I’m trying to set up a system that can automatically spin up and down video game servers as docker images. In this case, factoriotools/factorio-docker. Each game is a different, distinct single-pod deployment of that container, and therefore (in the simplified case) needs its own IP address that can listen on a specific UDP port. Load balancers are redundant and irrelevant, and Cloud NAT doesn’t appear to allow ingress traffic easily.
There’s a couple ways I know of to get this to work, both with pretty major compromises:
- I can use a NodePort service, and lose control over which port the client needs to connect to. That’s an issue because the server registers itself with a server listing.
- I can use host networking. If my information is correct, that requires privileged containers, which is Definitely Not Good.
- I could maybe use a UDP load balancer, but even if that exists and works, it’s expensive.
There are probably ways to work around the limitations of either approach (for the second, keep the hosts short-lived and keep the firewall strict, and it should be mostly OK?), but I can’t help but think there’s a better option that I can’t find described in the official kubernetes docs. Does traefik have some trick I don’t know about? Is there some way to get a variant of MetalLB that can dynamically allocate public IP addresses as I need them?
How do I get each server-container to listen on a different public IP address with a specific UDP port, without making security impossible in the process?