K
Q

UDP load balancing on Kubernetes ( AKS )

10/13/2020

Currently I am using helm chart of kubernetes nginx ingress to configure the UDP listener . Here are my helm chart files config -

I have added - udp-services-configmap: $(POD_NAMESPACE)/nginx-ingress-udp as part of extra arguments.

here is my helm values file - 

## nginx configuration
## Ref: https://github.com/kubernetes/ingress-nginx/blob/master/controllers/nginx/configuration.md
##
controller:
  image:
    repository: k8s.gcr.io/ingress-nginx/controller
    tag: "v0.40.2"
    digest: sha256:46ba23c3fbaafd9e5bd01ea85b2f921d9f2217be082580edc22e6c704a83f02f
    pullPolicy: IfNotPresent
    runAsUser: 101
    allowPrivilegeEscalation: true

  # Configures the ports the nginx-controller listens on
  containerPort:
    http: 80
    https: 443
    udp: 9012 
  dnsPolicy: ClusterFirst
  reportNodeInternalIp: false
  hostNetwork: false
  hostPort:
    enabled: true
    ports:
      udp: 9012
      # http: 80
      # https: 443
  electionID: ingress-controller-leader
  ingressClass: nginx
  publishService:
    enabled: true
    pathOverride: ""
  scope:
    enabled: false
    namespace: ""   # defaults to .Release.Namespace
  configMapNamespace: ""   # defaults to .Release.Namespace
  tcp:
    configMapNamespace: ""   # defaults to .Release.Namespace
    annotations: {}
  udp:
    configMapNamespace: ""   # defaults to .Release.Namespace
    annotations: {}
  extraArgs: 
    udp-services-configmap: $(POD_NAMESPACE)/nginx-ingress-udp
  extraEnvs: []
  kind: Deployment
  annotations: {}
  updateStrategy:
   rollingUpdate:
     maxUnavailable: 1
   type: RollingUpdate
  minReadySeconds: 0
  nodeSelector:
    kubernetes.io/os: linux
  livenessProbe:
    failureThreshold: 5
    initialDelaySeconds: 10
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 1
    port: 10254
  readinessProbe:
    failureThreshold: 3
    initialDelaySeconds: 10
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 1
    port: 10254
  healthCheckPath: "/healthz"
  podAnnotations: {}
  replicaCount: 1
  minAvailable: 1
  resources:
    requests:
      cpu: 100m
      memory: 90Mi
  autoscaling:
    enabled: false
    minReplicas: 1
    maxReplicas: 11
    targetCPUUtilizationPercentage: 50
    targetMemoryUtilizationPercentage: 50
  autoscalingTemplate: []
  enableMimalloc: true
  customTemplate:
    configMapName: ""
    configMapKey: ""

  service:
    enabled: true
    annotations: {}
    labels: {}
    externalIPs: []
    loadBalancerSourceRanges: []
    enableHttp: true
    enableHttps: true
    ports:
      http: 80
      https: 443
      udp: 9012
    targetPorts:
      http: http
      https: https
      udp: 9012
    type: LoadBalancer
    nodePorts:
      http: ""
      https: ""
      tcp: {}
      udp: {}
    internal:
      enabled: false
      annotations: {}
  extraContainers: []
  extraVolumeMounts: []
  extraVolumes: []
  extraInitContainers: []
  admissionWebhooks:
    annotations: {}
    enabled: true
    failurePolicy: Fail
    port: 8443
    certificate: "/usr/local/certificates/cert"
    key: "/usr/local/certificates/key"
    namespaceSelector: {}
    objectSelector: {}
    service:
      annotations: {}
      externalIPs: []
      loadBalancerSourceRanges: []
      servicePort: 443
      type: ClusterIP
    patch:
      enabled: true
      image:
        repository: docker.io/jettech/kube-webhook-certgen
        tag: v1.3.0
        pullPolicy: IfNotPresent
      priorityClassName: ""
      podAnnotations: {}
      nodeSelector: {}
      tolerations: []
      runAsUser: 2000
tcp: {}
udp: {}

So also I have added the configmap - 

apiVersion: v1
kind: ConfigMap
metadata:
  name: nginx-ingress-udp
  namespace: ingress-nginx
data:
  9012: "services/service-listener:9012"

So the outcome is here is the ingress service -

Now that I trying to get the service here are two problems - 

NAME                                             TYPE           CLUSTER-IP     EXTERNAL-IP    PORT(S)                      AGE
iot-ingress-ingress-nginx-controller             LoadBalancer   10.0.209.232   150.22.44.23   80:31694/TCP,443:30330/TCP   5h42m
  1. I do not see the exposed 9012 port as UDP .
  2. How am I supposed to invoke by load balancer ip for the UDP . Say if I want to connect to the port 9012 by the load balancer IP 150.22.44.23 ?

  3. IS it at all necessary we have to use hostport/hostnetwork afterall ? I am not sure please guide . My end goal is #2

I am using AKS btw .

-- Joy
kubernetes
nginx
nginx-ingress
udp

Similar Questions

Kubernetes PHP NGINX Pods Intercommunication
Migrate from Deployment to StatefulSet without losing persistent volume access
K8S Resource Requests and Limits = Are not used request percentages temporarily given to other pods or do they lead to idle status?
Cannot reach resource through ingress on GKE
Automatic deployment of server plugin updates

1 Answer

10/14/2020

According to nginx documentation after creating a configmap for UDP Load Balancing you have to create a service that will expose those ports for the ingress.

You can do it by following official guide, example:

apiVersion: v1
kind: Service
metadata:
  name: ingress-nginx
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
spec:
  type: LoadBalancer
  ports:
    - name: proxied-tcp-9012
      port: 9012
      targetPort: 9012
      protocol: UDP
  selector:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx

And the output will be similar to this:

$kubectl get svc | grep ingress-nginx
NAME                                   TYPE           CLUSTER-IP    EXTERNAL-IP      PORT(S)
ingress-nginx                          LoadBalancer   10.0.0.237    12.345.67.89    9012:32291/UDP
-- kool
Source: StackOverflow