AKO partially supports networking/v1 ingress. AKO automatically detects whether ingress-class api is enabled/available in the cluster it is operating in. If the ingress-class api is enabled, AKO switches to use the IngressClass objects, instead of the previously available alternative of using kubernetes.io/ingress.class annotations in Ingress objects.

The following networking/v1 ingress specific features are supported in AKO:

  1. IngressClass

  2. Default IngressClass

IngressClass object

IngressClass corresponding to AKO as the ingress Controller gets deployed as part of helm install/upgrade. Helm autodetects the presence of IngressClass api enabled on the cluster, and if it does, creates the IngressClass object. The IngressClass object will look something like this:

apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
  name: avi-lb
spec:
  controller: ako.vmware.com/avi-lb
  parameters:
    apiGroup: ako.vmware.com
    kind: IngressParameters
    name: external-lb

The IngressClass can be defined using other names. However, it is important that the .spec.controller value specified matches ako.vmware.com/avi-lb.

As part of the helm install/upgrade, if the defaultIngController is set to true, AKO’s helm chart would apply the ingressclass.kubernetes.io/is-default-class as follows:

metadata:
  name: avi-lb
  annotations:
    ingressclass.kubernetes.io/is-default-class: "true"

Setting the ingressclass.kubernetes.io/is-default-class to true enables AKO to implement all Ingresses, even if the ingressClassName is not explicitly specified/the value is None in the Ingress objects. The ingressclass.kubernetes.io/is-default-class annotation comes in handy when upgrading to an IngressClass enabled cluster. This is because while upgrading Ingresses from the ingress class annotation approach to the IngressClass object approach, the upgraded Ingresses would result in having ingressClassName set to None.

Ingress and IngressClass

To provide a Controller to implement a given ingress, in addition to creating the IngressClass object, the ingressClassName must be specified, that matches the IngressClass name. The ingress looks as shown below:

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: my-ingress
spec:
  ingressClassName: avi-lb
  rules:
    - host: myinsecurehost.avi.internal
      http:
        paths:
        - path: /foo
          backend:
            serviceName: service1
            servicePort: 80

Alternatively, if the ingressClassName is empty, AKO checks foringressclass.kubernetes.io/is-default-class to be set to true on an IngressClass belonging to AKO (with .spec.controller: ako.vmware.com/avi-lb).

Note:

Removing IngressClass from the cluster would delete all Ingress associated objects from NSX Advanced Load Balancer. Therefore it is suggested to handle IngressClass with caution.