To make global server load balancing (GSLB) capabilities of NSX Advanced Load Balancer (formerly Avi Networks) available for your application in Tanzu Service Mesh, you need to create an Avi integration account.

Creating an Avi integration account is a required step if you need to configure global load balancing for your application using NSX Advanced Load Balancer. Your application will be exposed to users through a public service configured in a global namespace, and NSX Advanced Load Balancer will route user requests to optimal application instances by using the global load balancing configuration specified for the public service.

Prerequisites

  • Configure GSLB sites, including a GSLB leader site, in Avi. Delegate the domains that you own to Avi GSLB. For more information about creating GSLB sites, see the Avi documentation.

  • Know the name of the Avi tenant that your Avi user account is associated with. For information about tenants, see the Avi documentation.

  • Know the user name and password of your Avi user account on the leader site.

  • Know the IP address or the fully qualified domain name (FQDN) of the Controller cluster on the GSLB leader site.

  • Access to the Tanzu Service Mesh Console. For information about accessing the Tanzu Service Mesh Console, see Access the Tanzu Service Mesh Console.

Note:

If Avi Kubernetes Operator (AKO) is installed on the onboarded clusters where instances of the public service will be deployed, deactivate the L4Settings.autoFQDN configuration setting during installation. This setting is available starting with AKO version 1.3.3. If this setting is not deactivated, Tanzu Service Mesh will try to resolve the ingress gateway using the local FQDN rather than the external IP address, which will only work if the resolvers on the nodes point to Avi DNS. For information about the L4Settings.autoFQDN setting, see the AKO documentation on GitHub.

Procedure

  1. Access the Tanzu Service Mesh Console.
  2. In the navigation pane on the left, click Admin > Integration.
  3. On the Integrations page, under All Integrations, find the Avi card with the DNS and GSLB labels.

    If one or more Avi integration accounts exist in Tanzu Service Mesh, the number of accounts is displayed in the lower-left corner of the card.

    The following image shows the Avi integration card.



  4. Select one of the following options.

    • If you are creating the first Avi integration account, at the bottom of the card, click Configure.

    • If one or more Avi integration accounts exist and you are creating another account, at the bottom of the card, click Add Account.

  5. In the New Avi Integration dialog box, provide the following information.

    • Name. Enter a friendly name for the account.

    • Description. (Optional) enter a description of the account.

    • Authentication. Select Username & Password and enter the user name and password of your Avi user account on the GSLB leader site. Tanzu Service Mesh will use these credentials to connect to the leader site on Avi.

      Note:

      The Authentication Token option is currently not supported.

    • Avi Tenant. Enter the name of the Avi tenant with which your Avi user account is associated.

    • Controller Address. Specify the IP address or the fully qualified domain name (FQDN) of the Controller cluster on the leader site.



  6. Click Save.

Results

The new account is added to the Avi integration card on the Integrations page.

What to do next

To edit or delete the account, click Edit or Delete in the Avi card. If you have more than one Avi integration account, in the lower-left corner of the card, click number Accounts, click the name of the account, and then click Edit or Delete.

To make the subdomains you delegated to Avi GSLB available for inclusion in the URL of a public service, you must also create a DNS account in Tanzu Service Mesh, selecting the name of the Avi integration account as the domain provider in the DNS account.