Uploaded image for project: 'Red Hat OpenShift Control Planes'
  1. Red Hat OpenShift Control Planes
  2. CNTRLPLANE-2700

Investigate and document HCP ingress/egress port requirements

XMLWordPrintable

    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • None
    • None
    • None
    • None

      Background

      A customer using Technical Preview of Hosted Control Plane (HCP) found that the current documentation does not show complete ingress/egress rules. The ACM 2.15 documentation only shows kubelet ports but not other special ports required for HCP operation.

      Problem Statement

      The current documentation is incomplete and may cause customer confusion or connectivity issues when setting up firewall rules for HCP deployments.

      Ports Identified for Investigation

      The following ports have been identified by team members as potentially requiring documentation:

      Ingress Ports

      Port Service Description
      6443 KAS Kubernetes API Server
      9090->443 Ignition Server Ignition configuration server
      8443 Ignition Proxy Ignition proxy service
      8091 Konnectivity Server Konnectivity server for control plane communication
      8081 Agent CAPI Health probe Cluster API provider health check
      8080 Agent CAPI Metrics Cluster API provider metrics endpoint

      Egress Ports

      Port Service Description
      443 HTTPS OLM Images and general HTTPS traffic
      443 Ignition Ignition service communication
      6443 KAS Kubernetes API Server communication
      8091 Konnectivity Agent Konnectivity agent for data plane to control plane communication
      53 DNS DNS resolution (TCP/UDP)

      Acceptance Criteria

      • Investigate and verify the complete list of required ingress ports for HCP
      • Investigate and verify the complete list of required egress ports for HCP
      • Identify any platform-specific port requirements (AWS, Azure, Agent, KubeVirt, etc.)
      • Document the purpose of each port and which component uses it
      • Identify the target documentation location (ACM docs, OpenShift docs, or HyperShift repo docs)
      • Create or update documentation with the verified port list
      • Ensure documentation covers all supported HCP platforms

      References

      • ACM 2.15 Documentation (current incomplete reference)
      • HyperShift codebase for port usage verification

              rh-ee-brcox Bryan Cox
              rh-ee-brcox Bryan Cox
              None
              None
              None
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: