Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-9215

Stats port should not be documented to be exposed by load balancer

XMLWordPrintable

    • Moderate
    • 5
    • OSDOCS Sprint 237, OSDOCS Sprint 238
    • 2
    • Unspecified
    • If docs needed, set a value

      Document URL:

      https://docs.openshift.com/container-platform/4.10/installing/installing_vsphere/installing-vsphere.html#installation-load-balancing-user-infra_installing-vsphere

      Section Number and Name:

      Installing / Installing on vSphere / Installing a cluster on vSphere with user-provisioned infrastructure

      Describe the issue:

      Table 9 shows that it is required to expose stats port 1936 through ingress load balancer. That is not correct and doesn't make any sense.

      Port 1936 must be allowed from the firewalls because internal components need to be able to reach it for monitoring purposes. However, the main ingress load balancer should not expose it, as users don't need to access those stats (and in most cases, shouldn't).

      Suggestions for improvement:

      • Remove that port from Table 9
      • Make more explicit that the port needs to be open on the ingress nodes at firewalls, but not exposed via balancer.

      Additional information:

      Even the example config "Sample API and application ingress load balancer configuration" doesn't forward that port, but uses it to expose the stats from the example ingress load balancer.

            dfitzmau@redhat.com Darragh Fitzmaurice
            rhn-support-palonsor Pablo Alonso Rodriguez
            Shang Gao Shang Gao
            Latha Sreenivasa Murthy Latha Sreenivasa Murthy
            Red Hat Employee
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: