AKO watches events(CUD) of different Kubernetes/OpenShift cluster objects to realize the NSX Advanced Load Balancer Controller side objects. AKO provides config level knobs that can help to filter Kubernetes/OpenShift objects and help improve AKO performance. This topic discusses AKOvalues.yaml (configmap) level settings that will help in optimizing AKO performance.
AKOSettings.namespaceSelector.labelKey and AKOSettings.namespaceSelector.labelValue
These two parameters act as a namespace filter. AKO syncs Ingresses/Routes, L4 services from namespaces having this namespace selector.
Parameter |
Description |
Default |
|---|---|---|
AKOSettings.namespaceSelector.labelKey |
Key used as a label based selection for the namespaces |
empty |
AKOSettings.namespaceSelector.labelValue |
Value used as a label based selection for the namespaces |
empty |
labelKey: app and
labelValue: migrate in values.yaml, the user has to label namespace with
app: migrate.
apiVersion: v1
kind: Namespace
metadata:
creationTimestamp: "2020-12-04T13:20:42Z"
labels:
app: migrate
name: red
resourceVersion: "14055620"
selfLink: /api/v1/namespaces/red
uid: a424bf13-2f4a-4005-a84d-f2fb65acfda0
spec:
finalizers:
- kubernetes
status:
phase: Active
AKO syncs all objects from correctly labeled namespaces.
If the label of the red namespace is changed from app: migrate (valid) to app: migrate1 (invalid), the following objects of red namespace will be deleted from the NSX Advanced Load Balancer Controller.
Pools associated with, insecure ingresses/routes
SNI virtual services associated with secure ingresses/routes
Virtual services associated with L4 objects
EVH virtual services associated with secure, insecure ingresses/routes.
AKO will sync back objects of a namespace with NSX Advanced Load Balancer Controller if namespace label is changed from an invalid label to a valid label.
AKO reboot will be required if value of this knob is changed in AKO configmap.
AKOSettings.blockedNamespaceList
The blockedNamespaceList lists the Kubernetes/OpenShift namespaces blocked by AKO. AKO will not process any Kubernetes/OpenShift object update from these namespaces. Default value is empty list.
Parameter |
Description |
Default |
|---|---|---|
AKOSettings.blockedNamespaceList |
List of Kubernetes/OpenShift namespaces blocked by AKO |
Empty List |
For example, to block syncing objects from kube-system, kube-public namespaces, you can specify those namespaces as follows:
AKOSettings:
.
.
blockedNamespaceList:
- kube-system
- kube-public
AKO reboot is required if the value of this knob is changed in AKO configmap.
nodeSelectorLabels.key and nodeSelectorLabels.value
It might not be desirable to have all the nodes of a Kubernetes/OpenShift cluster to participate in becoming server pool members. So, key/value pairs are used as a label based selection on the nodes in Kubernetes/OpenShift to filter out nodes. If key/value pairs are not specified, all nodes are selected. This setting is applicable in NodePort deployment only.
Parameter |
Description |
Default |
|---|---|---|
nodeSelectorLabels.key |
Key used as a label based selection for the nodes. |
Empty |
nodeSelectorLabels.value |
Value used as a label based selection for the nodes. |
Empty |
yes, the nodes which do have this label will be selected during pool server population.
apiVersion: v1
kind: Node
metadata:
annotations:
node.alpha.kubernetes.io/ttl: "0"
volumes.kubernetes.io/controller-managed-attach-detach: "true"
labels:
kubernetes.io/hostname: node2
kubernetes.io/os: linux
nodeselected: yes
name: node2
spec:
.
.
.
AKO selects node2 while populating pool servers.
Rebooting of AKO will be required if the value of this knob is changed in the AKOconfigmap.
