Vmware Avi

⚙️ Configuration

uv tool install vmware-avi
mkdir -p ~/.vmware-avi
vmware-avi init              # generates config.yaml and .env templates
chmod 600 ~/.vmware-avi/.env
vmware-avi doctor            # verify Controller + K8s connectivity

📋 Tips & Best Practices

"Controller unreachable" error

1. Run vmware-avi doctor to verify connectivity 2. Check if the controller address and port are correct in ~/.vmware-avi/config.yaml 3. For self-signed certs: set verify_ssl: false in config.yaml (lab environments only)

AKO Pod in CrashLoopBackOff

1. Check logs → vmware-avi ako logs --tail 50 2. Common causes: wrong controller IP in values.yaml, network policy blocking AKO→Controller, expired credentials 3. Fix config → vmware-avi ako config show to inspect, then Helm upgrade with corrected values

Ingress created but no VS on Controller

1. Validate annotations → vmware-avi ako ingress check 2. Check AKO logs for rejection reason → vmware-avi ako logs --since 5m 3. Run sync diff → vmware-avi ako sync diff to see if the object is stuck

Pool member shows "down" after enable

Health monitor may still be failing. Check the actual health status on the Controller side — the member is enabled but unhealthy. Fix the backend service first, then the health status will auto-recover.

SSL expiry check shows 0 certificates

Verify the controller connection has tenant-level access. Certificates are tenant-scoped in AVI — the configured user may only see certs in their tenant.

AKO sync force has no effect

Force resync triggers AKO to re-reconcile all K8s objects. If the drift persists, the issue is likely in the K8s resource definition itself (bad annotation, missing secret). Use vmware-avi ako ingress diagnose to pinpoint the root cause.