AV-224356: Documentation for Restricting FQDN to single namespace #1611
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
akshayhavile
requested review from
arihantg,
pkoshtavmware,
DixitAakash and
ashishnayak96
akshayhavile
force-pushed
the
master-AV-224356
branch
from
aed4ab2 to
0c92f0e
Compare
DixitAakash
reviewed
Dec 27, 2024
| @@ -203,6 +203,14 @@ ingress object. | |||
|
|
|||
| If you do not use ingress classes, then keep this knob untouched and AKO will take care of syncing all your ingress objects to Avi. | |||
|
|
|||
| ### L7Settings.fqdnReusePolicy | |||
|
|
|||
| This field is used to restrict or allow FQDN to be spanned across multiple namespace. | |||
There was a problem hiding this comment.
namespace -> namespaces
|
|
||
| This field is used to restrict or allow FQDN to be spanned across multiple namespace. | ||
|
|
||
| * InterNamespaceAllowed: With this value, AKO will allowed hostname/FQDN to be associate with Ingresses/Routes, spanned across multiple namespaces. |
There was a problem hiding this comment.
Rephrase as :
InterNamespaceAllowed: With this value, AKO will allow hostnames/FQDNs to be associated with Ingresses/Routes, spanning across multiple namespaces.
| fqdnReusePolicy: "InterNamespaceAllowed" | ||
| ``` | ||
|
|
||
| `fqdnReusePolicy` can be assigned to one of the two values `InterNamespaceAllowed` or `Strict`. |
There was a problem hiding this comment.
Should add a comma after values,
| `fqdnReusePolicy` can be assigned to one of the two values `InterNamespaceAllowed` or `Strict`. | ||
| When value is `InterNamespaceAllowed`, AKO accepts ingresses with same host/FQDN from all namespaces. This is the `default` value. | ||
|
|
||
| When value is `Strict`, AKO restrict FQDN to single namespace. FQDN will be associated with namespace which claims it first. For example, if `ingress1` in `red` namespace is deployed with `foo.avi.internal`, then with `Strict` setting, `foo.avi.internal` will be associated with `red` namespace. Now `ingress2` in `default` namespace is deployed with `foo.avi.internal`, then AKO will reject `ingress2` with message `host already claimed`. VirtualService and corresponding AviController objects for `ingress2` will not be created. |
There was a problem hiding this comment.
restrict -> restricts
FQDN to single namespace - > FQDN to a single namespace
with message -> with the message
|
|
||
| When value is `Strict`, AKO restrict FQDN to single namespace. FQDN will be associated with namespace which claims it first. For example, if `ingress1` in `red` namespace is deployed with `foo.avi.internal`, then with `Strict` setting, `foo.avi.internal` will be associated with `red` namespace. Now `ingress2` in `default` namespace is deployed with `foo.avi.internal`, then AKO will reject `ingress2` with message `host already claimed`. VirtualService and corresponding AviController objects for `ingress2` will not be created. | ||
|
|
||
| In `Strict` setting, AKO does not associated one FQDN with another namespace automatically if all ingresses with given FQDN is deleted from claimed namespace. For above example, if `ingress1` in `red` is deleted and there is no other ingress in `red` namespace associated with `foo.avi.internal`, AKO will not associate `foo.avi.internal` with `ingress2` of `default` namespace. User has to do create/update operation on ingresses, associated with `foo.avi.internal`, to claim the FQDN. User can also reboot the AKO to associate `foo.avi.internal` with `default` namespace. |
There was a problem hiding this comment.
Can be slightly rephrased to :
In Strict setting, AKO does not associate one FQDN with another namespace automatically if all ingresses with the given FQDN are deleted from the claimed namespace. For the above example, if ingress1 in red is deleted and there is no other ingress in the red namespace associated with foo.avi.internal, AKO will not associate foo.avi.internal with ingress2 of the default namespace. The user has to do a create/update operation on ingresses associated with foo.avi.internal to claim the FQDN. The user can also reboot the AKO to associate foo.avi.internal with the default namespace.
|
|
||
| In `Strict` setting, AKO does not associated one FQDN with another namespace automatically if all ingresses with given FQDN is deleted from claimed namespace. For above example, if `ingress1` in `red` is deleted and there is no other ingress in `red` namespace associated with `foo.avi.internal`, AKO will not associate `foo.avi.internal` with `ingress2` of `default` namespace. User has to do create/update operation on ingresses, associated with `foo.avi.internal`, to claim the FQDN. User can also reboot the AKO to associate `foo.avi.internal` with `default` namespace. | ||
|
|
||
| For ingresses with multiple hosts(FQDNS), if one of the FQDN is not accepted by AKO then whole ingress will not be accepted by AKO and configuration defined in that ingress will not be applied at AviController side. |
There was a problem hiding this comment.
FQDNS -> FQDNs
FQDN -> FQDNs
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.