cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

UDP on Kyma Environment

aarondiel
Discoverer

on ‎03-14-2024 7:31 AM

0 Kudos

Is it possible to route UDP datagrams into a kubernetes kluster runnig Kyma?

I have tried a variety of different approaches to deploy a UDP server on the BTP, but haven't found a valid solution.

Here is a yaml file that roughly shows what I was trying to do:

apiVersion: v1
kind: Pod
metadata:
  name: udp-test-server
  labels:
    app: udp-test-server-pod
spec:
  containers:
  - name: udp-test-server
    image: aarondiel/udp-echo-server
    ports:
    - containerPort: 2004
      protocol: UDP
---
apiVersion: v1
kind: Service
metadata:
  name: udp-test-server-service
spec:
  type: ClusterIP
  selector:
    app: udp-test-server-pod
  ports:
  - port: 2004
    targetPort: 2004
    protocol: UDP
---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: udp-test-server-gateway
spec:
  gatewayClassName: istio
  listeners:
  - name: udp-gateway
    port: 2004
    protocol: UDP
---
apiVersion: gateway.networking.k8s.io/v1alpha2
kind: UDPRoute
metadata:
  name: udp-test-server-route
spec:
  parentRefs:
  - name: udp-gateway
    kind: Gateway
  rules:
  - backendRefs:
    - name: udp-test-server-service
      port: 2004

 Kyma is fine with me deploying the pod and the service, but getting access to this proofs to be difficult for UDP

Here are some of the different approaches I have tried:

  • NodePort: Limits the available ports to the range 30000-32767; additionally I don't think you can directly access nodes within a cluster, which means this does not work.
  • LoadBalancer: This should in theory create a external IP / domain, but it throws an error stating that UDP is not supported for the service type LoadBalancer.
  • APIRule: From what I read in the documentation this is just a wrapper around the Istio Gateway API and only supports HTTP.
  • Ingress: Only supports HTTP
  • Gateway API: This is what is still visible in the example above. The Gateway API is still somewhat experimental and the UDPRoute that I created above is deployed as a TCP LoadBalancer.

I am guessing that because a lot of the routing logic is handled by Istio, which does not support UDP (https://github.com/istio/istio/issues/1430), Kyma in turn also does not support UDP.

Tl;dr - Is UDP supported for Kyma, or has anyone managed to deploy a application using UDP to the BTP?

Labels:
Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Ivan-Mirisola
Product and Topic Expert
Product and Topic Expert
‎03-14-2024 4:12 PM
0 Kudos

Hi @aarondiel,

As a rule of thumb, all external communication with BTP must be via HTTPS protocol.

With that in mind, whenever you have an external inbound UDP request directed to your Kyma cluster, instead of hitting it directly, it will hit the hyperscalers' load balancer. However, not all hyperscalers do support UDP traffic. You have to check which ones do support it before attempting this. Some hyperscalers like AWS will not allow this, whereas Microsoft Azure and Google Cloud Platform do. 

Hence, there is a chance that you might be able to rely on the Hyperscalers' Load Balancer to forward inbound UDP traffic using something like ingress-nginx:

https://kubernetes.github.io/ingress-nginx/user-guide/exposing-tcp-udp-services/

Please read more here:

https://docs.nginx.com/nginx-ingress-controller/overview/design/

I don't really know if this technique works 100% with BTP.

Therefore, I can't provide more details than what's mentioned above. 

Best regards,
Ivan

Show replies
Show replies
aarondiel
Discoverer
‎03-18-2024 10:44 AM
0 Kudos

The testing cluster that I am using utilizes AWS, which judging from this post should allow for a UDP LoadBalancer.

Since Kyma already uses Istio for its IngressController, I don't think I can use the nginx-ingress without extensively modifying the cluster.

Ask a Question