Azure Kubernetes Service (AKS) is a managed Kubernetes service available on the Microsoft Azure public cloud.
This guide will show you how to install Liqo on your AKS cluster. AKS clusters have by default an Internet-exposed API Server and can easily expose LoadBalancer services using public IPs. As discussed in Scenarios section, those latter are the requirements to have a “public-exposed” cluster, which can be accessed by other Liqo instances.
Liqo may be installed on newly created clusters or existing ones.
Add Kubernetes cluster to create a new cluster. A new panel will appear.
Select the desired
Resource Group, choose a name, a region and an availability zone to assign to
NOTE: Liqo only supports a
Kubernetes version >= 1.19.0
Liqo does not require any other configurations to the cluster. You can click on the
Review + create button.
When the validation is passed, click on the
Azure will take some minutes to deploy your cluster.
When your cluster has been completely deployed, you have to enable an ingress controller to make the Liqo Auth Service accessible from the external world.
Azure has a built-in plugin that enables this feature, although it is not recommended for use in production, called HTTP application routing.
To enable it on your cluster dashboard, you should go in
Networking and make sure that the Enable HTTP application
routing checkbox is enabled. Finally, you can persist the configuration by clicking on the
Azure will take some minutes to deploy the required components and enable the required services.
When the operation is completed you will see a new DNS zone in the Azure Portal.
Congratulations! Your AKS cluster is now ready to run Liqo!
In order to install Liqo, we need to configure some values of the Helm chart related to the accessibility of the cluster and its internal configuration.
In particular, we have to set the following values:
|10.244.0.0/16||The cluster Pod CIDR|
|10.0.0.0/16||The cluster Service CIDR|
|addon-http-application-routing||The ingress class to be used by the Auth Service Ingress|
|The address where to access the API server|
|443||the port where to access the API server|
|The hostname where to access the Auth Service, the one exposed with the ingress, if it is not set the service will be exposed with a NodePort Service instead of an Ingress|
|443||The port where to access the Auth Service|
NOTE: if at cluster creation time you changed the default values, make sure to set the right ones.
apiServer.address con be found in our cluster overview as API server address
auth.ingress.host is where the Liqo Auth Service will be reachable, so we have to export some hostname that we
can manage. If you are using the AKS HTTP Application Routing, a DNS zone should be available so that you can create a subdomain
In the above screenshot, a viable hostname for the ingress would be
You can install Liqo using helm 3.
Firstly, you should add the official Liqo repository to your Helm Configuration:
helm repo add liqo https://helm.liqo.io/
If you are installing Liqo for the first time, you can download the default values.yaml file from the chart.
helm show values liqo/liqo > ./values.yaml
After modifying the
values.yaml file with the desired values, as described in the previous section, you can perform the Liqo installation by typing:
helm install liqo liqo/liqo -f ./values.yaml -n liqo --create-namespace
To make the Auth Service reachable without the needing of an Ingress and a Domain Name, you can change the
Service type from
LoadBalancer by setting the value
Wait that all Liqo pods are up and running
kubectl get pods -n liqo
You can get the cluster configurations from the Auth Service endpoint to check that this service has been correctly deployed
curl --insecure https://auth.f83c28d9ce1449b2bb45.westeurope.aksapp.io/ids
Congratulations! Liqo is now up and running on your AKS cluster, you can now peer with other Liqo instances!
The Auth Service URL is the only required value to make this cluster peerable from the external world.
You can add a
ForeignCluster resource in any other cluster where Liqo is installed to be able to join your cluster.
An example of this resource can be:
apiVersion: discovery.liqo.io/v1alpha1 kind: ForeignCluster metadata: name: my-aks-cluster spec: authUrl: "https://auth.f83c28d9ce1449b2bb45.westeurope.aksapp.io"
When the CR will be created the Liqo control plane will contact the URL shown in the step before with the curl command to retrieve all the required cluster information.