-
Notifications
You must be signed in to change notification settings - Fork 103
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
9 changed files
with
103 additions
and
82 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,78 @@ | ||
--- | ||
title: Pre-Install | ||
weight: 2 | ||
--- | ||
|
||
### Introduction | ||
|
||
Liqo can be installed either in private or local clusters. Its configuration depends on the type of connectivity between the two clusters. Before installing Liqo, you have to consider how your clusters can connect to each other and can peer together. | ||
|
||
### Peering Requirements | ||
|
||
Liqo requires the following services to be reciprocally accessible on both clusters in order to be able to start the cluster peering: | ||
|
||
* **Authentication server**: Liqo service, used to authenticate incoming peering requests coming from other clusters (i.e., `liqo-auth`). To configure the authentication, you should modify the values in section ``auth`` in the [Liqo chart values](./chart_values). | ||
* **Kubernetes API server**: Kubernetes APIServer, where the (remote) Liqo instance will create some new resources when the peering process starts. APIServer can be configure in the ``apiServer`` section of the [Liqo chart values](./chart_values). By default, Liqo will use an endpoint composed by the IP of the first master and the 6443 port. In managed clusters, you have to mandatorily configure those values to have Liqo working correctly. | ||
* **Network gateway**: Liqo service responsible for setting up the inter-cluster connectivity between clusters (i.e., `liqo-gateway`). The Liqo Gateway is configured in the ``gateway`` section of the [Liqo chart values](./chart_values). | ||
|
||
Depending on the physical setup of your cluster, you need to properly configure some parameters required by Liqo during the install process in order to enable remote clusters to contact the above services. Below we present some common scenarios that Liqo can handle. Once you identify yours, you can go have to the *table* of each section to find the right values you should specify when installing Liqo using the chart. | ||
|
||
The following parameters can be configured at installation time using the [Liqo Helm Chart](./chart_values) and updated by issuing an ``helm update``, after having changed them in your values.yml. If you need more information about Helm and how charts can be configured, you can have a look to the [Helm official documentation](https://helm.sh/docs/). Pay attention that changing exposition parameters may affect and break active peerings. We suggest to disable all peerings before changing the way a cluster is exposed. | ||
|
||
### Cloud to cloud | ||
|
||
![](/images/scenarios/cloud-to-cloud.svg) | ||
|
||
Two managed clusters peered together through the internet. It is possible to have a multi-cloud setup (AKS to AKS, GKE to GKE, and AKS to GKE). In this scenario, the services to exposes should be exposed using Public IPs/URLs. | ||
|
||
| | Cluster A (Cloud) | Cluster B (Cloud) | | ||
| --------- | -------- | --------- | | | ||
| **Auth Server** | LoadBalancer/ingress | LoadBalancer/Ingress | | ||
| **API server** | Provided | Provided | | ||
| **Network gateway** | LoadBalancer/Node Port | LoadBalancer/Node Port | | ||
|
||
Considering the Network Gateway, at least one among Cluster A and Cluster B should have the **Network Gateway** IP accessible from the other one (e.g.; Public IP). | ||
|
||
### On-premise to cloud | ||
|
||
![](/images/scenarios/on-prem-to-cloud.svg) | ||
|
||
On-premise cluster (K3s or K8s) exposed through the Internet peered with a Managed cluster (AKS or GKE). | ||
|
||
| | Cluster A (On-prem) | Cluster B (Cloud) | | ||
| --------- | -------- | --------- | | ||
| **Auth Server** | LoadBalancer/Ingress | LoadBalancer/Ingress | | ||
| **API server** | Ingress/Public IP | Provided | | ||
| **Network gateway** | LoadBalancer/Node Port | LoadBalancer/Node Port | | ||
|
||
Clusters API Server should be mutually accessible and so should be for the Auth Service. | ||
Considering the Network Gateway, at least one among Cluster A and Cluster B should have the **Network Gateway** IP accessible from the other one (e.g.; Public IP). If you configure the Auth service as Ingress, you should pay attention to disable TLS on the service or, more safely, to configure your Ingress Controller to support a TLS backend. | ||
|
||
#### On-premise behind NAT to cloud | ||
|
||
![](/images/scenarios/on-prem-nat-to-cloud.svg) | ||
|
||
When the On-premise cluster is exposed through a NAT, the configuration slightly changes: | ||
|
||
| | Cluster A (On-prem behind NAT) | Cluster B (Cloud) | | ||
| --------- | -------- | --------- | | ||
| **Auth Server** | NodePort with port-forwarding | LoadBalancer/ingress | | ||
| **API server** | Port-forwarding | Provided | | ||
| **Network gateway** | NodePort with port-forwarding | LoadBalancer | | ||
|
||
In this situation, the "cloud" cluster should have the Network Gateway exposed as a **LoadBalancer**. A couple of port-forwardings should be also configured for the Auth Server and K8s API Server to make them accessible from the Cloud B. | ||
|
||
### Clusters in the same LAN | ||
|
||
![](/images/scenarios/on-prem-to-on-prem.svg) | ||
|
||
Clusters (K3s or K8s) in the same LAN may rely on the mDNS-based Liqo discovery mechanism. | ||
In fact, the Liqo discovery mechanism based on mDNS will handle the discovery automatically. If you have your clusters in different L3 domains, you have to manually [create](/user/post-install/discovery#forging-the-foreigncluster) a *foreign_cluster* resource or rely on [DNS discovery](/user/post-install/discovery#manual-configuration). | ||
|
||
| | Cluster A (On-prem) | Cluster B (On-prem) | | ||
| --------- | -------- | --------- | | ||
| **Auth Server** | NodePort | NodePort | | ||
| **API server** | Exposed | Exposed | | ||
| **Network gateway** | NodePort | NodePort | | ||
|
||
This configuration is provided using the standard values of the Liqo chart. |
This file was deleted.
Oops, something went wrong.