Bug 1878913 - NodePort extent feature only applicable for UPI clusters
Summary: NodePort extent feature only applicable for UPI clusters
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Documentation
Version: 4.6
Hardware: x86_64
OS: All
Target Milestone: ---
: 4.6.0
Assignee: Jason Boxman
QA Contact: Xiaoli Tian
Vikram Goyal
Depends On:
TreeView+ depends on / blocked
Reported: 2020-09-14 21:25 UTC by Jatan Malde
Modified: 2020-09-28 03:29 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2020-09-28 03:29:41 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description Jatan Malde 2020-09-14 21:25:22 UTC
Document URL: 

As per the bugzilla https://bugzilla.redhat.com/show_bug.cgi?id=1868287#c1 the feature mentioned here fails on IPI install. 



The above documentation does not highlight the same, we can update the doc with the inclusion of feature with UPI clusters only. We can include a note for this feature. 

Test results fail on an IPI cluster,

[root@vm251-77 ~]# oc patch network.config.openshift.io cluster --type=merge -p \
>    '{
>      "spec":
>        { "serviceNodePortRange": "30000-39999" }
>    }'
network.config.openshift.io/cluster patched

[root@vm251-77 ~]# oc get configmaps -n openshift-kube-apiserver config \
>   -o jsonpath="{.data['config\.yaml']}" | \
>   grep -Eo '"service-node-port-range":["[[:digit:]]+-[[:digit:]]+"]'

[root@vm251-77 ~]# oc get svc
NAME      TYPE       CLUSTER-IP       EXTERNAL-IP   PORT(S)          AGE
ruby-ex   NodePort   <none>        8080:33911/TCP   13m
[root@vm251-77 ~]# oc get ep
NAME      ENDPOINTS           AGE
ruby-ex   13m
[root@vm251-77 ~]# oc expose svc/ruby-ex
route.route.openshift.io/ruby-ex exposed
[root@vm251-77 ~]# oc get route
NAME      HOST/PORT                                                PATH   SERVICES   PORT       TERMINATION   WILDCARD
ruby-ex   ruby-ex-nodeporttest.apps.simore-46.indiashift.support          ruby-ex    8080-tcp                 None
[root@vm251-77 ~]# curl -kvv https://ruby-ex-nodeporttest.apps.simore-46.indiashift.support:33911
* About to connect() to ruby-ex-nodeporttest.apps.simore-46.indiashift.support port 33911 (#0)
*   Trying

Section Number and Name: 

Describe the issue: 

Suggestions for improvement: 

Additional information:

Comment 1 Jatan Malde 2020-09-14 21:47:33 UTC
The documentation could also include the commands to remove them if an user attempts the patch command and then wishes to take them out. 


Comment 3 Jason Boxman 2020-09-24 01:05:47 UTC
So, I think the relationship between user-provisioned and installer-provisioned infrastructure has come up in the past, and once the cluster is installed, it is all OpenShift. There isn't supposed to be any distinction.

So I don't think it is correct to say that it only works on user-provisioned infrastructure; the controlling issue is whether the expanded port range is accessible on the nodes or not.

I'll replace "security groups" with terminology that is platform agnostic.


Comment 4 Jason Boxman 2020-09-24 15:18:17 UTC
For this feature, it is not currently possible to revert a change after it has been made, so there is no procedure for reverting.

Comment 5 Jason Boxman 2020-09-24 21:47:42 UTC
I clarified the language regarding firewalls and packet filtering devices.

Note You need to log in before you can comment on or make changes to this bug.