Skip to content

Performance: Per-allocation CPU load-balancing for UDP

Compare
Choose a tag to compare
@rg0now rg0now released this 09 May 15:15
· 276 commits to main since this release

We are proud to present STUNner v0.15.0, the next major release of the STUNner Kubernetes media gateway for WebRTC from l7mp.io.

News

STUNner v0.15.0 is a major feature release and marks an important step towards STUNner reaching v1.0 and become generally available for production use.

The most important changes include:

  • Performance: So far, STUNner TURN/UDP listeners have been limited to a single CPU. With this release this bottleneck has been eliminated, allowing STUNner to run multiple parallel readloops per TURN/UDP listener. This makes it possible to scale the TURN server to any practical number of CPUs and brings massive performance improvement for TURN/UDP workloads.
  • Authentication: On popular user request, STUNner can now read and reconcile TURN authentication credentials from a Kubernetes Secret. This makes it easier to control access to sensitive authentication information. STUNner now also comes with a REST API server for generating ephemeral TURN authentication credentials, implemented as, following the best cloud-native principles, a microservice. The authentication service can be leveraged by WebRTC application servers to obtain time-windowed user authentication credentials and full STUNner-ified ICE server configurations by a single HTTP GET request. Removing a source of permanent confusion, the plaintext authentication mode is now also available under the alias static and the alias ephemeral is introduced to mark what's so far has been called longterm. The old names remain available but their use is discouraged, and they will be deprecated in a future release.
  • Graceful shutdown: With this release, STUNner becomes a better Kubernetes citizen and fully supports graceful shutdown with Kubernetes-compatible liveness and readiness checks. This makes it possible to seamlessly scale a STUNner deployment down (scaling up has been available since the first release): on being shut down, STUNner pods will fail the readiness check so that Kubernetes stops routing new allocation requests to these terminating pods, but the built-in TURN servers will remain alive until having finished processing all active allocations. This prevents the disconnection of active client connections on terminating pods, making STUNner scale-up/scale-down completely seamless.
  • Custom cloud support: STUNner will now automatically expose health-check ports and enable mixed protocol LoadBalancers, both prerequisites of deploying it to Digital Ocean or AWS/EKS smoothly. This change should remove much manual configuration burden for the users of these popular platforms. GCP/GKE and other cloud providers' hosted Kubernetes platforms, which do not require health-checks for UDP LoadBalancer services, continue to work as always.
  • Documentation: STUNner docs are now available at ReadTheDocs!

Apart from the major updates, this release also comes with the usual assortment of documentation updates, tests and CI/CD improvements all around the place.

Enjoy STUNner and don't forget to support us!

Breaking changes

This release should bring no breaking changes. However, some Kubernetes annotations have been promoted to labels and this may cause issues in certain setups. We made several rounds of testing to make sure the upgrade goes as smoothly as possible but, as usual, upgrade carefully and don't forget to file a bug report if anything goes wrong.

Further changes/improvements

chore(CI/CD): Bump Go version to 1.19
chore: Strip symbols from the binary built (#17)
chore: Transition to pion/turn/v2.1.0 and pion/transport/v2
chore: Upgrade to Gateway API v0.6.2
doc: Add Prometheus and Grafana integration to MONITORING (#63)
feature: Add a "app:stunner" label to svcs and configmaps we create
feature: Add a config file watcher to the public API
feature: Automatically expose health-check ports on LBs, fixes #22
feature: Generate TURN URIs from running Stunner config
feature: Implement stunner.SetLogLevel
feature: Introduce auth type aliases, fixes #7
feature: Introduce the more descriptive authentication type aliases
feature: Multi-threaded UDP listeners
feature: Set "related-gateway" annotation of dataplane ConfigMaps
feature: Support mixed protocol load balancer (#25)
feature: Take auth credentials from a Secret, closes #18
fix: Bootstrap stunnerd with minimal config in watch mode
fix: Config file validation no longer sorts listeners and clusters
fix: Enable health-checking by default
fix: Fix segfault when calling Status on a listener w/o TURN server
fix: LB service watchers now filter on the label "app:stunner"
fix: Properly close listeners
fix: Remove segfault in StunnerConfig.DeepEqual
fix: Stop watching for config updates after a graceful shutdown
hack: Don't fail readiness checks when there is no config
refactor: Add public API for generating/checking TURN credentials
refactor: Export default config settings
refactor: Reorganize the config-watcher API
refactor: Use "owned-by" label to mark our own resources instead of the annotation with the same name