search

kubernetes / ingress-nginx

Ingress-NGINX Controller for Kubernetes
https://kubernetes.github.io/ingress-nginx/
Apache License 2.0
17.26k stars 8.2k forks source link

[HELM 4.7.0] UDP Service not exposed #10059

Closed sonic-sw closed 1 day ago

sonic-sw commented 1 year ago

Dear community,

I replaced my GKE ingress with ingress-nginx for may reasons, one main reason was the ability of exposing UDP services within the cluster (voice). The install is vanilla helm chart via argoCD

sources:
    - repoURL: "https://kubernetes.github.io/ingress-nginx"
      chart: ingress-nginx
      targetRevision: 4.7.0

After setting in the values.yaml the external IP and updating the existing http ingress manifests, the web services where back online.

    externalIPs: []
    # -- Used by cloud providers to connect the resulting `LoadBalancer` to a pre-existing static IP according to https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
    loadBalancerIP: "1.2.3.4"
    loadBalancerSourceRanges: []
    enableHttp: true
    enableHttps: true

In an attempt to test TCP and UDP services, I updated the values.yaml file futher with

# -- TCP service key-value pairs
## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md
tcp:
  5060: "kamailio/kamailio-lb-service:5060"

# -- UDP service key-value pairs
## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md
udp:
  5060: "kamailio/kamailio-lb-service:5060"

Validating that the corresponding args been set for the tcp-services-configmap and udp-services-configmap

    spec:
      containers:
      - args:
        ...
        - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
        - --tcp-services-configmap=$(POD_NAMESPACE)/ingress-nginx-tcp
        - --udp-services-configmap=$(POD_NAMESPACE)/ingress-nginx-udp
       ...

I noticed that the UDP port is not added to the ingress-nginx-controller unlike the 5060 TCP version, which is.

        ports:
        - containerPort: 80
          name: http
          protocol: TCP
        - containerPort: 443
          name: https
          protocol: TCP
        - containerPort: 5060
          name: tcp
          protocol: TCP
        - containerPort: 8443
          name: webhook
          protocol: TCP

Is there something I am doing fundamentally wrong? Thank you for any pointers you might have in advance.

image

k8s-ci-robot commented 1 year ago

This issue is currently awaiting triage.

If Ingress contributors determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
longwuyuan commented 1 year ago

@sonic-sw since the apparently correct config did not work as expected, its required to post answers to the questions that are asked in the new issue template. Because there may be data there that has relevance. Please edit your description and answer the qurstions asked in a new issue template.

longwuyuan commented 1 year ago

/remove-kind bug

Also more people on slack so discussing on slack may get more comments

sonic-sw commented 1 year ago

@longwuyuan thank you for taking your time.

kubectl -n kamailio get svc kamailio-lb-service

NAME                  TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)                      AGE
kamailio-lb-service   ClusterIP   10.40.9.180   <none>        5060/UDP,5060/TCP,5061/TCP   11m

I made a different discovery just now which may relates to the root cause? If values.yaml set to

# -- TCP service key-value pairs
## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md
tcp:
  5060: "kamailio/kamailio-lb-service:5060"

# -- UDP service key-value pairs
## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md
udp:
  5060: "kamailio/kamailio-lb-service:5060"

then the result of kubectl -n ingress-nginx get svc ingress-nginx-controller is

NAME                       TYPE           CLUSTER-IP     EXTERNAL-IP    PORT(S)                                     AGE
ingress-nginx-controller   LoadBalancer   10.40.12.112   XXX.XXX.XXX.XXX     80:32278/TCP,443:30585/TCP,5060:31711/TCP   26

if changed values.yaml to (tcp port =! udp port)

# -- TCP service key-value pairs
## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md
tcp:
  5061: "kamailio/kamailio-lb-service:5060"

# -- UDP service key-value pairs
## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md
udp:
  5060: "kamailio/kamailio-lb-service:5060"

then the result of now shows that the UDP port is added kubectl -n ingress-nginx get svc ingress-nginx-controller is

NAME                       TYPE           CLUSTER-IP     EXTERNAL-IP    PORT(S)                                                    AGE
ingress-nginx-controller   LoadBalancer   10.40.12.112   XXX.XXX.XXX.XXX   80:32278/TCP,443:30585/TCP,5061:30664/TCP,5060:31713/UDP   26h

returning (tcp port == udp port) removes again the UDP port

longwuyuan commented 1 year ago

I think we need to check lua code and understand if same port number for TCP/UDP is not allowed.

@Spazzy757 wondering if you have some comments

github-actions[bot] commented 1 year ago

This is stale, but we won't close it automatically, just bare in mind the maintainers may be busy with other tasks and will reach your issue ASAP. If you have any question or request to prioritize this, please reach #ingress-nginx-dev on Kubernetes Slack.

air3ijai commented 10 months ago

I think we need to check lua code and understand if same port number for TCP/UDP is not allowed.

Umbrella Issue: (Known Issue) Service Duplicate Port Numbers + Patch Merge #105610

longwuyuan commented 1 day ago

TCP/UDP forwarding is being deprecated so no action item here for the project. We want to avoid open issues that do no track any action item so I will close this for now.

/close

k8s-ci-robot commented 1 day ago

@longwuyuan: Closing this issue.

In response to [this](https://github.com/kubernetes/ingress-nginx/issues/10059#issuecomment-2345900774): >TCP/UDP forwarding is being deprecated so no action item here for the project. We want to avoid open issues that do no track any action item so I will close this for now. > >/close Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.