Comments (11)
@davidkornel Now the dev version can run normally
from stunner.
This would be enough: https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1beta1.AllowedRoutes (a field on the listener).
ReferenceGrants seems to be hard to implement and too much husstle for initial support ;)
I don't use discord ;/
from stunner.
This should now fixed as of e770d05 in the gateway-operator repo, can you please test?
The below now works for me perfectly:
apiVersion: gateway.networking.k8s.io/v1alpha2
kind: Gateway
metadata:
name: stunner-config
namespace: stunner
spec:
gatewayClassName: stunner-gatewayclass
listeners:
- name: udp-listener
port: 3478
protocol: UDP
allowedRoutes:
namespaces:
from: All
apiVersion: gateway.networking.k8s.io/v1alpha2
kind: UDPRoute
metadata:
name: janus-dev
namespace: dev
spec:
parentRefs:
- name: stunner-config
namespace: stunner
rules:
- backendRefs:
- name: janus-dev
namespace: dev
You can also use label selectors to choose the namespaces the gateway would accept routes from:
apiVersion: gateway.networking.k8s.io/v1alpha2
kind: Gateway
metadata:
name: stunner-config
namespace: stunner
spec:
gatewayClassName: stunner-gatewayclass
listeners:
- name: udp-listener
port: 3478
protocol: UDP
allowedRoutes:
namespaces:
from: Selector
selector:
matchLabels:
udp-gateway: accept
Of course, this requires the target namespace to be labelled with udp-gateway=accept
.
Currently this feature is only available on the dev release channel from the stunner/stunner-gateway-operator-dev
chart:
helm install stunner-gateway-operator stunner/stunner-gateway-operator-dev --create-namespace --namespace=stunner-system
We hope to put together a new stable release soon.
Please report back your findings.
from stunner.
@FLM210 Can you check it now?
Do not forget to helm repo update
.
helm install stunner-gateway-operator stunner/stunner-gateway-operator-dev --namespace=stunner --create-namespace --set stunnerGatewayOperator.dataplane.mode=managed
(Obviously, the managed dataplane flag is needed if you'd like to skip installing STUNner manually.)
from stunner.
Great, if you face any issues feel free to reopen, until then I'm closing this issue.
from stunner.
Thanks for the report, this is indeed a bug. In fact, it is a combination of two things: a somewhat underdocumented STUNner limitation plus an actual bug:
- Currently STUNner does not implement cross-namespace Gateway-UDPRoute bindings for simplicity: only UDPRoutes from the same namespace are allowed. This limitation is documented here and here. We didn't think this was an important feature for STUNner, but now that you are reporting we will make sure to fix this (hopefully in the next release). See the new issue here.
- The bug is that for some reason the URPRoute seems to misreport the Accepted status as
True
, even though the Gateway rejected the route due to a cross-namespace binding attempt. This then quite understandably creates the illusion that cross-namespace bindings should work. This should be fixed ASAP, see the new issue here.
Is deploying the Gateway and the UDPRoute into the same namespace an acceptable workaround to you until we fix this? Note that, as another subtle STUNner limitation, currently the UDPRoute can refer to any Service in any namespace (see docs here): to comply with the Gateway API we would also need to implement ReferenceGrants, but this is also a low-prio item on the TODO list at this point.
from stunner.
Is deploying the Gateway and the UDPRoute into the same namespace an acceptable workaround to you until we fix this?
This would mean I need to allow application helm chart to modify stunner namespace or add UDPRoutes to stunner-config helm chart. It can be temp workaround, but it's not good. Thank you very much for a quick response anyway, at the moment I'll use this workaround, but I'm waiting for this to be solved! :D
from stunner.
I see. We'll prioritize this feature then.
Quick question: do you want full support for ReferenceGrants (ReferenceGrant is a CRD that you place into a namespace to allow Gateways from other namespaces to accept routes from said namespace or vice versa) or is it enough if we allow UDPRoute bindings from any namespace without restriction?
Anyway, this feature is contingent on another major milestone: maganed dataplane support in the operator. Once that lands, we can easily add support for cross-namespace bindings. Until then, please bear with us. Or better yet: please keep on bugging us frequently on Discord or here so that we do not forget!...:-)
from stunner.
@FLM210 Can I please ask you to test the dev version to know if it fixes the problem?
I've no time to break my develop infra just to check if it fixes the issue.
from stunner.
@FLM210 Can I please ask you to test the dev version to know if it fixes the problem?
I've no time to break my develop infra just to check if it fixes the issue.
The dev version solved my problem, but there is a small issue with the dev version
l7mp/stunner-gateway-operator#39
from stunner.
The dev version solved my problem, but there is a small issue with the dev version l7mp/stunner-gateway-operator#39
This should be fixed by now.
CC: @davidkornel
from stunner.
Related Issues (20)
- feat: Release turncat binaries
- Issue UDP port loadbalancer HOT 7
- Stunner gateway operator can't be started HOT 1
- Question about debugging message on UDP gateway pod HOT 9
- Is stunner FedRamp compliant? HOT 11
- Meetecho Janus integration HOT 7
- turn ERROR: Failed to handle datagram: failed to create stun message from packet: unexpected EOF: not enough bytes to read header HOT 1
- Mixed protocol available for AWS? If not how to setup health check if not supported? HOT 3
- Does it work with MediaMTX (Whip) and can I choose the destination server with an API? HOT 8
- Gatteway API v1.0 incompatibility on GKE HOT 6
- UDP Gateway Error HOT 11
- srflx ICE candidate wrong ip? HOT 1
- SRS integration? HOT 4
- Extra question about horizontally scaled Stunner HOT 3
- Example app udp-greeter.yaml not working - help needed HOT 10
- v0.16.0 - Websocket error HOT 3
- v0.16.0 - Stunnerd pods get into state where they won't respond to TURN requests HOT 1
- Allow Gateways to request a specific NodePort in the automatically created Service HOT 3
- TURN connection breaks when the backend pod enters graceful shutdown HOT 4
- `stunnerctl config` does not fall back to the default namespace
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from stunner.