Ingress-nginx: tcp/udp services support using annotations

Created on 21 Jan 2017  路  15Comments  路  Source: kubernetes/ingress-nginx

The proposal is to add support of adding new tcp/udp service in {tcp/udp}-configmap by getting input from annotations on ingress object. This will enable exposing tcp/udp services similar to http, although it is not acc. to current kubernetes ingress object specifications. The ingress object with this modification can look like this 

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: testing
  namespace: testns
  annotations:
    ingress.kubernetes.io/service-type: "tcp"
spec:
  rules:
  - host: test.example.com
    http:
      paths:
      - path: /
        backend:
          serviceName: testsvc
          servicePort: 22

In the above example, nginx will expose port 22 with tcp protocol towards service testsvc in the namespace testns. The default value in the absence of the service-type annotation will be http as any standard ingress object. The possible values for service-type: {tcp,udp,http}.

picture gurvindersingh
👍5

All 15 comments

What about 

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: testing
  namespace: testns
  annotations:
    ingress.kubernetes.io/service-type: "tcp"
spec:
    backend:
        serviceName: testsvc
        servicePort: 22

The possible values for service-type: {tcp,udp}.

aledbf picture aledbf on 21 Jan 2017

I think this seems even better and concise.

gurvindersingh picture gurvindersingh on 21 Jan 2017

@aledbf That is what i had done in my local implementation. Do you mind if i submit the patch for this function?

tangle329 picture tangle329 on 23 Jan 2017
👍1

@tangle329 wondering how you solve the conflicting ports part. Or you have multiple interfaces where nginx can listen on same port but different interfaces.

gurvindersingh picture gurvindersingh on 23 Jan 2017
👍1

@gurvindersingh ,
You should not use ports listed below for TCP service. If you want to use them , Please change the code for your own requirment..

var ( // list of ports that cannot be used by TCP or UDP services reservedPorts = []string{"80", "443", "8181", "18080"} )

tangle329 picture tangle329 on 23 Jan 2017

@tangle329 those ports I understand, I mean the ports from various applications when they want to use the same port. E.g. two different elasticsearch service instances running on tcp port 9200. I am just curious as how you are solving this issue. As their are various ways of solving, just curious about yours.

gurvindersingh picture gurvindersingh on 23 Jan 2017

EDIT: Less rambling

The current ingress.Configuration define tcp and udp endpoints as ingress.Location types, so it would be easier to go with the first suggestion marking the tcp/udp with an annotation and move them into Configuration.Servers/TCPEndpoints/UDPEndpoints. That way existing annotations can be reused.

Either way the main problem is the lack of ingress types. Defining tcp and udp "locations" through configmap is not an option I can use at least. It get pretty complicated when we have to define generic data that would work for any type of ingress controller.

einarf picture einarf on 30 Jan 2017
👍1

Please consider adding sctp ad well. May not all ingress will support it but for the spec.

hwinkel picture hwinkel on 3 May 2017
👍1

And do not mix layer 4 and layer 7 in one object

hwinkel picture hwinkel on 3 May 2017

Closing. This change requires modification in the Ingress spec. Services already provide L4 (TCP or UDP)

aledbf picture aledbf on 17 Jun 2017

Current support in the nginx ingress controller is just an feature that enabling sharing a service with multiple ports. This should be used only in environments where there is no support for service type=Loadbalancer (like on-prem)

aledbf picture aledbf on 17 Jun 2017

@aledbf - this is exactly my use case (on-prem without service type=LoadBalancer); is the idea that this feature will eventually go away?

nguyening picture nguyening on 12 Jul 2017

@nguyening the ingress spec will be reviewed to see how can be improved. I will update this issue with the link/s once this work starts

aledbf picture aledbf on 12 Jul 2017

is there any progress or pointer to the actual work to the ingress improvement, we have a couple of UDP based Service running where enhancement for ingress would be required for

a) L4 (pure UDP) based use case, but require a selector i..e based on metadata like source IP
b) L7 UDP based use cases where selection and control musst happen based on the given L7 UDP protocol (like the HTTP routing cases for L7 HTTP)

hwinkel picture hwinkel on 27 Aug 2017

I've crafted this https://github.com/mafzst/tunack to auto populate configmaps from service annotation.
It's just a PoC but can be imporoved

tuarrep picture tuarrep on 28 Mar 2018
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

kfox1111 picture kfox1111  路  3Comments
lachlancooper picture lachlancooper  路  3Comments
natemurthy picture natemurthy  路  3Comments
oilbeater picture oilbeater  路  3Comments
silasbw picture silasbw  路  3Comments