This question originally came up in our Slack community and the thread has been consolidated here for long-term reference.
Are there any workarounds to help host LiveKit on GKE/Kubernetes private clusters?
While it’s not impossible to use private clusters with an ALB, you’ll introduce much more configuration complexity and potential for networking failures.
SIP and WebRTC rely on session affinity and knowing the source IP address of the server. Private clusters add additional layers of NAT and networking to an already complex route, which may result in connection issues that are difficult to diagnose.
Recommended approach: Deploy a dedicated Kubernetes cluster solely for LiveKit, with node IP access and the required ports properly exposed. Use proper network segmentation and security practices since the nodes will be public:
- Restrict access on anything not needed for LiveKit services to run, including control plane APIs
- Ensure you have logging and monitoring enabled
This is the best way and the supported way to run LiveKit on Kubernetes.
Is this issue successfully resolved ? This issue is raised in January 2021 right ?
This question is based on an original question asked in Slack on 26th November 2025 (I can’t share it, because the Slack issues disappear after 3 months)
Although I used AI to help narrow down useful answers to questions, and then did a manual check after that, it’s quite possible that some incorrect summaries slipped through.
The original question was:
Hi are there any workarounds to help host Livekit on GKE/Kubernetes private clusters?
And the most useful answer given was:
While not impossible to use private clusters with an ALB, you introduce much more configuration complexity and potential for networking failures.\n\nSIP and WebRTC rely on session affinity and knowing the source IP address of server. Private clusters add additional layers of NAT and networking to an already complex route. The result is that you may end up fighting connection issues that are difficult to diagnose.\n\nAs USER mentioned, the best way and supported way is to use proper network segmentation and security practices since they are going to be public. Restrict access on anything not needed for LiveKit services to run including control plane APIs. Ensure you have logging and monitoring enabled too.
Thank you very much for the response gentleman, but I struck at the point “While not impossible” means someone should have done something similar in community. So is there any Guide/blog/document/steps to have this set up.
This is for self-hosted LiveKit.
Although we transitioned all the channels related to LiveKit cloud from Slack to this new community, I didn’t migrate over the Slack channel for self-hosting. You might get more luck asking over there, Join LiveKit Community on Slack
More context: Slack