Bug 2069740: Avoid kubernetes node port range #3044
Conversation
|
/test e2e-metal-ipi |
|
/test e2e-vsphere |
| @@ -20,7 +20,7 @@ contents: | |||
| bind :::{{`{{ .LBConfig.LbPort }}`}} v4v6 | |||
| default_backend masters | |||
| listen health_check_http_url | |||
| bind :::30936 v4v6 | |||
| bind :::20936 v4v6 | |||
There was a problem hiding this comment.
Shouldn't this be in the 9000-9999 range and ideally be specifically reserved (as node exporter and CVO are)?
There was a problem hiding this comment.
I had left this out of the range because I thought it could be changed to listen on only localhost, but when I tried that it doesn't work so yeah, I'll have to change it.
Per [0], the range 30000-32767 is used for kubernetes node ports. We should not have haproxy listening in that range to avoid possible conflicts. 9444 is adjacent to 9445 where the haproxy frontend listens, but is currently unused in the host port registry. 0: https://github.com/openshift/openshift-docs/blob/main/modules/installation-network-user-infra.adoc
cybertron
force-pushed
the
avoid-kube-ports
branch
from
4502c9e
to
675c770
Compare
openshift-ci
bot
added
the
approved
|
IIUC, the document in the enhancements repo is the authoritative source for port allocations. I have a review up to add our ports: openshift/enhancements#1076 I was going to hold that one until we had actually moved our ports to valid ranges, but I suppose there's an argument that the ports should be reserved in the doc first. I mostly just want to get all of these patches merged so we can stop playing whack-a-mole with port conflicts. :-) |
cybertron
changed the title
openshift-ci
bot
added
bugzilla/severity-medium
|
@cybertron: This pull request references Bugzilla bug 2069740, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/bugzilla refresh |
openshift-ci
bot
added
bugzilla/valid-bug
|
@cybertron: This pull request references Bugzilla bug 2069740, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker. 3 validation(s) were run on this bug
No GitHub users were found matching the public email listed for the QA contact in Bugzilla (vvoronko@redhat.com), skipping review request. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/cc @mandre @jcpowermac @rvanderp3 @creydr @dougsland |
openshift-ci
bot
requested review from
creydr,
dougsland,
jcpowermac,
mandre and
rvanderp3
|
/retest-required |
|
/test e2e-openstack |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: cgwalters, cybertron, dougsland The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/hold |
openshift-ci
bot
added
the
do-not-merge/hold
|
Weird, the masters didn't join the cluster and we're not getting any logs. |
|
OpenStack CI is on fire 🔥 |
|
/hold cancel |
openshift-ci
bot
removed
the
do-not-merge/hold
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
3 similar comments
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
@cybertron: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
@cybertron: Some pull requests linked via external trackers have merged: The following pull requests linked via external trackers have not merged: These pull request must merge or be unlinked from the Bugzilla bug in order for it to move to the next state. Once unlinked, request a bug refresh with Bugzilla bug 2069740 has not been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/cherry-pick release-4.10 |
|
@cybertron: new pull request created: #3145 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Per [0], the range 30000-32767 is used for kubernetes node ports.
We should not have haproxy listening in that range to avoid possible
conflicts.
0: https://github.com/openshift/openshift-docs/blob/main/modules/installation-network-user-infra.adoc
- What I did
- How to verify it
- Description for the changelog
Move the haproxy listening port out of the kubernetes node port range to avoid conflicts.