Google Kubernetes Engine (GKE) is a managed Kubernetes service available on the Google Cloud. The GKE environment consists of multiple machines (specifically, Compute Engine instances) grouped to form a cluster.
This guide will show you how to install Liqo on your GKE cluster. GKE clusters have by default an Internet-exposed API Service and can easily expose LoadBalancer services. As discussed in Scenarios section, those latter are the requirements to have a “public-exposed” cluster, which can be accessed by other Liqo instances.
Liqo may be installed on a newly created clusters or on existing ones.
The first step consists in accessing the Google Cloud Console in the Kubernetes Service.
Clicking on the Create
button, you can create a new cluster. In the new panel, you can select the desired name and a location for your cluster.
NOTE: So far, Liqo only supports Kubernetes >= 1.19.0 and clusters with a /16 pod CIDR. This parameter cannot be changed during the cluster’s lifecycle and should be carefully chosen at cluster creation.
GKE clusters are organized in node pools. A node pool is a “group of nodes within a cluster that all have the same configuration”.
New node pools can be replaced and created during the cluster lifecycle. To be compatible with Liqo, your nodes should:
NOTE: Liqo is fully compliant with Google Preemptible Nodes
Liqo does not require any other configurations to the cluster. You can click on the Create
button.
Google Cloud will take some minutes to deploy your cluster.
In order to install Liqo, we need to configure some values of the Helm chart related to the accessibility of the cluster and its internal configuration.
In particular, we have to set the following values:
Variable | Default | Description |
---|---|---|
networkManager.config.podCIDR | 10.124.0.0/14 | The cluster Pod CIDR |
networkManager.config.serviceCIDR | 10.0.0.0/20 | The cluster Service CIDR |
networkManager.config.GKEProvider | true | A boolean value used to tell liqo if it is running on GKE |
auth.ingress.class | <YOUR INGRESS CLASS> | The ingress class to be used by the Auth Service Ingress |
apiServer.address | The hostname where to access the API server | |
apiServer.port | 443 | the port where to access the API server |
auth.ingress.host | The hostname where to access the Auth Service, the one exposed with the ingress. If this parameter is not set, the service will be exposed with a NodePort Service instead of an Ingress | |
auth.ingress.port | 443 | the port where to access the Auth Service |
NOTE: if at install time you changed the default values make sure to set the right ones
The other values can be found in the Google Cloud Console.
The apiServer.address
con be found in our cluster details as Endpoint.
The auth.ingress.host
is where the Liqo Auth Service will be reachable. If you are using an Ingress, you can set here
a hostname that you can manage. Another possible solution is to expose it as a LoadBalancer
Service as described below.
You can install Liqo using helm 3.
Firstly, you should add the official Liqo repository to your Helm Configuration:
helm repo add liqo https://helm.liqo.io/
If you are installing Liqo for the first time, you can download the default values.yaml file from the chart.
helm show values liqo/liqo > ./values.yaml
After, modify the values.yaml
as specified above to obtain the desired configuration and install Liqo.
helm install liqo liqo/liqo -f ./values.yaml -n liqo --create-namespace
To make the Auth Service reachable without the needing of an Ingress and a Domain Name, you can change the auth-service
Service type from NodePort
to LoadBalancer
by setting the value .auth.service.type
to LoadBalancer
.
Wait that all Liqo pods and services are up and running
kubectl get pods -n liqo
kubectl get svc -n liqo
You can get the cluster configurations from the Auth Service endpoint to check that this service has been correctly deployed
curl --insecure https://34.71.59.19/ids
{"clusterId":"0558de48-097b-4b7d-ba04-6bd2a0f9d24f","clusterName":"LiqoCluster0692","guestNamespace":"liqo"}
Congratulations! Liqo is now up and running on your GKE cluster; you can now peer with other Liqo instances!
The Auth Service URL is the only required value to make this cluster peerable from the external world.
You can add a ForeignCluster
resource in any other cluster where Liqo is installed to be able to join your cluster.
An example of this resource can be:
apiVersion: discovery.liqo.io/v1alpha1
kind: ForeignCluster
metadata:
name: my-gke-cluster
spec:
authUrl: "https://34.71.59.19"
When the C.R. will be created the Liqo control plane will contact the URL shown in the step before with the curl command to retrieve all the required cluster information.