How to change the subnet Liqo can use for cross-clsuter VPN tunnels in HA mode ?

[IceManGreen]

Hello everyone,

I try to achieve a usecase in which I want to install Liqo's Gateways on a different subnet than the Kubernetes control-plane with HA mode.

Indeed, I separate two subnets for different purposes :

• A control plane for administration tasks in 172.16.100.0/24 and inter-node communications.
• A data plane for applications communications in 172.16.110.0/24 and cross-cluster communications.

Communications are not allowed between these 2 subnets so machines on the control plane cannot communicate with machines on the data plane.

In this context, I deployed 2 K3S clusters :

• domain-1 with 3 nodes
  • d1n1 in 172.16.100.93 (control-plane) and 172.16.110.93 (data plane)
  • d1n2 in 172.16.100.94 (control-plane) and 172.16.110.94 (data plane)
  • d1n3 in 172.16.100.95 (control-plane) and 172.16.110.95 (data plane)
• domain-2 with 3 nodes
  • d2n1 in 172.16.100.87 (control-plane) and 172.16.110.87 (data plane)
  • d2n2 in 172.16.100.88 (control-plane) and 172.16.110.88 (data plane)
  • d2n3 in 172.16.100.89 (control-plane) and 172.16.110.89 (data plane)

Each K3S control plane (server) is installed on 172.16.100.0/24 (control plane), so the APIs are addressed on this subnet.
But the thing is that I want Liqo to establish the cross-cluster VPN tunnels on 172.16.110.0/24 (data-plane).

But I encounter 2 main difficulties :

1. A basic installation like liqoctl install k3s --api-server-url https://172.16.100.93:6443 --enable-ha installs the gateway pods on 172.16.100.0/24 and this is not what I want. Is there a possibility to install the pods on a different IPv4 ? Or interface ?
2. I tried the load balancer mode, using MetalLB, with liqoctl install k3s --api-server-url https://172.16.100.93:6443 --set "gateway.service.type=LoadBalancer" --enable-ha and a service is properly created on 172.16.110.0/24 and point to the Liqo gateway pods on 172.16.100.0/24. But the problem is that if the node hosting the IP configured for the load balancer fails, even if the Liqo gateway pod can migrate from a worker node that failed to another, the load balancer service is not changing the IP dynamically to another node's IP that has not failed. Is there a way to ensure the Liqo HA mode while choosing the IPv4 used for cross-cluster VPN tunnels ?

Thanks everyone !