Bug 1583833 - Service load balancers don't work on GCP (and others) that depend on health port being exposed
Summary: Service load balancers don't work on GCP (and others) that depend on health p...
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 3.10.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 3.10.0
Assignee: Vadim Rutkovsky
QA Contact: Johnny Liu
Depends On:
Blocks: 1594306
TreeView+ depends on / blocked
Reported: 2018-05-29 20:30 UTC by Clayton Coleman
Modified: 2018-07-30 19:17 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1594306 (view as bug list)
Last Closed: 2018-07-30 19:16:51 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:1816 None None None 2018-07-30 19:17:40 UTC

Description Clayton Coleman 2018-05-29 20:30:06 UTC
The service load balancer on GCP and other clouds creates a health check to the kube-proxy health port on port 10256, and so the port needs to be exposed by the node firewall in order to set up a service load balancer.

Without this service load balancers don't work at all.


Comment 3 Johnny Liu 2018-06-06 01:27:48 UTC
Verified this bug with openshift-ansible-3.10.0-0.60.0.git.0.bf95bf8.el7.noarch, and PASS.

[root@qe-smoke310-master-etcd-1 ~]# iptables -L -n|grep 10256
ACCEPT     tcp  --              state NEW tcp dpt:10256

Comment 6 errata-xmlrpc 2018-07-30 19:16:51 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.