[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Exposing ports on environment



Edit of our config:

etcd:
• 2379/TCP  -?                -> from master
• 2380/TCP  -?                -> from etcd host


Master:
• 22/TCP    - ssh            —> 0.0.0.0/0 (from master minimum)
• 8443/TCP  - OpenShift Console    -> 0.0.0.0/0
• 8053/TCP  - SkyDNS            -> from all OpenShift Origin hosts


Node where our router is running (infrastructure nodes):
• 80/TCP    - Web Apps                -> 0.0.0.0/0
• 443/TCP   - Web Apps (https)        —> 0.0.0.0/0
• 4789/UDP  - SDN / VXLAN        -> from other nodes
• 10250/TCP - For use by the Kubelet    -> from master
• 22/TCP    - For ansible installer    -> from master (where we start ansible install)


Every node:
• 4789/UDP  - SDN / VXLAN        -> from other nodes
• 10250/TCP - For use by the Kubelet    -> from master
• 22/TCP    - For ansible installer    -> from master (where we start ansible install)


Do we need additional ports for pushing to our registry or for to be able to pull images or something?


Van: users-bounces lists openshift redhat com <users-bounces lists openshift redhat com> namens Den Cowboy <dencowboy hotmail com>
Verzonden: donderdag 4 augustus 2016 8:57:04
Aan: users lists openshift redhat com
Onderwerp: Exposing ports on environment
 

Hi, we have an openshift origin 1.2 cluster in our environment (1 master, multiple nodes).
Now we are securing it with firewall. We need to know which ports need to be exposed.

We took already a look on https://docs.openshift.org/latest/install_config/install/prerequisites.html#prereq-network-access

But it's still not that clear which ports we need to expose. Is there somewhere an overview about this?

Which ports on the master?
Which ports on the node where our router is running?
Which ports on the other nodes?

Which servers need access to the internet?

This is our presetup (can someone confirm if this is fine or what we need to add/change)

Master:
• 22/TCP    - ssh
• 8443/TCP  - OpenShift Console
• 10250/TCP - kubelet


Node where our router is running:
• 80/TCP    - Web Apps
• 443/TCP   - Web Apps (https)
• 4789/UDP  - SDN / VXLAN


Every node:
• 4789/UDP  - SDN / VXLAN


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]