New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support port ranges or whole IPs in services #23864
Comments
Fyi you don't actually need to specify a port in the RC unless you're going to target it through a Service, but I guess this is a pain to do if you have even O(10) ports. I wonder if there's an easy client side solution that doesn't involve changing the Service (something like kubectl expose --port 3000-3020). |
The problem with port ranges is that the userspace kube-proxy can't handle Aside from that, I don't immediately see a reason against port ranges. On Tue, Apr 5, 2016 at 5:55 PM, Prashanth B notifications@github.com
|
I do need to target the ports through a Service since that is the only way outside users would be able to place a call via SIP |
The short story is it doesn't work right now. Changing it is not On Tue, Apr 5, 2016 at 9:01 PM, Aditya Patawari notifications@github.com
|
I'm starting to work in this issue. I will try to implement just the logic in kubctl package to map the port ranges to ports which seems a easy and useful workaround. Later I will check the LB and/or kube-proxy option. golang and kubernetes are new for me so any help, ideas or guidance will be welcomed. |
@antonmry What API changes are you looking to do to support this? I glanced at your dev branch and it looks like there's a lot more copy-paste going on than I'd expect. I think I can save you effort if you talk out your desired changes here first. |
@antonmry Please see: In general, if you're new to Kubernetes, an API change is not a good place to start. If you're looking for a way to contribute, please checkout issues labeled "help-wanted": It was also stated above that we are not ready to accept this change. |
This change, should we decide to do it, doesn't warrant a new API. It's just some field changes to Services and maybe Pods. The right place to start is with a proposal doc that details the change, the API compatibility concerns, the load-balancer implementation concerns, etc. |
@bgrant0607 @antonmry needs this change to make TeleStax (an RTC framework) work well in Kubernetes, so this isn't a "for fun" request, but rather one that's needed to support their application well. I agree w/ @lavalamp and @thockin that there are simpler designs, and that a lightweight design proposal is the right way to get to agreement on design quickly. |
@brendandburns I assumed there was a reason behind the request, but API changes are tricky and expensive. This particular change has been discussed since #1802. In the best case, any API change would appear in 1.4. If it is blocking an application now, I suggest finding a solution that doesn't require an API change, potentially in parallel with an API and design proposal. As mentioned above, ports don't need to be specified on pods. The trick is how to LB to them. Perhaps @thockin or @bprashanth has a suggestion. |
@bgrant0607 totally agree that this is targeted at 1.4 just wanted to give context on the motivation for the change. |
Yeah. Like @thockin is hinting, I also expected to see this start out as annotations on pod and/or service objects. (as much as I hate that this is how new fields start, this is how new fields start.) |
Hi @bgrant0607, @thockin, @brendandburns, @lavalamp I'm new to kubernetes development, so I was trying different things to test and see how the API works, even if in the beginning was different, as soon as I've realized the complexity of the issue, any of my dev branches have pretended to be a proposal or similar, so please, ignore them. As far as I understand from your comments, for this issue it's better to have a new annotation than a new API version. I started a new API version looking for a way to keep my developments totally separated and then start the discussion. Also because the containerPort is mandatory so even with an annotation to indicate the range, I don't see how avoid the mandatory containerPort without change the API. How can I do it?. Finally, please, feel free to manage this issue independently of the work I'm doing here. I would like to contribute and I appreciate your guidance and help but I don't pretend you have to accept my solution or hypothetical PR even if I would like be able to arrive to that point. |
One idea is to put the beginning of the range in the current field, and use an annotation of the form |
We also need exposing large port range (10k+) for RTP/WebRTC and SIP frameworks. As SIP stack usually not stable and in some parts is very unpredictable it is really needed thing. BTW exposing port range is not what most of us want. We have dedicated IPs for media traffic and it could be nice to just map all traffic for specific IP to a service. Something like "dmz" and enable ability to expose port ranges for it. |
I'd be OK to see some alpha feature enabling ranges (including whole IP) On Mon, Sep 5, 2016 at 4:21 AM, Steve Kite notifications@github.com wrote:
|
+1 to this idea. Specifying port ranges in services declarations is mandatory for any VoIP-related application. It would be great to have this done. Does anyone figured out a temporary workaround for this? Thanks in advance. |
+1. We also need support for a large port range to enable a media processing engine running in a Docker container that is part of a Pod. As others have mentioned, this is needed to process (RTP) media streams. The SIP protocol is limited to 5060 and 5061 so we don't need it for the SIP signaling. The issue is with the standard RTP port range which is 16384-32767. Its important to understand that these ports are typically allocated dynamically when a new media session is being processed but they need to be accessible on the public IP associated with the container. I agree that its critical for anyone wishing to use Kubernetes to orchestrate a Voip service that includes any form of media processing including gateways, call recording services, MCUs, etc. I'm early to Kubernetes but it seems that this is one of the few things holding us back from using it at this point. I'm interested in helping here as well. |
+1 Welp also ran into this with a media server application (need host networking to have a stable static IP, clients connect on the standard RTP port range). |
Yes please, we would like this for a custom game server proxy which maps a range of external ports to petsets inside the cluster. UDP traffic, very similar to voice or media server applications I suppose. Bonus points for being able to expose this service and have the GKE firewall rules work with the port range also. |
For future readers: Port ranges specifically is problematic because implementations like IPVS do not support them well and because NodePorts are very limited. Doing whole-IP forwarding (either L4 or L3) is plausible but the work on that stalled (kubernetes/enhancements#2611) for lack of someone to drive it. It may be better to focus on Gateway API (https://gateway-api.sigs.k8s.io/) as the vehicle to enable this, long term, but it doesn't seem impossible to do it in Service, if we can justify the use. |
Revisiting this old issue after discussion at sig-net today. We still think this is valuable. Port ranges have some implementability problems. Whole IPs have some API problems. Of the two, I think API problems are probably more tractable. We should probably implement this as a GatewayClass rather than literally in Service API. (@robscott @danwinship) Like so many things, it needs a champion to drive it. |
/unassign @prameshj not commiting to the short term but maybe in the long term |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
/remove-lifecycle stale |
@briantopping could you please add some context to your update? |
Hi @shaneutt, no problem. A backlog project has been to host a SIP telephone system in Kubernetes. Doesn't seem like we are there yet. Do we have another way to resolve this issue? Seems like this issue would have been closed if so. |
Thanks for the update! @thockin pointed out that we could potentially sort this out in Gateway API, which is an increasingly preferable place to put functionality of various sorts due to it's much wider API surface area over |
Got it, makes great sense! I was avoiding the issue getting lost at the very least, agree that there's no reason to implement this in Maybe this issue and it's history should be moved to that project, then annotated with a brief narrative that it came from the I wonder if there are a significant number of issues that would qualify for this treatment? Haven't read the full initiative there yet, but already a huge fan. Whatever we can do to not lose the momentum issues like this have built over years would probably benefit the direction it takes quite gracefully. Happy to chat on Slack as well if there's some place I can help. |
We appreciate the interest, if you have some time to help move it forward that would be great!
Sure, in Gateway API we have a process called GEP that is inspired by KEP, but with a very heavy preference towards small PRs along an iterative graduation path. You'll wanna start by floating the idea around in the community (Slack, like you said or preferably at our weekly community meetings where the agenda is open) to gather some thoughts and try to build some consensus. Once you've started to get some signal from the community, a GEP to start making a proposal and highlighting the problem to be solved might be a good next step.
Indeed, this is what I meant by "increasingly preferable": we are finding ourselves fatigued and guarded against Let us know how we can support you in driving this forward if you decide you want to dig in! |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
There are several applications like SIP apps or RTP which needs a lot of ports to run multiple calls or media streams. Currently there is no way to allow a range in ports in spec. So essentially I have to do this:
Doing above for 500 ports is not pretty. Can we have a way to allow port ranges like 5060-5160?
The text was updated successfully, but these errors were encountered: