UDP - Octelium Docs

Services support raw UDP for generic UDP-based applications via the UDP mode. Here is an example:

kind: Service
metadata:
  name: google-dns
spec:
  port: 53
  mode: UDP
  config:
    upstream:
      url: udp://8.8.8.8:53

note

For DNS-based applications, it's strongly recommended to use the DNS mode instead. Read more about the DNS mode here.

Access Control

Just like in TCP mode, UDP has no application-layer aware information fed to the request context since it operates at layer-4. Here is an example:

kind: Service
metadata:
  name: example-svc
spec:
  config:
    upstream:
      url: dns://8.8.8.8
  mode: UDP
  authorization:
    inlinePolicies:
      - spec:
          rules:
            - effect: ALLOW
              condition:
                match: '"group-1" in ctx.user.spec.groups'

Dynamic Configuration

You can use dynamic configuration in order to, for example, route to different upstreams depending on the request's context (read more about dynamic configuration here). Here is an example:

kind: Service
metadata:
  name: example-svc
spec:
  mode: UDP
  port: 1234
  config:
    upstream:
      url: udp://host-0:9000
  dynamicConfig:
    configs:
      - name: host-1
        upstream:
          url: udp://host-1:9001
      - name: host-2
        upstream:
          url: udp://host-2:9002
    rules:
      - condition:
          match: '"ops" in ctx.user.spec.groups'
        configName: host-1
      - condition:
          match: '"dev" in ctx.user.spec.groups'
        configName: host-2

Visibility

The Service emits access logs in real time to the audit collector. Here is an example of a UDP Log:

{
  "apiVersion": "core/v1",
  "entry": {
    "common": {
      "connectionID": "n8wc-48m1-drfiho77tsir66tzojgma19f-mwq5-c1dd",
      "endedAt": "2025-03-21T22:23:28.959205328Z",
      "isAuthenticated": true,
      "isAuthorized": true,
      "namespaceRef": {
        "apiVersion": "core/v1",
        "kind": "Namespace",
        "name": "default",
        "resourceVersion": "0195b81d-43ec-7ba7-81f7-9b77202b3612",
        "uid": "bff0768e-eec8-4044-a972-9f7af81b79d8"
      },
      "regionRef": {
        "apiVersion": "core/v1",
        "kind": "Region",
        "name": "default",
        "uid": "6e233d12-2fd6-4670-a82d-8c712e1f7374"
      },
      "serviceRef": {
        "apiVersion": "core/v1",
        "kind": "Service",
        "name": "dns-google.default",
        "resourceVersion": "0195bacb-f4d7-77ca-9faf-5c1fec442d7d",
        "uid": "4a2feeb5-6744-4ed7-b1bf-e2ee1aa66da2"
      },
      "sessionRef": {
        "apiVersion": "core/v1",
        "kind": "Session",
        "name": "usr1-3pt93j",
        "resourceVersion": "0195bacb-ed87-76a0-b93b-9b74d7cf122a",
        "uid": "e8bea7be-b858-4457-a8ee-a0cb7f6c91da"
      },
      "startedAt": "2025-03-21T22:22:58.952526275Z",
      "userRef": {
        "apiVersion": "core/v1",
        "kind": "User",
        "name": "usr1",
        "resourceVersion": "0195b821-228d-79b2-92f3-4bb458944f97",
        "uid": "e0f251b2-6952-4a46-a771-2712a45c47f5"
      }
    },
    "info": {
      "udp": {
        "type": "END"
      }
    }
  },
  "kind": "AccessLog",
  "metadata": {
    "actorRef": {
      "apiVersion": "core/v1",
      "kind": "Session",
      "name": "usr1-3pt93j",
      "resourceVersion": "0195bacb-ed87-76a0-b93b-9b74d7cf122a",
      "uid": "e8bea7be-b858-4457-a8ee-a0cb7f6c91da"
    },
    "createdAt": "2025-03-21T22:23:28.959199765Z",
    "id": "hh19-umjd-dt4hhosmolden9btflc2wuzt-wrt9-o2dc",
    "targetRef": {
      "apiVersion": "core/v1",
      "kind": "Service",
      "name": "dns-google.default",
      "resourceVersion": "0195bacb-f4d7-77ca-9faf-5c1fec442d7d",
      "uid": "4a2feeb5-6744-4ed7-b1bf-e2ee1aa66da2"
    }
  }
}