docs: add compatibility matrix documentation

liqotech · Mar 7, 2025 · 26f0bd4 · 26f0bd4
1 parent 0860da2
commit 26f0bd4
Show file tree

Hide file tree

Showing 3 changed files with 82 additions and 12 deletions.
diff --git a/docs/_toc.yml b/docs/_toc.yml
@@ -7,6 +7,7 @@ subtrees:
   - caption: Installation
     entries:
       - file: installation/requirements.md
+      - file: installation/compatibility.md
       - file: installation/liqoctl.md
       - file: installation/install.md
       - file: installation/uninstall.md

diff --git a/docs/installation/compatibility.md b/docs/installation/compatibility.md
@@ -0,0 +1,53 @@
+# Compatibility Matrix
+
+This page provides information about Liqo's compatibility with different Kubernetes providers.
+
+```{admonition} Note
+While the following list includes providers that we have specifically tested, Liqo should work with any Kubernetes-compliant distribution, although some provider-specific configurations might be required.
+```
+
+## Legend
+
+- ✅ Fully supported - All features work as expected
+- 🟢 Mostly supported - Core features work well, with only minor limitations in specific scenarios
+- 🔵 Partial support - Some Liqo features are functional, but others may require specific configurations or have major limitations in certain use cases
+
+## Tested Provider Compatibility Table
+
+| Provider | Status | Known Issues |
+|----------|--------|--------------|
+| Kubeadm (Calico) | ✅ | No known issues |
+| Kubeadm (Cilium) | ✅ | No known issues |
+| Kubeadm (Cilium with kube-proxy replacement) | 🟢 | `NodePortExposition` and `LoadBalancerExposition` |
+| K3s | 🟢 | `RemoteExec` |
+| K0s | ✅ | No known issues |
+| AKS (Azure CNI Overlay) | 🟢 | `CrossClusterAPIServerInteraction` and `ExternalIPRemapping` |
+| AKS (Azure CNI (Legacy)) | 🟢 | `CrossClusterAPIServerInteraction` and `NodePortExposition` |
+| AKS (Kubenet) | 🟢 | `CrossClusterAPIServerInteraction` and `ExternalIPRemapping` |
+| EKS | 🟢 | `CrossClusterAPIServerInteraction` and `ExternalIPRemapping` |
+| GKE (Dataplane v1) | ✅ | No known issues |
+| GKE (Dataplane v2) | 🟢 | `NodePortExposition` and `LoadBalancerExposition` |
+| Aruba Cloud KaaS | ✅ | No known issues |
+| OpenShift | 🔵 | **Work in progress**: all Liqo functionalities except for the networking module work as expected. The team is actively working on adding full networking support. You can still use it by [disabling the Network Module](AdvancedUseOnlyOffloadingDisableModule). |
+| *Your K8s Distribution* | 🟢 | Liqo is designed to work with most Kubernetes-compliant distributions. Your provider is likely supported, but may require specific configurations. |
+
+### Help Us Improve
+
+Have you tested Liqo with a provider not listed here?
+We'd love to hear about your experience!
+Join our [Slack community](https://liqo-io.slack.com/join/shared_invite/zt-h20212gg-g24YvN6MKiD9bacFeqZttQ) and share your test results.
+Your feedback helps us improve Liqo's compatibility across different environments.
+
+## Issues Reference
+
+The following issues are known to affect the compatibility of Liqo with different Kubernetes providers:
+
+- `CrossClusterAPIServerInteraction`: The ability of offloaded pods to properly interact with the Kubernetes API server of the home cluster. This ensures that applications running in remote clusters can still access and manipulate Kubernetes resources (such as ConfigMaps, Secrets, or other custom resources) in their original cluster. Limitations in this area may impact applications that rely on the Kubernetes API for normal operation. See [here](../advanced/kubernetes-api.md) for more details.
+
+- `RemoteExec`: The capability to execute commands in pods that have been offloaded to remote clusters, using `kubectl exec`. This feature is important for debugging, troubleshooting, and administrative tasks on pods running in remote clusters. When limited, administrators may face challenges in directly interacting with offloaded workloads.
+
+- `NodePortExposition`: The ability to make services accessible through NodePort when those services target pods that have been offloaded to remote clusters. This ensures that network traffic addressed to NodePort services in the home cluster is properly routed to the correct pods, even when those pods are running in remote clusters. Limitations here may affect external access to applications.
+
+- `LoadBalancerExposition`: The capability to expose services via LoadBalancer type when those services target pods running in remote clusters. This ensures that cloud provider load balancers can properly distribute traffic to offloaded pods. When this feature has limitations, it may impact the ability to use cloud load balancers with offloaded workloads.
+
+- `ExternalIPRemapping`: The ability to make external IPs (outside of the Kubernetes cluster network) accessible to pods running in remote clusters. This involves translating IP addresses between clusters with potentially overlapping network ranges, ensuring that pods in one cluster can access external resources that are only directly reachable from another cluster. Limitations here may affect connectivity to external services or resources. See [here](../advanced/external-ip-remapping.md) for more details.
diff --git a/docs/installation/install.md b/docs/installation/install.md
@@ -49,9 +49,17 @@ Alternatively, you can manually specify a desired id with the `--cluster-id` fla
 
 ````{tab-item} AKS
 
+```{warning}
+Liqo does NOT support:
+
+* Cross-cluster API server interaction
+* NodePort exposition **only on Azure CNI (Legacy)**
+* External IP remapping **only on Azure CNI Overlay and Kubenet**
+```
+
 **Supported CNIs**
 
-Liqo supports AKS clusters using the following CNIs: [Azure AKS - Kubenet](https://learn.microsoft.com/en-us/azure/aks/configure-kubenet) and [Azure AKS - Azure CNI](https://learn.microsoft.com/en-us/azure/aks/configure-azure-cni).
+Liqo supports AKS clusters using the following CNIs: [Azure AKS - Kubenet](https://learn.microsoft.com/en-us/azure/aks/configure-kubenet), [Azure AKS - Azure CNI Overlay](https://learn.microsoft.com/en-us/azure/aks/azure-cni-overlay?tabs=kubectl) and [Azure AKS - Azure CNI (Legacy)](https://learn.microsoft.com/en-us/azure/aks/configure-azure-cni).
 
 **Configuration**
 
@@ -104,6 +112,13 @@ correct Resource Group name where the Virtual Network Resource is located.
 
 ````{tab-item} EKS
 
+```{warning}
+Liqo does NOT support:
+
+* Cross-cluster API server interaction
+* External IP remapping
+```
+
 ```{admonition} Note
 If you are planning to use an EKS cluster as [network server](/advanced/peering/inter-cluster-network), you need to install the [AWS Load Balancer V2 Controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.8/) on the EKS cluster.
 ```
@@ -193,18 +208,19 @@ Alternatively, you can manually set a different id with the `--cluster-id` *liqo
 
 ````{tab-item} GKE
 
-**Supported CNIs**
-
-Liqo supports GKE clusters using the default CNI: [Google GKE - VPC-Native](https://cloud.google.com/kubernetes-engine/docs/how-to/alias-ips).
-
 ```{warning}
 Liqo does NOT support:
 
 * GKE Autopilot Clusters
-* Intranode visibility: make sure this option is disabled or use the `--no-enable-intra-node-visibility` flag.
-* Accessing offloaded pods from NodePort/LoadBalancer services [**only on Dataplane V2**].
+* Intranode visibility: make sure this option is disabled or use the `--no-enable-intra-node-visibility` flag
+* NodePort exposition **only on Dataplane V2**
+* LoadBalancer exposition **only on Dataplane V2**
 ```
 
+**Supported CNIs**
+
+Liqo supports GKE clusters using [Dataplane V1](https://cloud.google.com/kubernetes-engine/docs/concepts/network-overview) and [Dataplane V2](https://cloud.google.com/kubernetes-engine/docs/concepts/dataplane-v2).
+
 **Configuration**
 
 To install Liqo on GKE, you should create a service account for *liqoctl*, granting the read rights for the GKE clusters (you may reduce the scope to a specific cluster if you prefer).
@@ -298,17 +314,17 @@ Alternatively, you can manually set a different id with the `--cluster-id` *liqo
 
 ````{tab-item} K3s
 
-```{admonition} Note
-By default, the K3s installer stores the kubeconfig to access your cluster in the non-standard path `/etc/rancher/k3s/k3s.yaml`.
-Make sure to properly refer to it when using *liqoctl* (e.g., setting the `KUBECONFIG` variable), and that the current user has permissions to read it.
-```
-
 ```{warning}
 - Due to an issue with K3s certificates, the `kubectl exec' command doesn't work properly when used on a pod scheduled on a virtual node.
 - Due to an issue with the [nftables golang library](https://github.com/google/nftables) and the pod running in *host network* in K3s, the firewall monitoring feature is disabled by default.
 This means that the firewall rules on the node will not be monitored and enforced by Liqo. If these rules are deleted or changed, Liqo won't restore them.
 ```
 
+```{admonition} Note
+By default, the K3s installer stores the kubeconfig to access your cluster in the non-standard path `/etc/rancher/k3s/k3s.yaml`.
+Make sure to properly refer to it when using *liqoctl* (e.g., setting the `KUBECONFIG` variable), and that the current user has permissions to read it.
+```
+
 **Installation**
 
 Liqo can be installed on a K3s cluster with the following command: