Can't access UDP port on load balancer in kubernetes on Google kubernetes engine

[Tameem Iftikhar]

down votefavorite

I am trying to run a very simple UDP service in kubernetes on Google Cloud but am unable to access the port I am exposing to the internet. Here is the deployment and service file: Deployment.yaml apiVersion: extensions/v1beta1 kind: Deployment metadata: name: udp-server-deployment spec: replicas: 2 template: metadata: labels: name: udp-server spec: containers: - name: udp-server image: jpoon/udp-server imagePullPolicy: Always ports: - containerPort: 10001 protocol: UDP Service.yaml: apiVersion: v1 kind: Service metadata: name: udp-server-service labels: app: udp-server spec: type: LoadBalancer ports: - port: 10001 protocol: UDP selector: name: udp-server This create the load balancer in google cloud with the correct port exposed. Like so: Load balancer But when i try to access the port it's unaccessible. I have tried a few variations in GCE to expose udp port but none seem to be working. ➜ udp-example telnet 35.192.59.72 10001 Trying 35.192.59.72... telnet: connect to address 35.192.59.72: Connection refused telnet: Unable to connect to remote host

[Tim Hockin]

Make sure all firewalls are open?

I just tested it and it works:

```

$ kubectl run udp --image=ubuntu -- bash -c "while true; do sleep 100000; done"

deployment "udp" created

$ kubectl expose deployment udp --port=12345 --protocol=UDP --type=LoadBalancer

service "udp" exposed

```

Then I got the IP from `get svc`.  I used `kubectl exec -ti` to exec into my pod and run `nc -l -p 12345 -u` in one terminal and I sent bytes to it via `netcat -u <public ip> 12345`.

Tim

--
You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscribe@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

[Tameem Iftikhar]

Hello, 

Thanks for the response. I just tried the exact same thing on google kubernetes engine. Created a two node cluster and pointed kubectl towards it: 

➜  ~ kubectl get svc

NAME         CLUSTER-IP      EXTERNAL-IP      PORT(S)           AGE

kubernetes   10.11.240.1     <none>           443/TCP           6m

udp          10.11.249.164   35.225.148.180   12345:31357/UDP   3m

➜  ~

And if I try telnet or netcat, in both cases I can't access the port. It just hangs. 

➜  ✗ nc -u 35.225.148.180 12345


➜  ✗ telnet 35.225.148.180 12345

Trying 35.225.148.180...

telnet: connect to address 35.225.148.180: Operation timed out

telnet: Unable to connect to remote host

In firewall rules in Google Cloud console I see the following rule: 

k8s-fw-a0---------              gke-cluster-1-944afe1b-node

IP ranges: 0.0.0.0/0

udp:12345

Allow

1000

default

It seems as if creating a UDP load balancer in google cloud is not opening the port properly. Or the firewall rules are not working properly. 

To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-use...@googlegroups.com.
To post to this group, send email to kubernet...@googlegroups.com.

[manub...@gmail.com]

On Wednesday, 10 January 2018 03:31:54 UTC+1, Tameem Iftikhar wrote:
> Hello, 
>
>
> Thanks for the response. I just tried the exact same thing on google kubernetes engine. Created a two node cluster and pointed kubectl towards it: 
>
>
>
>
> ➜  ~ kubectl get svc
>
> NAME         CLUSTER-IP      EXTERNAL-IP      PORT(S)           AGE
>
> kubernetes   10.11.240.1     <none>           443/TCP           6m
>
> udp          10.11.249.164   35.225.148.180   12345:31357/UDP   3m
>
> ➜  ~
>
>
>
>
> And if I try telnet or netcat, in both cases I can't access the port. It just hangs. 
>
>
>
> ➜  ✗ nc -u 35.225.148.180 12345
>
>
> ➜  ✗ telnet 35.225.148.180 12345
>
> Trying 35.225.148.180...
>
> telnet: connect to address 35.225.148.180: Operation timed out
>
> telnet: Unable to connect to remote host
>
>
>
>
>
>
>
>
>
> In firewall rules in Google Cloud console I see the following rule: 
>
>
> k8s-fw-a0---------              gke-cluster-1-944afe1b-node

> IP ranges: 0.0.0.0/0udp:12345

> Allow
> 1000
> default
> It seems as if creating a UDP load balancer in google cloud is not opening the port properly. Or the firewall rules are not working properly. 
>
>
>
>
> On Tuesday, January 9, 2018 at 3:59:39 PM UTC-5, Tim Hockin wrote:
> Make sure all firewalls are open?
>
>
> I just tested it and it works:
>
>
> ```
> $ kubectl run udp --image=ubuntu -- bash -c "while true; do sleep 100000; done"
>
>
> deployment "udp" created
>
>
> $ kubectl expose deployment udp --port=12345 --protocol=UDP --type=LoadBalancer
>
> service "udp" exposed
> ```
>
>
> Then I got the IP from `get svc`.  I used `kubectl exec -ti` to exec into my pod and run `nc -l -p 12345 -u` in one terminal and I sent bytes to it via `netcat -u <public ip> 12345`.
>
>
> Tim
>
>
> On Tue, Jan 9, 2018 at 12:03 PM, Tameem Iftikhar <tameemif...@gmail.com> wrote:
>
>
>
> down votefavorite
>
>
>
> I am trying to run a very simple UDP service in kubernetes on Google Cloud but am unable to access the port I am exposing to the internet. Here is the deployment and service file:

> Deployment.yamlapiVersion: extensions/v1beta1

Hi Tameem,

Did you ever solve this? I am going to try the same thing but I want to know first if there is any hard limitation.

Thanks