UDP - Octelium Docs

Services support raw UDP for generic UDP-based applications via the UDP mode. Here is an example:

1kind: Service
2metadata:
3  name: google-dns
4spec:
5  port: 53
6  mode: UDP
7  config:
8    upstream:
9      url: udp://8.8.8.8:53

NOTE

For DNS-based applications, it's strongly recommended to use the DNS mode instead. Read more about the DNS mode here.

Access Control

Just like in TCP mode, UDP has no application-layer aware information fed to the request context since it operates at layer-4. Here is an example:

1kind: Service
2metadata:
3  name: example-svc
4spec:
5  config:
6    upstream:
7      url: dns://8.8.8.8
8  mode: UDP
9  authorization:
10    inlinePolicies:
11      - spec:
12          rules:
13            - effect: ALLOW
14              condition:
15                match: '"group-1" in ctx.user.spec.groups'

Dynamic Configuration

You can use dynamic configuration in order to, for example, route to different upstreams depending on the request's context (read more about dynamic configuration here). Here is an example:

1kind: Service
2metadata:
3  name: example-svc
4spec:
5  mode: UDP
6  port: 1234
7  config:
8    upstream:
9      url: udp://host-0:9000
10  dynamicConfig:
11    configs:
12      - name: host-1
13        upstream:
14          url: udp://host-1:9001
15      - name: host-2
16        upstream:
17          url: udp://host-2:9002
18    rules:
19      - condition:
20          match: '"ops" in ctx.user.spec.groups'
21        configName: host-1
22      - condition:
23          match: '"dev" in ctx.user.spec.groups'
24        configName: host-2

Visibility

The Service emits access logs in real time to the audit collector. Here is an example of a UDP Log:

1{
2  "apiVersion": "core/v1",
3  "entry": {
4    "common": {
5      "connectionID": "n8wc-48m1-drfiho77tsir66tzojgma19f-mwq5-c1dd",
6      "endedAt": "2025-03-21T22:23:28.959205328Z",
7      "isAuthenticated": true,
8      "isAuthorized": true,
9      "namespaceRef": {
10        "apiVersion": "core/v1",
11        "kind": "Namespace",
12        "name": "default",
13        "resourceVersion": "0195b81d-43ec-7ba7-81f7-9b77202b3612",
14        "uid": "bff0768e-eec8-4044-a972-9f7af81b79d8"
15      },
16      "regionRef": {
17        "apiVersion": "core/v1",
18        "kind": "Region",
19        "name": "default",
20        "uid": "6e233d12-2fd6-4670-a82d-8c712e1f7374"
21      },
22      "serviceRef": {
23        "apiVersion": "core/v1",
24        "kind": "Service",
25        "name": "dns-google.default",
26        "resourceVersion": "0195bacb-f4d7-77ca-9faf-5c1fec442d7d",
27        "uid": "4a2feeb5-6744-4ed7-b1bf-e2ee1aa66da2"
28      },
29      "sessionRef": {
30        "apiVersion": "core/v1",
31        "kind": "Session",
32        "name": "usr1-3pt93j",
33        "resourceVersion": "0195bacb-ed87-76a0-b93b-9b74d7cf122a",
34        "uid": "e8bea7be-b858-4457-a8ee-a0cb7f6c91da"
35      },
36      "startedAt": "2025-03-21T22:22:58.952526275Z",
37      "userRef": {
38        "apiVersion": "core/v1",
39        "kind": "User",
40        "name": "usr1",
41        "resourceVersion": "0195b821-228d-79b2-92f3-4bb458944f97",
42        "uid": "e0f251b2-6952-4a46-a771-2712a45c47f5"
43      }
44    },
45    "info": {
46      "udp": {
47        "type": "END"
48      }
49    }
50  },
51  "kind": "AccessLog",
52  "metadata": {
53    "actorRef": {
54      "apiVersion": "core/v1",
55      "kind": "Session",
56      "name": "usr1-3pt93j",
57      "resourceVersion": "0195bacb-ed87-76a0-b93b-9b74d7cf122a",
58      "uid": "e8bea7be-b858-4457-a8ee-a0cb7f6c91da"
59    },
60    "createdAt": "2025-03-21T22:23:28.959199765Z",
61    "id": "hh19-umjd-dt4hhosmolden9btflc2wuzt-wrt9-o2dc",
62    "targetRef": {
63      "apiVersion": "core/v1",
64      "kind": "Service",
65      "name": "dns-google.default",
66      "resourceVersion": "0195bacb-f4d7-77ca-9faf-5c1fec442d7d",
67      "uid": "4a2feeb5-6744-4ed7-b1bf-e2ee1aa66da2"
68    }
69  }
70}