Using the Stream Control Transmission Protocol (SCTP) on a bare metal cluster

As a cluster administrator, you can use the Stream Control Transmission Protocol (SCTP) on a cluster.

Support for Stream Control Transmission Protocol (SCTP) on OKD

As a cluster administrator, you can enable SCTP on the hosts in the cluster. On Fedora CoreOS (FCOS), the SCTP module is disabled by default.

SCTP is a reliable message based protocol that runs on top of an IP network.

When enabled, you can use SCTP as a protocol with pods, services, and network policy. A Service object must be defined with the type parameter set to either the ClusterIP or NodePort value.

Example configurations using SCTP protocol

You can configure a pod or service to use SCTP by setting the protocol parameter to the SCTP value in the pod or service object.

In the following example, a pod is configured to use SCTP:

  1. apiVersion: v1
  2. kind: Pod
  3. metadata:
  4.   namespace: project1
  5.   name: example-pod
  6. spec:
  7.   containers:
  8.     - name: example-pod
  9. ...
  10.       ports:
  11.         - containerPort: 30100
  12.           name: sctpserver
  13.           protocol: SCTP

In the following example, a service is configured to use SCTP:

  1. apiVersion: v1
  2. kind: Service
  3. metadata:
  4.   namespace: project1
  5.   name: sctpserver
  6. spec:
  7. ...
  8.   ports:
  9.     - name: sctpserver
  10.       protocol: SCTP
  11.       port: 30100
  12.       targetPort: 30100
  13.   type: ClusterIP

In the following example, a NetworkPolicy object is configured to apply to SCTP network traffic on port 80 from any pods with a specific label:

  1. kind: NetworkPolicy
  2. apiVersion: networking.k8s.io/v1
  3. metadata:
  4.   name: allow-sctp-on-http
  5. spec:
  6.   podSelector:
  7.     matchLabels:
  8.       role: web
  9.   ingress:
  10.   - ports:
  11.     - protocol: SCTP
  12.       port: 80

Enabling Stream Control Transmission Protocol (SCTP)

As a cluster administrator, you can load and enable the blacklisted SCTP kernel module on worker nodes in your cluster.

Prerequisites

  • Install the OpenShift CLI (oc).

  • Access to the cluster as a user with the cluster-admin role.

Procedure

  1. Create a file named load-sctp-module.yaml that contains the following YAML definition:

    1. apiVersion: machineconfiguration.openshift.io/v1
    2. kind: MachineConfig
    3. metadata:
    4.   name: load-sctp-module
    5.   labels:
    6.     machineconfiguration.openshift.io/role: worker
    7. spec:
    8.   config:
    9.     ignition:
    10.       version: 3.2.0
    11.     storage:
    12.       files:
    13.         - path: /etc/modprobe.d/sctp-blacklist.conf
    14.           mode: 0644
    15.           overwrite: true
    16.           contents:
    17.             source: data:,
    18.         - path: /etc/modules-load.d/sctp-load.conf
    19.           mode: 0644
    20.           overwrite: true
    21.           contents:
    22.             source: data:,sctp

  2. To create the MachineConfig object, enter the following command:

    1. $ oc create -f load-sctp-module.yaml

  3. Optional: To watch the status of the nodes while the MachineConfig Operator applies the configuration change, enter the following command. When the status of a node transitions to Ready, the configuration update is applied.

    1. $ oc get nodes

Verifying Stream Control Transmission Protocol (SCTP) is enabled

You can verify that SCTP is working on a cluster by creating a pod with an application that listens for SCTP traffic, associating it with a service, and then connecting to the exposed service.

Prerequisites

  • Access to the internet from the cluster to install the nc package.

  • Install the OpenShift CLI (oc).

  • Access to the cluster as a user with the cluster-admin role.

Procedure

  1. Create a pod starts an SCTP listener:

    1. Create a file named sctp-server.yaml that defines a pod with the following YAML:

      1. apiVersion: v1
      2. kind: Pod
      3. metadata:
      4.   name: sctpserver
      5.   labels:
      6.     app: sctpserver
      7. spec:
      8.   containers:
      9.     - name: sctpserver
      10.       image: fedora:31
      11.       command: ["/bin/sh", "-c"]
      12.       args:
      13.         ["dnf install -y nc && sleep inf"]
      14.       ports:
      15.         - containerPort: 30102
      16.           name: sctpserver
      17.           protocol: SCTP

    2. Create the pod by entering the following command:

      1. $ oc create -f sctp-server.yaml

  2. Create a service for the SCTP listener pod.

    1. Create a file named sctp-service.yaml that defines a service with the following YAML:

      1. apiVersion: v1
      2. kind: Service
      3. metadata:
      4.   name: sctpservice
      5.   labels:
      6.     app: sctpserver
      7. spec:
      8.   type: NodePort
      9.   selector:
      10.     app: sctpserver
      11.   ports:
      12.     - name: sctpserver
      13.       protocol: SCTP
      14.       port: 30102
      15.       targetPort: 30102

    2. To create the service, enter the following command:

      1. $ oc create -f sctp-service.yaml

  3. Create a pod for the SCTP client.

    1. Create a file named sctp-client.yaml with the following YAML:

      1. apiVersion: v1
      2. kind: Pod
      3. metadata:
      4.   name: sctpclient
      5.   labels:
      6.     app: sctpclient
      7. spec:
      8.   containers:
      9.     - name: sctpclient
      10.       image: fedora:31
      11.       command: ["/bin/sh", "-c"]
      12.       args:
      13.         ["dnf install -y nc && sleep inf"]

    2. To create the Pod object, enter the following command:

      1. $ oc apply -f sctp-client.yaml

  4. Run an SCTP listener on the server.

    1. To connect to the server pod, enter the following command:

      1. $ oc rsh sctpserver

    2. To start the SCTP listener, enter the following command:

      1. $ nc -l 30102 --sctp

  5. Connect to the SCTP listener on the server.

    1. Open a new terminal window or tab in your terminal program.

    2. Obtain the IP address of the sctpservice service. Enter the following command:

      1. $ oc get services sctpservice -o go-template='{{.spec.clusterIP}}{{"\n"}}'

    3. To connect to the client pod, enter the following command:

      1. $ oc rsh sctpclient

    4. To start the SCTP client, enter the following command. Replace <cluster_IP> with the cluster IP address of the sctpservice service.

      1. # nc <cluster_IP> 30102 --sctp