[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Can I run a NON-HTTP UDP based application on Openshift V3



Hi Suryaveer,


I want to confirm something about ports in spec:NodePort. It is written that we have to give a nodeport within some range 30000-32000 (not exact range). What I understand for NodePort is that a port is Opened on a node where a pod is running and I'll access the my application using nodeIp:nodeport. ( I saw some tutorial videos)

My requirement is to expose port 5060 which is the standard port, can I achieve this using nodeport. 

Pardon me if I am asking some stupid questions, I am still trying to run a simple application using standard service but not able to hit it from outside the cluster, otherwise I would have tried the nodeport thing. I'll ask another question for the issue I mentioned.


I don't know if the allowed port range for NodePort services is configurable to allow lower TCP/UDP ports and I also do not know if OSE enforces the configured range. I suppose OSE cannot let a pod request any port because it could conflict with ports used by OSE node services like kubelet and the SDN. Another issue is that a NodePort service can conflict with other NodePort services.

This doesn't exactly answer your question, it is just so you know NodePort restrictions make sense. In a cloud environment you give up some fine-grained control that you'd have with bare metal servers or traditional virtual machines in exchange for easier deploying and management. If an application is not flexible enough to run with configuration changes it may not be possible to run it under OSE and other cloud platforms.

Isn't it possible to configure your application to use a different UDP port? I guess no, SIP is not very flexible. :-(

If that is the case, maybe you can run something outside OSE, for example at a firewall box, to redirect packets from port 5060 in it to whatever port you configure in your NodePort service. If you can guarantee using UDP port 5060 on your OSE nodes is safe you also have the option of configuring iptables rules to redirect packets.


[]s, Fernando Lozano


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]