github.com/nginxinc/kubernetes-ingress@v1.12.5/examples-of-custom-resources/basic-tcp-udp/README.md (about) 1 # Basic TCP/UDP Load Balancing 2 3 In this example, we deploy a DNS server in a cluster and configure TCP and UDP load balancing for it using the TransportServer resource. As a result, NGINX will pass any connections or datagrams coming to its port 5353 to the DNS server pods. 4 5 ## Prerequisites 6 7 1. Follow the [installation](https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/) instructions to deploy the Ingress Controller: 8 * As part of Step 2 of those instructions, make sure to deploy the GlobalConfiguration resource and configure the Ingress Controller to use it. 9 * Expose port 5353 of the Ingress Controller both for TCP and UDP traffic. 10 1. Save the public IP address of the Ingress Controller into a shell variable: 11 ``` 12 $ IC_IP=XXX.YYY.ZZZ.III 13 ``` 14 1. Save port 5353 of the Ingress Controller into a shell variable: 15 ``` 16 $ IC_5353_PORT=<port number> 17 ``` 18 **Note**: If you'd like to expose the Ingress Controller via a service with the type LoadBalancer, it is not allowed to create a type LoadBalancer service for both TCP and UDP protocols. To overcome this limitation, create two separate services, one for TCP and the other for UDP. In this case, you will end up with two separate public IPs, one for TCP and the other for UDP. Use the former in Step 4.1 and the latter in Step 4.2. 19 1. We use `dig` for testing. Make sure it is installed on your machine. 20 21 **Note**: We assume that as part of the Ingress Controller installation, you deployed the GlobalConfiguration resource in the namespace `nginx-ingress` with the name `nginx-configuration`. If this is not the case, make sure to update the file `global-configuration.yaml` to use the correct namespace and/or name. 22 23 ## Step 1 - Deploy the DNS Server 24 25 We deploy two replicas of [CoreDNS](https://coredns.io/), configured to forward DNS queries to `8.8.8.8`. We also create a service for CoreDNS pods with the name `coredns` that exposes two ports: `5353` for TCP and `5353` for UDP: 26 27 ``` 28 $ kubectl apply -f dns.yaml 29 ``` 30 31 ## Step 2 - Configure Listeners 32 33 1. Update the GlobalConfiguration resource with two listeners - a TCP listener for port 5353 and a UDP listener for port 5353: 34 ``` 35 $ kubectl apply -f global-configuration.yaml 36 ``` 37 38 2. Check that the configuration has been successfully applied by inspecting the events of the GlobalConfiguration: 39 ``` 40 $ kubectl describe gc nginx-configuration -n nginx-ingress 41 . . . 42 Events: 43 Type Reason Age From Message 44 ---- ------ ---- ---- ------- 45 Normal Updated 0s (x2 over 10s) nginx-ingress-controller GlobalConfiguration nginx-ingress/nginx-configuration was updated 46 ``` 47 48 ## Step 3 - Configure Load Balancing 49 50 1. Create the TransportServer resource to configure TCP load balancing: 51 ``` 52 $ kubectl apply -f transport-server-tcp.yaml 53 ``` 54 55 1. Check that the configuration has been successfully applied by inspecting the events of the TransportServer: 56 ``` 57 $ kubectl describe ts dns-tcp 58 Events: 59 Type Reason Age From Message 60 ---- ------ ---- ---- ------- 61 Normal AddedOrUpdated 3s nginx-ingress-controller Configuration for default/dns-tcp was added or updated 62 ``` 63 64 1. Create the TransportServer resource to configure UDP load balancing: 65 ``` 66 $ kubectl apply -f transport-server-udp.yaml 67 ``` 68 69 1. Check that the configuration has been successfully applied by inspecting the events of the TransportServer: 70 ``` 71 $ kubectl describe ts dns-udp 72 Events: 73 Type Reason Age From Message 74 ---- ------ ---- ---- ------- 75 Normal AddedOrUpdated 0s nginx-ingress-controller Configuration for default/dns-udp was added or updated 76 ``` 77 78 ## Step 4 - Test the Configuration 79 80 To test that the configured TCP/UDP load balancing works, we resolve the name `kubernetes.io` using our DNS server available through the Ingress Controller. 81 82 1. Resolve `kubernetes.io` through TCP: 83 ``` 84 $ dig @$IC_IP -p $IC_5353_PORT kubernetes.io +tcp 85 86 ; <<>> DiG 9.10.3-P4-Debian <<>> @<REDACTED> -p 5353 kubernetes.io +tcp 87 ; (1 server found) 88 ;; global options: +cmd 89 ;; Got answer: 90 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44784 91 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 92 93 ;; OPT PSEUDOSECTION: 94 ; EDNS: version: 0, flags:; udp: 4096 95 ;; QUESTION SECTION: 96 ;kubernetes.io. IN A 97 98 ;; ANSWER SECTION: 99 kubernetes.io. 3596 IN A 147.75.40.148 100 101 ;; Query time: 134 msec 102 ;; SERVER: <REDACTED>#5353(<REDACTED>) 103 ;; WHEN: Thu Mar 12 22:01:55 UTC 2020 104 ;; MSG SIZE rcvd: 71 105 ``` 106 107 1. Resolve `kubernetes.io` through UDP: 108 ``` 109 $ dig @$IC_IP -p $IC_5353_PORT kubernetes.io 110 111 ; <<>> DiG 9.10.3-P4-Debian <<>> @<REDACTED> -p 5353 kubernetes.io 112 ; (1 server found) 113 ;; global options: +cmd 114 ;; Got answer: 115 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39087 116 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 117 118 ;; OPT PSEUDOSECTION: 119 ; EDNS: version: 0, flags:; udp: 4096 120 ;; QUESTION SECTION: 121 ;kubernetes.io. IN A 122 123 ;; ANSWER SECTION: 124 kubernetes.io. 2157 IN A 147.75.40.148 125 126 ;; Query time: 134 msec 127 ;; SERVER: <REDACTED>#5353(<REDACTED>) 128 ;; WHEN: Thu Mar 12 22:02:12 UTC 2020 129 ;; MSG SIZE rcvd: 71 130 ```