This feature is subject to the "Pre-GA Offerings Terms" in the General Service Terms section of theService Specific Terms. Pre-GA features are available "as is" and might have limited support. For more information, see thelaunch stage descriptions.

This document shows you how to expose an application running in aGoogle Kubernetes Engine (GKE) cluster to the internet by using a mixed-protocol,external LoadBalancer Service for both TCP and UDP traffic.

To learn more about external passthrough Network Load Balancers, seeBackendservice-based external passthrough Network Load Balancer.

Overview

You can expose applications that use both TCP and UDP protocols by using twoseparate GKE LoadBalancer Services with a manually coordinated,shared IP address. However, this approach is inefficient because it requiresmanaging multiple Services for a single application and might lead to issuessuch as configuration errors or exhausted IP address quotas.

Mixed-protocol LoadBalancer Services let you use a single Service to managetraffic for both TCP and UDP. Using a single Service simplifies yourconfiguration by letting you use a single IPv4 address and a consolidatedset of forwarding rules for both protocols. This feature is supported forexternal passthrough Network Load Balancer.

Before you begin

Before you start, make sure that you have performed the following tasks:

• Enable the Google Kubernetes Engine API.
Enable Google Kubernetes Engine API
• If you want to use the Google Cloud CLI for this task,install and theninitialize the gcloud CLI. If you previously installed the gcloud CLI, get the latest version by running thegcloud components update command. Earlier gcloud CLI versions might not support running the commands in this document.Note: For existing gcloud CLI installations, make sure to set thecompute/regionproperty. If you use primarily zonal clusters, set thecompute/zone instead. By setting a default location, you can avoid errors in the gcloud CLI like the following:One of [--zone, --region] must be supplied: Please specify location. You might need to specify the location in certain commands if the location of your cluster differs from the default that you set.

• Ensure that you have an existing Autopilot or Standardcluster. To create a new cluster, seeCreate an Autopilot cluster.

Requirements

To create an external LoadBalancer Service that uses mixed protocols, yourcluster must meet the following requirements:

• Mixed-protocol load balancing is available only on newly-created clusters onversion 1.34.1-gke.2190000 or later.
• You must have theHttpLoadBalancing addon enabled on your cluster.
• For new external LoadBalancer Services, to implement the load balancer, setthespec.loadBalancerClass field tonetworking.gke.io/l4-regional-external in the Service manifest. Forexisting Services, your manifest already has thecloud.google.com/l4-rbs:"enabled" annotation, and you can leave the annotation as is.

Limitations

• Mixed-protocol load balancers support only IPv4 addresses.

• You can't use mixed protocols in a Service manifest with the following finalizers:

  • gke.networking.io/l4-ilb-v1
  • gke.networking.io/l4-netlb-v1

  If your manifest has these finalizers, you must delete and re-create theService according to the preceding requirements.

Pricing

Google Cloud bills you per forwarding rule, for any external IP addresses,and for data sent. The following table describes the number of forwarding rulesand external IP addresses used for specified configurations. For moreinformation, seeVPC network pricing.

Deploy a workload

This section shows how to deploy a sample workload that listens on both TCP andUDP ports. Note that the Deployment configuration is the same whether you are using amixed-protocol LoadBalancer Service or two separate single-protocol LoadBalancerServices.

1. The following manifest is for a sample application that listens on port 8080for both TCP and UDP traffic. Save the following manifest asmixed-app-deployment.yaml:

   apiVersion:apps/v1kind:Deploymentmetadata:name:mixed-app-deploymentspec:replicas:3selector:matchLabels:app:mixed-apptemplate:metadata:labels:app:mixed-appspec:containers:-image:gcr.io/kubernetes-e2e-test-images/agnhost:2.6name:agnhostargs:["serve-hostname","--port=8080","--tcp=true","--udp=true","--http=false"]ports:-name:tcp8080protocol:TCPcontainerPort:8080-name:udp8080protocol:UDPcontainerPort:8080

2. Apply the manifest to your cluster:

   kubectlapply-fmixed-app-deployment.yaml

Create a mixed-protocol load balancer

Create a Service of typeLoadBalancer that exposes the deployment to both TCPand UDP traffic.

1. Save the following manifest asmixed-protocol-lb.yaml:

   apiVersion:v1kind:Servicemetadata:name:mixed-protocol-lbspec:loadBalancerClass:"networking.gke.io/l4-regional-external"type:LoadBalancerselector:app:mixed-appports:-name:tcp-portprotocol:TCPport:8080-name:udp-portprotocol:UDPport:8080

   The preceding Service has two ports, one for TCP and one for UDP, both onport 8080.

2. Apply the manifest to your cluster:

   kubectlapply--server-side-fmixed-protocol-lb.yaml

kubectleditserviceSERVICE_NAME

apiVersion:v1kind:Servicemetadata:name:mixed-protocol-lbspec:loadBalancerClass:"networking.gke.io/l4-regional-external"type:LoadBalancerselector:app:mixed-appports:-name:tcp-portprotocol:TCPport:8080-name:streamingprotocol:UDPport:10100-name:gameserver-metadataprotocol:TCPport:10400-name:httpsprotocol:TCPport:443

apiVersion:v1kind:Servicemetadata:name:already-existing-single-protocol-lbspec:loadBalancerClass:"networking.gke.io/l4-regional-external"type:LoadBalancerselector:app:mixed-appports:-name:httpprotocol:TCPport:80-name:httpsprotocol:TCPport:443-name:dnsprotocol:UDPport:53

apiVersion:v1kind:Servicemetadata:name:already-existing-mixed-protocol-lbspec:loadBalancerClass:"networking.gke.io/l4-regional-external"type:LoadBalancerselector:app:mixed-appports:-name:httpprotocol:TCPport:80-name:httpsprotocol:TCPport:443

kubectldeleteservicemixed-protocol-lb

• Learn more aboutexposing applications using Services.
• Read aboutLoadBalancer Services.