AVI: Difference between revisions
Content added Content deleted
| Line 174: | Line 174: | ||
== OpenShift Service Account for Avi Authentication == |
== OpenShift Service Account for Avi Authentication == |
||
Create a Service Account for Avi |
Create a Service Account for Avi: |
||
nano sa.json |
|||
Step 1. Service Account Definition of Avi Service Account (sa.json) |
|||
{ |
{ |
||
"apiVersion": "v1", |
"apiVersion": "v1", |
||
"kind": "ServiceAccount", |
"kind": "ServiceAccount", |
||
"metadata": { |
"metadata": { |
||
"name": "avi" |
"name": "avi" |
||
} |
} |
||
} |
} |
||
| ⚫ | |||
Step 2. Create a Service Account |
|||
Use the OpenShift client using the above definition sa.json file. |
|||
| ⚫ | |||
= Using Ansible = |
= Using Ansible = |
||
Revision as of 12:31, 29 August 2018
Kubernetes Integration
Source: avinetworks.com
Create a Service Account
kubectl create serviceaccount avi -n default
Create a Cluster Role for deploying Avi Service Engines as a pod:
nano clusterrole.json
{
"apiVersion": "rbac.authorization.k8s.io/v1beta1",
"kind": "ClusterRole",
"metadata": {
"name": "avirole"
},
"rules": [
{
"apiGroups": [
""
],
"resources": [
"*"
],
"verbs": [
"get",
"list",
"watch"
]
},
{
"apiGroups": [
""
],
"resources": [
"pods",
"replicationcontrollers"
],
"verbs": [
"get",
"list",
"watch",
"create",
"delete",
"update"
]
},
{
"apiGroups": [
""
],
"resources": [
"secrets"
],
"verbs": [
"get",
"list",
"watch",
"create",
"delete",
"update"
]
},
{
"apiGroups": [
"extensions"
],
"resources": [
"daemonsets",
"ingresses"
],
"verbs": [
"create",
"delete",
"get",
"list",
"update",
"watch"
]
}
]
}
kubectl create -f clusterrole.json
Create Cluster Role Binding nano clusterbinding.json
{
"apiVersion": "rbac.authorization.k8s.io/v1beta1",
"kind": "ClusterRoleBinding",
"metadata": {
"name": "avirolebinding",
"namespace": "default"
},
"roleRef": {
"apiGroup": "rbac.authorization.k8s.io",
"kind": "ClusterRole",
"name": "avirole"
},
"subjects": [
{
"kind": "ServiceAccount",
"name": "avi",
"namespace": "default"
}
]
}
kubectl create -f clusterbinding.json
Extract the Token for Use in Avi Cloud Configuration
kubectl describe serviceaccount avi -n default kubectl describe secret avi-token-esdf0 -n default
On AVI Controller
Enter the Master IP address & Token in AVI Portal:
https://10.1.10.160:6443
Create
NorthSouth-IPAM NorthSouth_DNS
EastWest-IPAM EastWest-DNS
Goto Tenant Default, Check VS status
Either Disable Kube-Proxy(which is default LB in Kubernetes) or Give it a different IP than East_West Subnet.
OpenShift
Replace kube-proxy with Avi
- If kube-proxy is enabled, it uses the service subnet (default is 172.30.0.0/16) to allocate east-west VIPs to services.
- In this case, east-west VIPs handled by Vantage have to be configured to use other subnets.
- Kube-proxy will be running, but unused, since services use Avi-allocated VIPs for east-west traffic, instead of OpenShift-allocated VIPs from the service network.
- If a user wishes to use the service subnet to load balance traffic using Avi, kube-proxy must be disabled.
- This mode offers operational advantages, since OpenShift’s API and CLI are in sync with the VIP used for the service.
- That is to say, if someone does a “oc get service,” the VIPs shown in the output are the same VIPs on which Avi provides the service.
- Disable kube-proxy
1) OpenShift Master node delete all user-created services:
oc delete all --all
2) To disable kube-proxy, perform the below steps on all nodes (Masters and Slaves):
- Edit /etc/sysconfig/origin-node and change the OPTIONS variable to read as below:
OPTIONS="--loglevel=2 --disable proxy"
- Save and exit the editor.
- Restart the origin-node service:
systemctl restart origin-node.service
- Configuration changes on Avi
1) Configure the east-west VIP network to use the service network (default 172.30.0.0/16).
2) In the cloud configuration, select the Use Cluster IP of service as VIP for East-West checkbox.
Configuring the Network
Configure a subnet and IP address pool for intra-cluster/east-west traffic and a subnet and IP address pool for external/north-south traffic.
OpenShift Service Account for Avi Authentication
Create a Service Account for Avi:
nano sa.json
{
"apiVersion": "v1",
"kind": "ServiceAccount",
"metadata": {
"name": "avi"
}
}
oc create -f sa.json
Using Ansible
mkdir ~/virtualenv mkdir avisdk mkdir bin
cd ~/virtualenv/ cd avisdk/
pip install setuptools
export LC_ALL=C virtualenv ~/virtualenv/avisdk/ pip install avisdk
cd bin . activate
pip install avisdk==17.2.7b2 pip install avisdk pip freeze
cd ~/virtualenv/avisdk/ cd bin source activate pip install ansible cp /tmp/for_ansible_training.yml ~ nano ~/for_ansible_training.yml ansible-playbook ~/for_ansible_training.yml ansible-playbook ~/for_ansible_training.yml -vvvvv
ansible-galaxy -f install avinetworks.avisdk la ~/.ansible/roles/avinetworks.avisdk/library/
ansible-playbook ~/for_ansible_training.yml
Ansible Playbook to Deploy VS
nano avi-deploy.yml
- hosts: localhost
connection: local
roles:
- role: avinetworks.avisdk
tasks:
- name: Create a Pool
avi_pool:
controller: 10.10.26.40
username: admin
password: Admin@123
name: test_aman
description: test
state: present
health_monitor_refs:
- '/api/healthmonitor?name=System-HTTP'
servers:
- ip:
addr: 10.91.1.53
type: V4
- name: Create a VS
avi_virtualservice:
controller: 10.10.26.40
username: admin
password: Admin@123
name: testvs_aman
description: testvs
state: present
api_version: 17.2.7
pool_ref: "/api/pool?name=test_aman"
vip:
- ip_address:
addr: '10.91.0.6'
type: 'V4'
services:
- port: 80
Available Roles:
ls /etc/ansible/roles/avinetworks.avisdk/library/
Deployment:
ansible-playbook -v avi-deploy.yml --step
Using AVI SDK
nano pool_vs.py
import argparse
from avi.sdk.avi_api import ApiSession
from requests import urllib3
urllib3.disable_warnings()
parser = argparse.ArgumentParser(description="AVISDK based Script to attach a Datascript to all the VS(s)")
parser.add_argument("-u", "--username", required=True, help="Login username")
parser.add_argument("-p", "--password", required=True, help="Login password")
parser.add_argument("-c", "--controller", required=True, help="Controller IP address")
parser.add_argument("-t", "--tenant", required=True, help="Tenant Name")
parser.add_argument("-vs", "--virtualservice", required=True, help="Controller IP address")
parser.add_argument("-v", "--vip", required=True, help="Controller IP address")
parser.add_argument("-po", "--pool", required=True, help="Controller IP address")
args = parser.parse_args()
user = args.username
password = args.password
controller = args.controller
tenant = args.tenant
pool = args.pool
vs = args.virtualservice
vip = args.vip
#Get Api Session
api = ApiSession.get_session(controller,user,password,tenant=tenant, api_version="17.2.7")
pool_Already = False
resp = api.get_object_by_name('pool', pool)
if resp == None:
#Create Pool_obj to pass in POST request
pool_obj = {'name': pool, 'servers': [ { 'ip' : { 'addr': '10.91.1.53', 'type': 'V4' }}]}
#Post Pool_OBJ
resp = api.post('pool', data=pool_obj)
print resp.json()
#Getting the Refernce for the Pool
pool_obj = api.get_object_by_name('pool', pool)
pool_ref = api.get_obj_ref(pool_obj)
#Creating SERVICE_OBJ
services_obj = [{'port': 80, 'enable_ssl': False}]
#Creating VS OBJ
vs_obj = {'name': vs, 'vip' : [ {'ip_address': {'addr': vip, 'type': 'V4'}}], 'services': services_obj, 'pool_ref': pool_ref}
#Posting VS OBJ
resp = api.post('virtualservice', data=vs_obj)
print resp.json()
python pool_vs.py -u admin -p Admin@123 -c 10.10.26.40 -t admin -vs test_aman -v 10.91.0.6 -po test_pool_aman
- References
{{#widget:DISQUS
|id=networkm
|uniqid=AVI
|url=https://aman.awiki.org/wiki/AVI
}}