AVI: Difference between revisions - Network Security Wiki

Line 6:

Source: [https://avinetworks.com/docs/17.2/kubernetes-service-account-for-avi-vantage-authentication/ avinetworks.com]

== Kubernetes Config ==

⚫

Create a Service Account

⚫

*Create a Service Account

kubectl create serviceaccount avi -n default

Create a Cluster Role for deploying Avi Service Engines as a pod:

*Create a Cluster Role for deploying Avi Service Engines as a pod:

nano clusterrole.json

Line 87:

Line 89:

</pre>

*Create the Role:

kubectl create -f clusterrole.json

Create Cluster Role Binding

*Create Cluster Role Binding

nano clusterbinding.json

<pre>

{

Line 114:

Line 118:

</pre>

*Apply Cluster Role Binding

kubectl create -f clusterbinding.json

Extract the Token for Use in Avi Cloud Configuration

*Extract the Token for Use in Avi Cloud Configuration

kubectl describe serviceaccount avi -n default

kubectl describe secret avi-token-esdf0 -n default

== On AVI Controller ==

== AVI Controller Config ==

Enter the Master IP address & Token in ~~AVI~~ ~~Portal~~:

*Enter the Master IP address & Token in Cloud Config:

https://10.1.10.160:8443

*Create IPAM Profiles with below subnets:

Create

NorthSouth-IPAM(Should be ~~routeable~~)

NorthSouth-IPAM(Should be route-able)

10.52.201.0/24: 10.52.201.14 - 10.52.201.30

NorthSouth_DNS

EastWest-IPAM

172.50.0.0/16 172.50.0.10 - 172.50.0.250

*Create DNS Profiles with below domains:

EastWest-IPAM

NorthSouth_DNS [avi]

EastWest-DNS

EastWest-DNS [avi]

~~Goto~~ Tenant Default, Check VS status

*Go to Tenant '''Default''' & Check VS status

Either Disable Kube-Proxy(which is default LB in Kubernetes) or Give it a different IP than East_West Subnet.

*Either Disable Kube-Proxy(which is default LB in Kubernetes) or Give it a different IP than East_West Subnet.

= OpenShift =