Using a static IP for both ingress/egress in Kubernetes

3/19/2019

I have a program which I'm trying to run in a Kubernetes cluster. The program is a server that speaks a non-standard UDP-based protocol. The protocol mostly consists of short request/reply pairs, similar to DNS. One major difference from DNS is that both the "server" and the "clients" can send requests, ie. the communication can be initiated by either party.

The clients are embedded devices configured with the server's IP address. The clients send their requests to this IP. They also check that incoming messages originate from this IP, discarding messages from other IPs.

My question is how I can use Kubernetes to set up the server such that

  1. The server accepts incoming UDP messages on a specific IP.
  2. Real client source IPs are seen by the server.
  3. Any replies (or other messages) the servers sends have that same IP as their source (so that the clients will accept them).

One thing I have tried that doesn't work is to set up a Service with type: LoadBalancer and externalTrafficPolicy: Local (the latter to preserve source IPs for requirement 2). This setup fulfills requirements 1 and 2 above, but since outbound messages don't pass through the load balancer, their source IP is that of whatever node the pod containing the server is running on.

I'm running Kubernetes on Google Cloud Platform (GKE).

-- Viktor Dahl
google-cloud-platform
google-kubernetes-engine
kubernetes
nat
udp

1 Answer

3/19/2019

Please verify solution as described in:
1. Kubernetes..,
c) Source IP for Services with Type=LoadBalancer
- expose deployment as: --type=LoadBalancer
- set service.spec.externalTrafficPolicy: '{"spec":{"externalTrafficPolicy":"Local"}}'

Using the image as described in the example "echoserver" is returning my public address.

-- Hanx
Source: StackOverflow