-
Notifications
You must be signed in to change notification settings - Fork 402
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug 2069740: Avoid kubernetes node port range #3044
Bug 2069740: Avoid kubernetes node port range #3044
Conversation
/test e2e-metal-ipi |
/test e2e-vsphere |
@@ -20,7 +20,7 @@ contents: | |||
bind :::{{`{{ .LBConfig.LbPort }}`}} v4v6 | |||
default_backend masters | |||
listen health_check_http_url | |||
bind :::30936 v4v6 | |||
bind :::20936 v4v6 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't this be in the 9000-9999 range and ideally be specifically reserved (as node exporter and CVO are)?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I had left this out of the range because I thought it could be changed to listen on only localhost, but when I tried that it doesn't work so yeah, I'll have to change it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Marking as requested changes to try to better track PR review status
Per [0], the range 30000-32767 is used for kubernetes node ports. We should not have haproxy listening in that range to avoid possible conflicts. 9444 is adjacent to 9445 where the haproxy frontend listens, but is currently unused in the host port registry. 0: https://github.com/openshift/openshift-docs/blob/main/modules/installation-network-user-infra.adoc
4502c9e
to
675c770
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks sane to me. Do you know if we have any official process for reserving ports in our reserved range? Maybe it should be in openshift/api or something?
Anyways no need to block on that. Will defer lgtm to someone on the on-prem team.
IIUC, the document in the enhancements repo is the authoritative source for port allocations. I have a review up to add our ports: openshift/enhancements#1076 I was going to hold that one until we had actually moved our ports to valid ranges, but I suppose there's an argument that the ports should be reserved in the doc first. I mostly just want to get all of these patches merged so we can stop playing whack-a-mole with port conflicts. :-) |
@cybertron: This pull request references Bugzilla bug 2069740, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/bugzilla refresh |
@cybertron: This pull request references Bugzilla bug 2069740, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker. 3 validation(s) were run on this bug
No GitHub users were found matching the public email listed for the QA contact in Bugzilla (vvoronko@redhat.com), skipping review request. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/cc @mandre @jcpowermac @rvanderp3 @creydr @dougsland |
/retest-required |
/test e2e-openstack |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: cgwalters, cybertron, dougsland The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/hold |
Weird, the masters didn't join the cluster and we're not getting any logs. |
OpenStack CI is on fire 🔥 |
/hold cancel |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
3 similar comments
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
@cybertron: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
@cybertron: Some pull requests linked via external trackers have merged: The following pull requests linked via external trackers have not merged: These pull request must merge or be unlinked from the Bugzilla bug in order for it to move to the next state. Once unlinked, request a bug refresh with Bugzilla bug 2069740 has not been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/cherry-pick release-4.10 |
@cybertron: new pull request created: #3145 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Per [0], the range 30000-32767 is used for kubernetes node ports.
We should not have haproxy listening in that range to avoid possible
conflicts.
0: https://github.com/openshift/openshift-docs/blob/main/modules/installation-network-user-infra.adoc
- What I did
- How to verify it
- Description for the changelog
Move the haproxy listening port out of the kubernetes node port range to avoid conflicts.