Scenarios
Introduction
Liqo can be installed either in private or local clusters. Its configuration depends on the type of connectivity between the two clusters.
Peering Requirements
Liqo relies on the following services to perform cluster peerings:
- Authentication server: Liqo authentication endpoint.
- API server: The API Server of Kubernetes
- VPN gateway: Liqo Network endpoint
Those services have to be accessible from the other clusters to peer with them. This may change the way you would like to have them exposed. Below it is possible to find some common scenarios that Liqo can handle. Once you identify yours, you can go ahead to the install section to find the installation instruction for your distribution.
Cloud to cloud
Two managed clusters peered together through the internet. It is possible to have a multi-cloud setup (AKS to AKS, GKE to GKE, and AKS to GKE).
| Cluster A (Cloud) | Cluster B (Cloud) | |
|---|---|---|
| Auth Server | LoadBalancer/ingress | LoadBalancer/ingress |
| API server | Provided | Provided |
| VPN gateway | LoadBalancer | LoadBalancer |
On-premise to cloud
On-premise cluster (K3s or K8s) exposed through the Internet peered with a Managed cluster (AKS or GKE).
| Cluster A (On-prem) | Cluster B (Cloud) | |
|---|---|---|
| Auth Server | LoadBalancer/ingress | LoadBalancer/ingress |
| API server | Ingress/Public IP | Provided |
| VPN gateway | LoadBalancer | LoadBalancer |
On-premise to on-premise
On-premise cluster (K3s or K8s) peered with another on-premise cluster (K3s or K8s) in the same LAN. From the discovery perspective, if the clusters you would like to connect are in the same L2 broadcast domain, the Liqo discovery mechanism based on mDNS will handle the discovery automatically. If you have your clusters in different L3 domains, you have to manually create a foreign_cluster resource or rely on DNS discovery.
| Cluster A (On-prem) | Cluster B (On-prem) | |
|---|---|---|
| Auth Server | NodePort | NodePort |
| API server | Exposed | Exposed |
| VPN gateway | NodePort | NodePort |
On-premise behind NAT to cloud
On-premise cluster (K3s or K8s) exposed through a NAT over the Internet peered with a managed cluster (AKS or GKE).
| Cluster A (On-prem behind NAT) | Cluster B (Cloud) | |
|---|---|---|
| Auth Server | NodePort with port-forwarding | LoadBalancer/ingress |
| API server | Port-forwarding | Provided |
| VPN gateway | NodePort with port-forwarding | LoadBalancer |