This topic explains the ClusterIP mode support for Azure IaaS cloud in AKO. AKO manages the pod routing in the Azure cloud.

Routing in Azure with Two Kubernetes Clusters Syncing to the same Azure Cloud

When multiple clusters are syncing to the same cloud, the pod CIDRs can overlap. Currently, in AKO for each cluster, the SE Group is created. For Azure cloud, in addition to the creation of a dedicated SE group, SE Network/ subnet needs to be overridden in the SE group which will be unique per cluster.


AKO Static Routing in Azure

AKO configures the routes for cluster1 and cluster2 in the Azure routing tables for subnet1 and subnet2 respectively.

AKO in Azure (Day 0 Preparation)

The Day 0 preparation checklist required to set up AKO in Azure is as listed below:

  1. Operations on the Azure Side

    1. Ensure that the Kubernetes /OpenShift clusters are running in Azure

      1. Ensure that clusters are in the same VNET as the SE

    2. Create a dedicated subnet for each of the clusters in VNET for SE to be provisioned in

      1. subnet1 and subnet2 are created for cluster1 and cluster2 respectively

    3. Create the route table in Azure for each subnet created above and associate it to the SE subnet

      1. Create RouteTable1 and RouteTable2 and associate to subnet1 and subnet2 respectively

    4. Configure NSG rules in Kubernetes cluster’s subnet to allow traffic from SE Subnet

    5. Provide permissions to the NSX Advanced Load Balancer cloud credential to write on route tables

      1. The NSX Advanced Load Balancer Controller role for AKOavi-controller-ako.

      2. Use the above role to configure the cloud in the NSX Advanced Load Balancer. For more information, see AKO in GCP.

  2. Operations on the NSX Advanced Load Balancer side

    1. Create an Azure cloud in NSX Advanced Load Balancer.

      Note:

      Skip this step if the IaaS cloud is already created.

    2. Create a Service Engine group for each cluster.

    3. Override the Service Engine subnet in each of the SE groups

      1. If there are two clusters cluster1 and cluster2

      2. Run configure serviceenginegroup seg1

      3. Override the data_network_id in the SE Group by running the commands shown below:

        data_network_id subnet1
Save

      4. Similarly override the data_network_id for the cluster2

Once all the things are configured and AKO is running, check if the routes for the nodes are created in the routing table for the subnet1 and subnet2 respectively.