liqotech · fra98 · Mar 20, 2026 · Apr 9, 2026
diff --git a/apis/networking/v1beta1/gatewayserver_types.go b/apis/networking/v1beta1/gatewayserver_types.go
@@ -63,6 +63,14 @@ type GatewayServerSpec struct {
 	// SecretRef specifies the reference to the secret containing configurations.
 	// Leave it empty to let the operator create a new secret.
 	SecretRef corev1.LocalObjectReference `json:"secretRef,omitempty"`
+	// ServiceAnnotations specifies custom annotations to be added to the service created by the gateway server.
+	// These annotations take precedence over any annotations defined in the server template.
+	// +optional
+	ServiceAnnotations map[string]string `json:"serviceAnnotations,omitempty"`
+	// ServiceLabels specifies custom labels to be added to the service created by the gateway server.
+	// These labels take precedence over any labels defined in the server template.
+	// +optional
+	ServiceLabels map[string]string `json:"serviceLabels,omitempty"`
 }
 
 // EndpointStatus defines the observed state of the endpoint.

diff --git a/deployments/liqo/charts/liqo-crds/crds/networking.liqo.io_gatewayservers.yaml b/deployments/liqo/charts/liqo-crds/crds/networking.liqo.io_gatewayservers.yaml
@@ -164,6 +164,20 @@ spec:
                     type: string
                 type: object
                 x-kubernetes-map-type: atomic
+              serviceAnnotations:
+                additionalProperties:
+                  type: string
+                description: |-
+                  ServiceAnnotations specifies custom annotations to be added to the service created by the gateway server.
+                  These annotations take precedence over any annotations defined in the server template.
+                type: object
+              serviceLabels:
+                additionalProperties:
+                  type: string
+                description: |-
+                  ServiceLabels specifies custom labels to be added to the service created by the gateway server.
+                  These labels take precedence over any labels defined in the server template.
+                type: object
             type: object
           status:
             description: GatewayServerStatus defines the observed state of GatewayServer.

diff --git a/deployments/liqo/templates/liqo-wireguard-gateway-server-template-eks.yaml b/deployments/liqo/templates/liqo-wireguard-gateway-server-template-eks.yaml
diff --git a/deployments/liqo/templates/liqo-wireguard-gateway-server-template.yaml b/deployments/liqo/templates/liqo-wireguard-gateway-server-template.yaml
@@ -3,7 +3,7 @@
 {{- $wireguardConfig := (merge (dict "name" "gateway-wireguard" "module" "networking" "version" .Values.networking.gatewayTemplates.container.wireguard.image.version) .) -}}
 {{- $geneveConfig := (merge (dict "name" "gateway-geneve" "module" "networking" "version" .Values.networking.gatewayTemplates.container.geneve.image.version) .) -}}
 
-{{- if and .Values.networking.enabled (not .Values.authentication.awsConfig.accessKeyId) }}
+{{- if .Values.networking.enabled }}
 
 apiVersion: networking.liqo.io/v1beta1
 kind: WgGatewayServerTemplate

diff --git a/docs/installation/install.md b/docs/installation/install.md
@@ -120,7 +120,10 @@ Liqo does NOT support:
 ```
 
 ```{admonition} Note
-If you are planning to use an EKS cluster as [network server](/advanced/peering/inter-cluster-network), you need to install the [AWS Load Balancer V2 Controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.8/) on the EKS cluster.
+If you are planning to use an EKS cluster as [network server](/advanced/peering/inter-cluster-network), it is highly recommended to install the [AWS Load Balancer V2 Controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.8/) on the EKS cluster.
+If you cannot install it and you plan to use the legacy in-tree AWS Load Balancer, make sure to pass the following annotations to the gateway service through the `networking.gatewayTemplates.server.service.annotations` helm value or using the Gatewayserver CR under `.spec.serviceAnnotations`:
+- `service.beta.kubernetes.io/aws-load-balancer-type: "nlb"`
+- `service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled`: "true"
 ```
 
 **Supported CNIs**

diff --git a/pkg/liqo-controller-manager/networking/external-network/server-operator/server_controller.go b/pkg/liqo-controller-manager/networking/external-network/server-operator/server_controller.go
@@ -240,6 +240,11 @@ func (r *ServerReconciler) EnsureGatewayServer(ctx context.Context, gwServer *ne
 		if err != nil {
 			return fmt.Errorf("unable to render the template spec: %w", err)
 		}
+
+		// Merge custom service annotations and labels from GatewayServer into the rendered spec.
+		mergeServiceMetadataField(spec, "annotations", gwServer.Spec.ServiceAnnotations)
+		mergeServiceMetadataField(spec, "labels", gwServer.Spec.ServiceLabels)
+
 		objChild.Object["spec"] = spec
 		return nil
 	})
@@ -294,3 +299,33 @@ func (r *ServerReconciler) SetupWithManager(mgr ctrl.Manager) error {
 		For(&networkingv1beta1.GatewayServer{}).
 		Complete(r)
 }
+
+// mergeServiceMetadataField merges the given key-value pairs into spec.service.metadata.<field>.
+// Provided values take precedence over existing ones in the spec.
+func mergeServiceMetadataField(spec interface{}, field string, values map[string]string) {
+	if len(values) == 0 {
+		return
+	}
+	specMap, ok := spec.(map[string]interface{})
+	if !ok {
+		return
+	}
+	svc, _ := specMap["service"].(map[string]interface{})
+	if svc == nil {
+		svc = map[string]interface{}{}
+		specMap["service"] = svc
+	}
+	meta, _ := svc["metadata"].(map[string]interface{})
+	if meta == nil {
+		meta = map[string]interface{}{}
+		svc["metadata"] = meta
+	}
+	existing, _ := meta[field].(map[string]interface{})
+	if existing == nil {
+		existing = map[string]interface{}{}
+	}
+	for k, v := range values {
+		existing[k] = v
+	}
+	meta[field] = existing
+}