vmware-tanzu · christianang · May 8, 2024 · May 7, 2024
diff --git a/api/v1alpha1/akodeploymentconfig_types.go b/api/v1alpha1/akodeploymentconfig_types.go
@@ -98,6 +98,13 @@ type AKODeploymentConfigSpec struct {
 
 // ExtraConfigs contains extra configurations for AKO Deployment
 type ExtraConfigs struct {
+	// Defines the number of AKO instances to deploy to allow of high availablity. Max number of replicas is two.
+	// Default value: 1
+	// +kubebuilder:validation:Minimum=1
+	// +kubebuilder:validation:Maximum=2
+	// +optional
+	ReplicaCount *int `json:"replicaCount,omitempty"`
+
 	// Defines AKO instance is primary or not. Value `true` indicates that AKO instance is primary.
 	// In a multiple AKO deployment in a cluster, only one AKO instance should be primary.
 	// Default value: true.

diff --git a/api/v1alpha1/akodeploymentconfig_webhook.go b/api/v1alpha1/akodeploymentconfig_webhook.go
@@ -178,6 +178,10 @@ func (r *AKODeploymentConfig) validateAVI(old *AKODeploymentConfig) field.ErrorL
 		aviClient = client
 	}
 
+	if err := r.validateReplicaCount(); err != nil {
+		allErrs = append(allErrs, err)
+	}
+
 	if old == nil {
 		// when old is nil, it is creating a new AKODeploymentConfig object, check following fields
 		if err := r.validateAviCloud(); err != nil {
@@ -223,6 +227,19 @@ func (r *AKODeploymentConfig) validateAVI(old *AKODeploymentConfig) field.ErrorL
 	return allErrs
 }
 
+// validateReplicaCount checks replica count is between 1 and 2 or is unset
+func (r *AKODeploymentConfig) validateReplicaCount() *field.Error {
+	if r.Spec.ExtraConfigs.ReplicaCount == nil {
+		return nil
+	}
+	if *r.Spec.ExtraConfigs.ReplicaCount < 1 || *r.Spec.ExtraConfigs.ReplicaCount > 2 {
+		return field.Invalid(field.NewPath("spec", "extraConfigs", "replicaCount"),
+			r.Spec.ExtraConfigs.ReplicaCount,
+			"replica count must be 1 or 2")
+	}
+	return nil
+}
+
 // validateAviSecret checks NSX Advanced Load Balancer related credentials or certificate secret is valid or not
 func (r *AKODeploymentConfig) validateAviSecret(secret *corev1.Secret, secretRef SecretReference) *field.Error {
 	if err := kclient.Get(context.Background(), client.ObjectKey{

diff --git a/api/v1alpha1/akodeploymentconfig_webhook_test.go b/api/v1alpha1/akodeploymentconfig_webhook_test.go
@@ -359,6 +359,61 @@ func TestCreateNewAKODeploymentConfig(t *testing.T) {
 			},
 			expectErr: false,
 		},
+		{
+			name:              "replica count is unset",
+			adminSecret:       staticAdminSecret.DeepCopy(),
+			certificateSecret: staticCASecret.DeepCopy(),
+			adc:               staticADC.DeepCopy(),
+			customizeInput: func(adminSecret, certificateSecret *corev1.Secret, adc *AKODeploymentConfig) (*corev1.Secret, *corev1.Secret, *AKODeploymentConfig) {
+				adc.Spec.ExtraConfigs.ReplicaCount = nil
+				return adminSecret, certificateSecret, adc
+			},
+			expectErr: false,
+		},
+		{
+			name:              "replica count is 1",
+			adminSecret:       staticAdminSecret.DeepCopy(),
+			certificateSecret: staticCASecret.DeepCopy(),
+			adc:               staticADC.DeepCopy(),
+			customizeInput: func(adminSecret, certificateSecret *corev1.Secret, adc *AKODeploymentConfig) (*corev1.Secret, *corev1.Secret, *AKODeploymentConfig) {
+				adc.Spec.ExtraConfigs.ReplicaCount = ptr.To(1)
+				return adminSecret, certificateSecret, adc
+			},
+			expectErr: false,
+		},
+		{
+			name:              "replica count is 2",
+			adminSecret:       staticAdminSecret.DeepCopy(),
+			certificateSecret: staticCASecret.DeepCopy(),
+			adc:               staticADC.DeepCopy(),
+			customizeInput: func(adminSecret, certificateSecret *corev1.Secret, adc *AKODeploymentConfig) (*corev1.Secret, *corev1.Secret, *AKODeploymentConfig) {
+				adc.Spec.ExtraConfigs.ReplicaCount = ptr.To(2)
+				return adminSecret, certificateSecret, adc
+			},
+			expectErr: false,
+		},
+		{
+			name:              "should throw error if replica count is less than 1",
+			adminSecret:       staticAdminSecret.DeepCopy(),
+			certificateSecret: staticCASecret.DeepCopy(),
+			adc:               staticADC.DeepCopy(),
+			customizeInput: func(adminSecret, certificateSecret *corev1.Secret, adc *AKODeploymentConfig) (*corev1.Secret, *corev1.Secret, *AKODeploymentConfig) {
+				adc.Spec.ExtraConfigs.ReplicaCount = ptr.To(0)
+				return adminSecret, certificateSecret, adc
+			},
+			expectErr: true,
+		},
+		{
+			name:              "should throw error if replica count is greater than 2",
+			adminSecret:       staticAdminSecret.DeepCopy(),
+			certificateSecret: staticCASecret.DeepCopy(),
+			adc:               staticADC.DeepCopy(),
+			customizeInput: func(adminSecret, certificateSecret *corev1.Secret, adc *AKODeploymentConfig) (*corev1.Secret, *corev1.Secret, *AKODeploymentConfig) {
+				adc.Spec.ExtraConfigs.ReplicaCount = ptr.To(3)
+				return adminSecret, certificateSecret, adc
+			},
+			expectErr: true,
+		},
 	}
 
 	for _, tc := range testcases {

diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/config/crd/bases/networking.tkg.tanzu.vmware.com_akodeploymentconfigs.yaml b/config/crd/bases/networking.tkg.tanzu.vmware.com_akodeploymentconfigs.yaml
@@ -461,6 +461,13 @@ spec:
                           the PodSecurityPolicy
                         type: string
                     type: object
+                  replicaCount:
+                    description: |-
+                      Defines the number of AKO instances to deploy to allow of high availablity. Max number of replicas is two.
+                      Default value: 1
+                    maximum: 2
+                    minimum: 1
+                    type: integer
                   servicesAPI:
                     description: |-
                       ServicesAPI specifies if enables AKO in services API mode: https://kubernetes-sigs.github.io/service-apis/.

diff --git a/config/ytt/static.yaml b/config/ytt/static.yaml
@@ -465,6 +465,13 @@ spec:
                           the PodSecurityPolicy
                         type: string
                     type: object
+                  replicaCount:
+                    description: |-
+                      Defines the number of AKO instances to deploy to allow of high availablity. Max number of replicas is two.
+                      Default value: 1
+                    maximum: 2
+                    minimum: 1
+                    type: integer
                   servicesAPI:
                     description: |-
                       ServicesAPI specifies if enables AKO in services API mode: https://kubernetes-sigs.github.io/service-apis/.

diff --git a/pkg/ako/values.go b/pkg/ako/values.go
@@ -49,13 +49,18 @@ func NewValues(obj *akoov1alpha1.AKODeploymentConfig, clusterNameSpacedName stri
 	rbac := NewRbac(obj.Spec.ExtraConfigs.Rbac)
 	featureGates := NewFeatureGates(obj.Spec.ExtraConfigs.FeatureGates)
 
+	replicaCount := 1
+	if obj.Spec.ExtraConfigs.ReplicaCount != nil {
+		replicaCount = *obj.Spec.ExtraConfigs.ReplicaCount
+	}
+
 	return &Values{
 		LoadBalancerAndIngressService: LoadBalancerAndIngressService{
 			Name:      "ako-" + clusterNameSpacedName,
 			Namespace: akoov1alpha1.AviNamespace,
 			Config: Config{
 				IsClusterService:      "",
-				ReplicaCount:          1,
+				ReplicaCount:          replicaCount,
 				AKOSettings:           akoSettings,
 				NetworkSettings:       networkSettings,
 				L7Settings:            l7Settings,

diff --git a/pkg/ako/values_test.go b/pkg/ako/values_test.go
@@ -75,6 +75,8 @@ var _ = Describe("AKO", func() {
 				Expect(k).To(Equal(v))
 			}
 
+			Expect(config.ReplicaCount).To(Equal(*akoDeploymentConfig.Spec.ExtraConfigs.ReplicaCount))
+
 			if len(akoDeploymentConfig.Spec.ExtraConfigs.IngressConfigs.NodeNetworkList) != 0 {
 				nodeNetworkListJson, jsonerr := json.Marshal(akoDeploymentConfig.Spec.ExtraConfigs.IngressConfigs.NodeNetworkList)
 				Expect(jsonerr).ShouldNot(HaveOccurred())
@@ -108,6 +110,7 @@ var _ = Describe("AKO", func() {
 							CIDR: "10.1.0.0/24",
 						},
 						ExtraConfigs: akoov1alpha1.ExtraConfigs{
+							ReplicaCount:      ptr.To(2),
 							FullSyncFrequency: "1900",
 							Rbac: akoov1alpha1.AKORbacConfig{
 								PspEnabled:          ptr.To(true),