The service load balancer on GCP and other clouds creates a health check to the kube-proxy health port on port 10256, and so the port needs to be exposed by the node firewall in order to set up a service load balancer. Without this service load balancers don't work at all. https://github.com/openshift/openshift-ansible/pull/8561
Verified this bug with openshift-ansible-3.10.0-0.60.0.git.0.bf95bf8.el7.noarch, and PASS. [root@qe-smoke310-master-etcd-1 ~]# iptables -L -n|grep 10256 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:10256
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:1816