Scenarios

Introduction

Liqo can be installed either in private or local clusters. Its configuration depends on the type of connectivity between the two clusters.

Peering Requirements

Liqo relies on the following services to perform cluster peerings:

  • Authentication server: Liqo authentication endpoint.
  • API server: The API Server of Kubernetes
  • VPN gateway: Liqo Network endpoint

Those services have to be accessible from the other clusters to peer with them. This may change the way you would like to have them exposed. Below it is possible to find some common scenarios that Liqo can handle. Once you identify yours, you can go ahead to the install section to find the installation instruction for your distribution.

Cloud to cloud

Two managed clusters peered together through the internet. It is possible to have a multi-cloud setup (AKS to AKS, GKE to GKE, and AKS to GKE).

Cluster A (Cloud)Cluster B (Cloud)
Auth ServerLoadBalancer/ingressLoadBalancer/ingress
API serverProvidedProvided
VPN gatewayLoadBalancerLoadBalancer

On-premise to cloud

On-premise cluster (K3s or K8s) exposed through the Internet peered with a Managed cluster (AKS or GKE).

Cluster A (On-prem)Cluster B (Cloud)
Auth ServerLoadBalancer/ingressLoadBalancer/ingress
API serverIngress/Public IPProvided
VPN gatewayLoadBalancerLoadBalancer

On-premise to on-premise

On-premise cluster (K3s or K8s) peered with another on-premise cluster (K3s or K8s) in the same LAN. From the discovery perspective, if the clusters you would like to connect are in the same L2 broadcast domain, the Liqo discovery mechanism based on mDNS will handle the discovery automatically. If you have your clusters in different L3 domains, you have to manually create a foreign_cluster resource or rely on DNS discovery.

Cluster A (On-prem)Cluster B (On-prem)
Auth ServerNodePortNodePort
API serverExposedExposed
VPN gatewayNodePortNodePort

On-premise behind NAT to cloud

On-premise cluster (K3s or K8s) exposed through a NAT over the Internet peered with a managed cluster (AKS or GKE).

Cluster A (On-prem behind NAT)Cluster B (Cloud)
Auth ServerNodePort with port-forwardingLoadBalancer/ingress
API serverPort-forwardingProvided
VPN gatewayNodePort with port-forwardingLoadBalancer