Skip to content

l7mp/stunner-gateway-operator

Repository files navigation

STUNner
Discord

STUNner Kubernetes Gateway Operator

The STUNner Kubernetes Gateway Operator is an open-source implementation of the Kubernetes Gateway API using STUNner as the data plane. The goal is to implement the part of the core Gateway API, namely Gateway, GatewayClass and UDPRoute resources, that are necessary to fully configure the STUNner WebRTC ingress gateway via the Kubernetes control plane. The STUNner Kubernetes Gateway Operator is currently supports only a subset of the Gateway API.

Documentation

Full documentation for the stable version can be found here. The documentation of the development version is maintained here.

Caveats

  • STUNner implements its own UDPRoute resource instead of using the official UDPRoute provided by the Gateway API. The reason is that STUNner's UDPRoutes omit the port defined in backend references, in contrast to standard UDPRoutes that make the port mandatory. The rationale is that WebRTC media servers typically spawn zillions of UDP/SRTP listeners on essentially any UDP port, so enforcing a single backend port would block all client access. Instead, STUNner's UDPRoutes do not limit port access on backend services at all by default, and provide an optional pair or port/end-port fields per backend reference to define a target port range in which peer connections to the backend are to be accepted.
  • The operator actively reconciles the changes in the GatewayClass resource; e.g., if the parametersRef changes then we take this into account (this is not recommended in the spec to limit the blast radius of a mistaken config update).
  • ReferenceGrants are not implemented: routes can refer to Services and StaticServices in any namespace.
  • The operator does not invalidate the GatewayClass status on exit and does not handle the case when the parent GatewayClass is removed from Gateway.

Help

STUNner development is coordinated in Discord, feel free to join.

License

Copyright 2021-2023 by its authors. Some rights reserved. See AUTHORS.

APACHE License - see LICENSE for full text.

Acknowledgments

Inspired from the NGINX Kubernetes Gateway and the Kong Gateway Operator.