GKE

About GKE

Google Kubernetes Engine (GKE) is a managed Kubernetes service available on the Google Cloud. The GKE environment consists of multiple machines (specifically, Compute Engine instances) grouped to form a cluster.

Scenarios

This guide will show you how to install Liqo on your GKE cluster. GKE clusters have by default an Internet-exposed API Service and can easily expose LoadBalancer services. As discussed in Scenarios section, those latter are the requirements to have a “public-exposed” cluster, which can be accessed by other Liqo instances.

Liqo may be installed on a newly created clusters or on existing ones.

Create a Liqo-compliant GKE Cluster

Requirements

Access the Google Cloud Console

The first step consists in accessing the Google Cloud Console in the Kubernetes Service.

Clicking on the Create button, you can create a new cluster. In the new panel, you can select the desired name and a location for your cluster.

NOTE: So far, Liqo only supports Kubernetes >= 1.19.0 and clusters with a /16 pod CIDR. This parameter cannot be changed during the cluster’s lifecycle and should be carefully chosen at cluster creation.

Set the Node Pool

GKE clusters are organized in node pools. A node pool is a “group of nodes within a cluster that all have the same configuration”.

New node pools can be replaced and created during the cluster lifecycle. To be compatible with Liqo, your nodes should:

NOTE: Liqo is fully compliant with Google Preemptible Nodes

Liqo does not require any other configurations to the cluster. You can click on the Create button.

Google Cloud will take some minutes to deploy your cluster.

Deploy Liqo

Installation with Helm

Values setting

In order to install Liqo, we need to configure some values of the Helm chart related to the accessibility of the cluster and its internal configuration.

In particular, we have to set the following values:

VariableDefaultDescription
networkManager.config.podCIDR10.124.0.0/14The cluster Pod CIDR
networkManager.config.serviceCIDR10.0.0.0/20The cluster Service CIDR
networkManager.config.GKEProvidertrueA boolean value used to tell liqo if it is running on GKE
auth.ingress.class<YOUR INGRESS CLASS>The ingress class to be used by the Auth Service Ingress
apiServer.addressThe hostname where to access the API server
apiServer.port443the port where to access the API server
auth.ingress.hostThe hostname where to access the Auth Service, the one exposed with the ingress. If this parameter is not set, the service will be exposed with a NodePort Service instead of an Ingress
auth.ingress.port443the port where to access the Auth Service

NOTE: if at install time you changed the default values make sure to set the right ones

The other values can be found in the Google Cloud Console.

The apiServer.address con be found in our cluster details as Endpoint.

The auth.ingress.host is where the Liqo Auth Service will be reachable. If you are using an Ingress, you can set here a hostname that you can manage. Another possible solution is to expose it as a LoadBalancer Service as described below.

Deploy

You can install Liqo using helm 3.

Firstly, you should add the official Liqo repository to your Helm Configuration:

helm repo add liqo https://helm.liqo.io/

If you are installing Liqo for the first time, you can download the default values.yaml file from the chart.

helm show values liqo/liqo > ./values.yaml

After, modify the values.yaml as specified above to obtain the desired configuration and install Liqo.

helm install liqo liqo/liqo -f ./values.yaml -n liqo --create-namespace

Expose the Auth Service with a LoadBalancer Service

To make the Auth Service reachable without the needing of an Ingress and a Domain Name, you can change the auth-service Service type from NodePort to LoadBalancer by setting the value .auth.service.type to LoadBalancer.

Check that Liqo is Running

Wait that all Liqo pods and services are up and running

kubectl get pods -n liqo
kubectl get svc -n liqo

Access the cluster configurations

You can get the cluster configurations from the Auth Service endpoint to check that this service has been correctly deployed

curl --insecure https://34.71.59.19/ids
{"clusterId":"0558de48-097b-4b7d-ba04-6bd2a0f9d24f","clusterName":"LiqoCluster0692","guestNamespace":"liqo"}

Congratulations! Liqo is now up and running on your GKE cluster; you can now peer with other Liqo instances!

Establish a Peering

The Auth Service URL is the only required value to make this cluster peerable from the external world.

You can add a ForeignCluster resource in any other cluster where Liqo is installed to be able to join your cluster.

An example of this resource can be:

apiVersion: discovery.liqo.io/v1alpha1
kind: ForeignCluster
metadata:
  name: my-gke-cluster
spec:
  authUrl: "https://34.71.59.19"

When the C.R. will be created the Liqo control plane will contact the URL shown in the step before with the curl command to retrieve all the required cluster information.