This section outlines the network settings for virtualservices.
- NetworkSettings:
- ## This list of network and cidrs are used in pool placement network for vcenter cloud.
- ## Node Network details are not needed when in nodeport mode / static routes are disabled / non vcenter clouds.
- # nodeNetworkList: []
- nodeNetworkList:
- - networkName: "Dswitch-WLD02"
- cidrs:
- - 192.168.170.0/24
- # - 11.0.0.1/24
- enableRHI: false # This is a cluster wide setting for BGP peering.
- nsxtT1LR: '' # T1 Logical Segment mapping for backend network. Only applies to NSX-T cloud.
- bgpPeerLabels: [] # Select BGP peers using bgpPeerLabels, for selective VsVip advertisement.
- # bgpPeerLabels:
- # - peer1
- # - peer2
- # vipNetworkList: [] # Network information of the VIP network. Multiple networks allowed only for AWS Cloud.
- vipNetworkList:
- - networkName: "Dswitch-LB02"
- cidr: 192.168.180.0/24
-
- ### This section outlines all the knobs used to control Layer 7 loadbalancing settings in AKO.
- L7Settings:
- defaultIngController: 'true'
- noPGForSNI: false # Switching this knob to true, will get rid of poolgroups from SNI VSes. Do not use this flag, if you don't want http caching. This will be deprecated once the controller support caching on PGs.
- serviceType: ClusterIP # enum NodePort|ClusterIP|NodePortLocal
- shardVSSize: LARGE # Use this to control the layer 7 VS numbers. This applies to both secure/insecure VSes but does not apply for passthrough. ENUMs: LARGE, MEDIUM, SMALL, DEDICATED
- passthroughShardSize: SMALL # Control the passthrough virtualservice numbers using this ENUM. ENUMs: LARGE, MEDIUM, SMALL
-
- ### This section outlines all the knobs used to control Layer 4 loadbalancing settings in AKO.
- L4Settings:
- defaultDomain: 'apps.ocp.corp.tanzu' # If multiple sub-domains are configured in the cloud, use this knob to set the default sub-domain to use for L4 VSes.
- autoFQDN: default # ENUM: default(<svc>.<ns>.<subdomain>), flat (<svc>-<ns>.<subdomain>), "disabled" If the value is disabled then the FQDN generation is disabled.
-
- ### This section outlines settings on the Avi controller that affects AKO's functionality.
- ControllerSettings:
- serviceEngineGroupName: OCPCluster-Group # Name of the ServiceEngine Group.
- controllerVersion: '21.1.3' # The controller API version
- cloudName: Default-Cloud # The configured cloud name on the Avi controller.
- controllerHost: 'nsxalb-01a.corp.tanzu' # IP address or Hostname of Avi Controller
- tenantName: admin # Name of the tenant where all the AKO objects will be created in AVI.
-
- nodePortSelector: # Only applicable if serviceType is NodePort
- key: ''
- value: ''
-
- resources:
- limits:
- cpu: 350m
- memory: 400Mi
- requests:
- cpu: 200m
- memory: 300Mi
-
- podSecurityContext: {}
-
- rbac:
- # Creates the pod security policy if set to true
- pspEnable: false
-
- avicredentials:
- username: ''
- password: ''
- authtoken:
- certificateAuthorityData:
-
- persistentVolumeClaim: ''
- mountPath: /log
- logFile: avi.log
5). 部署AKO:
helm install ako/ako --generate-name --version 1.6.4 -f /root/values.yaml --set avicredentials.username=admin --set avicredentials.password=VMware1! --namespace=avi-system
6). 查看AKO的运行情况
- oc -n avi-system get pod
- oc -n avi-system logs -f ako-0
创建NS
kubectl create ns avi-system
解压AKO文件
tar -zxvf ako-1.6.2.tar.gz
加载AKO image
- cd /ako
- docker load < ako-1.6.2-docker.tar.gz
编辑values.yaml
vi ako/values.yaml
将AKO image Push进harbor
- docker tag ako/ako:1.6.2 map.corp.tanzu/ako/ako:1.6.2
- docker push map.corp.tanzu/ako/ako:1.6.1
离线安装AKO
helm install ./ako --generate-name --namespace=avi-system
helm delete $(helm list -n avi-system -q) -n avi-system