A CRD called GlobalDeploymentPolicy allows users to select kubernetes/openshift objects based on certain rules. The selection policy applies to all the clusters which are mentioned in the GDP object.
Note that v1alpha1
for the GDP object is deprecated now and AMKO won’t honor any changes in the v1alpha1
version of a GDP object.
A typical GlobalDeploymentPolicy looks like this:
apiVersion: "amko.k8s.io/v1alpha2"
kind: "GlobalDeploymentPolicy"
metadata:
name: "global-gdp"
namespace: "avi-system" // a cluster-wide GDP
spec:
matchRules:
appSelector:
label:
app: gslb
namespaceSelector:
label:
ns: gslb
matchClusters:
- cluster: cluster1-admin // cluster names are kubernetes cluster contexts
- cluster: cluster2-admin
trafficSplit:
- cluster: cluster1
weight: 8
- cluster: cluster2
weight: 2
ttl: 10
healthMonitorRefs:
- my-health-monitor1
sitePersistenceRef: gap-1
poolAlgorithmSettings:
lbAlgorithm: GSLB_ALGORITHM_ROUND_ROBIN
namespace
: namespace of this object must be avi-system
.matchRules
: This allows users to select objects using either application labels (configured as labels on Ingress/Route objects) or via namespace labels (configured as labels on the namespace objects). matchRules
are defined as:
matchRules:
appSelector: // application selection criteria
label:
app: gslb // kubernetes/openshift label key-value
namespaceSelector: // namespace selection criteria
label:
ns: gslb // kubernetes/openshift label key-value
A combination of appSelector and namespaceSelector will decide which objects will be selected for GSLB service consideration.
AMKO supports the following combinations for GDP matchRules: | appSelector | namespaceSelector | Result | | ————— | ——————— | ————————————————————————————————– | | yes | yes | Select all objects satisfying appSelector and from the namespaces satisfying the namespaceSelector | | no | yes | Select all objects from the selected namespaces (satisfying namespaceSelector) | | yes | no | Select all objects satisfying the appSelector criteria from all namespaces | | no | no | No objects selected (default action) |
Example Scenarios:
Select objects with label
app:gslb
from all the namespaces:matchRules: appSelector: label: app: gslb
Select objects with label
app:gslb
and from namespaces labelledns:prod
:matchRules: appSelector: label: app: gslb namespaceSelector: label: ns: prod
matchClusters
: List of clusters on which the above matchRules
will be applied on. The member object of this list are cluster contexts of the individual k8s/openshift clusters.
trafficSplit
is required if we want to route a percentage of traffic to objects in a given cluster. Weights for these clusters range from 1 to 20.
ttl
: Use this flag to set the Time To Live value. The value can range from 1-86400 seconds. This determines the frequency with which clients need to obtain fresh steering information for client requests. If none is specified in the GDP object, the value defaults to the one specified in the DNS application profile.
healthMonitorRefs
: Provide federated custom health monitors. If this option is used and refs are specified, the default path based health monitoring will be deleted for the GslbServices. If no custom health monitors are specified, AMKO sets the default health monitors for all GslbServices.
sitePersistenceRef
: Provide an Application Persistence Profile ref (pre-created in Avi Controller). This has to be a federated profile. Please follow the steps here to create a federated Application Persistence Profile on the Avi Controller. If no reference is provided, Site Persistence is disabled.
poolAlgorithmSettings
: Provide the GslbService pool algorithm settings. Refer to pool algorithm settings for details. If this field is absent, the default is assumed as Round Robin algorithm.
Only one GDP
object is allowed.
If using helm install
, a GDP
object is created by picking up values from values.yaml
file. User can then edit this GDP object to modify their selection of objects.
trafficSplit
, ttl
, sitePersistence
and healthMonitorRefs
provided in the GDP object are applicable on all the GslbServices. These properties, however, can be overridden via GSLBHostRule
created for a GslbService. More details here.
Site Persistence, if specified, will only be enabled for the GslbServices which have secure ingresses or secure routes as the members and will be disabled for all other cases.
HTTP Health Monitors can’t be used for GslbServices with HTTPS objects as the members.