Skip to content

Exposing UDP services

It is possible to expose UDP services, however with some caveats:

  • You need to create a Service of type=LoadBalancer. This will create an (extra) AWS Load Balancer, which involves a cost.
  • You can not mix TCP and UDP ports within the same Service, so you'll need to split this into 2 separate Services (and thus will also result in 2 separate Load Balancers). For more info, see https://github.com/kubernetes/enhancements/issues/1435 and https://github.com/aws/containers-roadmap/issues/841.
  • If you're setting externalTrafficPolicy: Cluster on the Service's spec, you'll also need to implement a TCP-based health check as an AWS NLB only supports health checking over TCP. However, this isn't a problem when using externalTrafficPolicy: Local.

Simple example:

apiVersion: v1
kind: Namespace
metadata:
  name: udp
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: udp-test
  namespace: udp
  labels:
    app.kubernetes.io/name: udp-test
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: udp-test
  template:
    metadata:
      labels:
        app.kubernetes.io/name: udp-test
    spec:
      containers:
        - name: udp
          image: cilium/echoserver-udp
          ports:
            - name: udp-1
              containerPort: 69
              protocol: UDP
---
apiVersion: v1
kind: Service
metadata:
  name: udp-test
  namespace: udp
  labels:
    app.kubernetes.io/name: udp-test
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
spec:
  type: LoadBalancer
  externalTrafficPolicy: Local
  selector:
    app.kubernetes.io/name: udp-test
  ports:
    - protocol: UDP
      port: 6969
      targetPort: udp-1