Expose NTP service via Traefik Service ELB

Traefik Traefik v2
1

I want to expose NTP (UDP) through Traefik Service ELB to outside kubernetes.

I have following config
traefik.toml

       [entryPoints.udp-ntp]
         address = ":123/udp"

exposed 123/udp to Traefik Service ELB.

kind: Service
apiVersion: v1
metadata:
  name: traefik-internal-elb
  namespace: kube-system
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
    service.beta.kubernetes.io/aws-load-balancer-internal: "true"
spec:
  type: LoadBalancer
  selector:
    app: traefik
  ports:
    - name: internal
      protocol: TCP
      port: 80
      targetPort: 80
    - name: udp-ntp
      protocol: UDP
      port: 123
      targetPort: 123

Following is the IngressRouteUDP

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteUDP
metadata:
  name: ntp-internal
  namespace: dev
spec:
  entryPoints:
    - udp-ntp
  routes:
  - match: HostSNI(`ntp.example.net`)
    services:
    - name: chrony
      port: 123
      weight: 10

But I am not able to reach this NTP service from outside of the Kubernetes via Traefik Service ELB.

What I am missing here ?

2

Hi @rp346

Did you manage to fix the problem?
I am hitting the same roadblock.
In case you found a solution, kindly share.

Best Regards,
Kunal Singh

3

You can only use HostSNI() on a TLS connection, so for NTP over UDP this can’t be used for router rule.

It seems UDP doesn`t eve need a rule to match the request (doc).