CoTurn on Kubernetes

[Sudheerkumar]

Hi, Does this coturn or stun/turn server can be hosted in a cluster??

We did try to deploy on a Azure K8S cluster. We are facing issue while establishing the communication with the service running in the cluster. Any pointers?

WE have enabled host network as well

[tyranron]

@Sudheerkumar we use it successfully in our own bare metal Kubernetes cluster. The requirements are quite Kubernetes-unfriendly, though.

• We use hostNetwork: true for the Pods which contain Coturn.
• We deploy one Coturn per Node.
• We do not restrict ports hardly via firewall on those Nodes. Here are iptable rules we apply to such nodes:

  {% if 'streaming_node_role' in group_names %}
  -A Firewall-INPUT -p tcp --dport {{ 3478 }}                            -j ACCEPT
          {{- '' }} -m comment --comment "open TURN TCP port"
  -A Firewall-INPUT -p udp --dport 0:65535                               -j ACCEPT
          {{- '' }} -m comment --comment "open TURN/STUN/RTP ports"
  {% endif %}

[Sudheerkumar]

Hi @tyranron thanks for your timely response. Do you know any tips for running the similar on Azure Kuberenetes service. We have all our infra on AKS today. your inputs are much helpful Thank you

[tyranron]

@Sudheerkumar I have no experience with AKS, unfortunately, but the tips I've described above should help. We'd use the same setup even if doesn't use Kubernetes, but a raw Docker (or Docker Compose). The way is obvious: give it host network and make sure any required ports are opened.

[Sudheerkumar]

Okay, I tried enabling hostNetwork:true and I mean at AKS level Microsoft official documentation says By default, AKS clusters have unrestricted outbound (egress) internet access. This level of network access allows nodes and services you run to access external resources as needed.

Meanwhile any projects you are aware of using coturn on AKS?

[tyranron]

@Sudheerkumar

By default, AKS clusters have unrestricted outbound (egress) internet access. This level of network access allows nodes and services you run to access external resources as needed.

You need lower the restrictions for inbound (ingress) access the way I've described above. Then, poke with the configuration.

Meanwhile any projects you are aware of using coturn on AKS?

Unfortunately, no.

[Sudheerkumar]

Thanks @tyranron, I will explore and get back to you.

[andrewperry]

Hi @tyranron thanks for your timely response. Do you know any tips for running the similar on Azure Kuberenetes service. We have all our infra on AKS today. your inputs are much helpful Thank you

This is probably what you were looking for: https://devblogs.microsoft.com/cse/2018/01/29/orchestrating-turn-servers-cloud-deployment/

with more detailed instructions here: https://github.com/anastasiia-zolochevska/coturn-to-azure-deployment

How did you go?