docs icon indicating copy to clipboard operation
docs copied to clipboard
verified publisher icon kubermatic

Confusing Cluster Requirements Docs (worker port 10250)

Open pkprzekwas opened this issue 3 years ago • 2 comments

Our customer pointed out that the worker port requirement list contains ports 10250 and 10255 which seems to be unused after checking the code responsible for security group creation.

Checking iptables on worker nodes proofs that kubelet seems to listen on a different ports than 10250 and 10255 (at least for ipv4).

Acceptance criteria: Clarify or remove confusing parts from the documentation.

Support issue: https://support.kubermatic.com/helpdesk/tickets/4088 Confusing documentation part (Worker Node(s)& User Cluster Worker Nodes table on the bottom): https://docs.kubermatic.com/kubermatic/v2.20/architecture/requirements/cluster_requirements/

pkprzekwas avatar Jul 06 '22 09:07 pkprzekwas

Issues go stale after 90d of inactivity. After a furter 30 days, they will turn rotten. Mark the issue as fresh with /remove-lifecycle stale.

If this issue is safe to close now please do so with /close.

/lifecycle stale

kubermatic-bot avatar Oct 04 '22 19:10 kubermatic-bot

Stale issues rot after 30d of inactivity. Mark the issue as fresh with /remove-lifecycle rotten. Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

/lifecycle rotten

kubermatic-bot avatar Nov 03 '22 19:11 kubermatic-bot

Rotten issues close after 30d of inactivity. Reopen the issue with /reopen. Mark the issue as fresh with /remove-lifecycle rotten.

/close

kubermatic-bot avatar Dec 03 '22 19:12 kubermatic-bot

@kubermatic-bot: Closing this issue.

In response to this:

Rotten issues close after 30d of inactivity. Reopen the issue with /reopen. Mark the issue as fresh with /remove-lifecycle rotten.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

kubermatic-bot avatar Dec 03 '22 19:12 kubermatic-bot

@pkprzekwas this is still relevant, no? Should it be reopened?

embik avatar Jan 24 '23 12:01 embik

/reopen

csengerszabo avatar Jan 25 '23 13:01 csengerszabo

@csengerszabo: Reopened this issue.

In response to this:

/reopen

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

kubermatic-bot avatar Jan 25 '23 13:01 kubermatic-bot

To clarify this port 10250 is defiantly used by kubelet and needs to be accessible in between worker nodes.

Some other ports like 10255 are not needed to be exposed as we connect certain components via a Tunnel. This concept is nowhere documented nor explained and the list of required ports is just false in the sense that contains to much ports.

It is also important to note that most ports are only required for internal access and should be blocked for public access.

mate4st avatar Apr 19 '23 09:04 mate4st