Bug 1278687

Summary: Lack of firewall / iptables specification between master and node
Product: OpenShift Container Platform Reporter: Naoya Hashimoto <nhashimo>
Component: DocumentationAssignee: Vikram Goyal <vigoyal>
Status: CLOSED NEXTRELEASE QA Contact: Vikram Goyal <vigoyal>
Severity: medium Docs Contact: Vikram Goyal <vigoyal>
Priority: medium    
Version: 3.0.0CC: aos-bugs, jokerman, knakayam, mmccomas, nhashimo
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
URL: https://access.redhat.com/documentation/en/openshift-enterprise/version-3.0/openshift-enterprise-30-architecture/architecture
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-11-16 00:44:32 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Naoya Hashimoto 2015-11-06 07:28:17 UTC 
Document URL: 
https://access.redhat.com/documentation/en/openshift-enterprise/version-3.0/openshift-enterprise-30-architecture/architecture

Section Number and Name: 
CHAPTER 2. INFRASTRUCTURE COMPONENTS

Describe the issue: 
No specification or requirement about firewall or iptables are provided at OSEv3 and it makes hard to understand which ports the components or processes of openshift-master and openshift-node require when we need to troubleshoot about communication problem or tell if it is caused by firewall or iptables.

Suggestions for improvement: 
OSEv2 provides specification of firewall and iptables.
It would be nicer to add such information in the OSEv3 documentation.

Additional information: 
Cf. Table 5.1. Required Ports for OpenShift Enterprise
<https://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/Deployment_Guide/#Custom_and_External_Firewalls>
Comment 2 Kenjiro Nakayama 2015-11-09 04:43:41 UTC 
Upstream (origin doc) has already been merged.

https://github.com/openshift/openshift-docs/pull/1136
https://docs.openshift.org/latest/admin_guide/available_ports.html

I think it will be synced to OSE doc very soon.
Comment 4 Naoya Hashimoto 2015-11-09 05:47:42 UTC 
That will be great. 
Look forward to the merge.Thanks.
Comment 5 Naoya Hashimoto 2015-11-13 03:25:45 UTC 
The following page was available, but not right now.
https://docs.openshift.org/latest/admin_guide/available_ports.html
The page is moved or deleted?
Comment 6 Kenjiro Nakayama 2015-11-13 03:30:45 UTC 
Moved. Now here it is https://docs.openshift.org/latest/install_config/install/prerequisites.html#prereq-network-access
Comment 9 Naoya Hashimoto 2015-11-16 00:38:14 UTC 
Thanks, I confirmed the page is moved into the above section.