What is the best practice for exposing a range of ports? I'd like to containerize a VoIP application and am running into a lot of networking challenges, e.g. SIP behind NAT and the RTP port range.
f
full-train-34126
05/04/2023, 4:57 PM
I'm no expert, but I think this is a general limitation still in Kubernetes. I believe your options are:
1. Use helm logic to loop through an array of ports in your values.yaml https://helm.sh/docs/chart_template_guide/control_structures/. You will end up with a massive manifest, but helm takes care of rendering it.
2. Give the container host network access i.e. hostNetwork = true. Some security concerns around this one but effectively the container has direct access to the NIC and therefore all ports.
3. Use SR-IOV to give the pods a dedicated virtual function (virtual host NIC), which is similar to hostNetwork= true in terms of performance and port availability etc. Pretty complicated to set up but works nicely once you get it going.