starlingx/docs
Code Issues Proposed changes

Documentation unclear on the port flow matrix (r6,r7,dsR6,dsR7)

Browse Source 
Added missing port requirements in table.

Signed-off-by: Elisamara Aoki Goncalves <elisamaraaoki.goncalves@windriver.com>
Change-Id: I3c1697d5a65390147af6590b36e44f6a018edc21
This commit is contained in:
Elisamara Aoki Goncalves 2022-09-28 17:06:58 -03:00
parent 362af54d37
commit 9bbdf054e0
1 changed files with 51 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
doc/source/dist_cloud/kubernetes/distributed-cloud-ports-reference.rst
View File

@ -19,8 +19,12 @@ function correctly.
+==========+=======+=========+==================+==================+==================+==================================================+=====================================+=========================================+
| tcp | 22 | oam | ssh | allowed | allowed | System Controller | Subclouds | For admin login |
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 22 | oam | ssh | allowed | allowed | Subclouds | System Controller | For admin login |
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 22 | mgmt | ssh | allowed | allowed | System Controller | Subclouds | |
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 22 | mgmt | ssh | allowed | allowed | Subclouds | System Controller | |
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| udp | 123 | oam | ntp | allowed | allowed | Not used between System Controller and Subclouds | | |
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| udp | 123 | mgmt | ntp | allowed | allowed | Not used between System Controller and Subclouds | | |
@ -29,6 +33,14 @@ function correctly.
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| udp | 161 | mgmt | snmp | allowed | allowed | Not used between System Controller and Subclouds | | |
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| udp | 162 | oam | snmp trap | allowed | allowed | System Controller | Subclouds | |
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| udp | 162 | oam | snmp trap | allowed | allowed | Subclouds | System Controller | |
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| udp | 162 | mgmt | snmp trap | allowed | allowed | System Controller | Subclouds | |
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| udp | 162 | mgmt | snmp trap | allowed | allowed | Subclouds | System Controller | |
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 162 | oam | snmp trap | allowed | allowed | Not used between System Controller and Subclouds | | |
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 162 | mgmt | snmp trap | allowed | allowed | Not used between System Controller and Subclouds | | |
@ -37,6 +49,8 @@ function correctly.
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 389 | mgmt | openLDAP | allowed | NA | System Controller | Subclouds | LDAP service |
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 389 | mgmt | openLDAP | allowed | NA | Subclouds | System Controller | LDAP service |
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 873 | oam | rsyncd | blocked(by gnp) | blocked(by gnp) | Not used between System Controller and Subclouds | | Used for synchronizing patches among |
| | | | | | | | | nodes |
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
@ -61,12 +75,16 @@ function correctly.
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 4546 | mgmt | stx-nfv | allowed(service admin endpoint) | System Controller | Subclouds |vim-restapi admin endpoint, https enabled|
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 4546 | mgmt | stx-nfv | allowed(service admin endpoint) | Subclouds | System Controller |vim-restapi admin endpoint, https enabled|
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 5000 | oam | keystone-api | allowed(service public endpoint) | Not used between System Controller and Subclouds | | |
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 5000 | mgmt | keystone-api | allowed(service internal endpoint) | Not used between System Controller and Subclouds | | |
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 5001 | mgmt | keystone-api | allowed(service admin endpoint) | System Controller | Subclouds | https enabled |
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 5001 | mgmt | keystone-api | allowed(service admin endpoint) | Subclouds | System Controller | https enabled |
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 5432 | oam | postgres | blocked (by gnp) | blocked (by gnp) | Not used between System Controller and Subclouds | | postgres db serving port |
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 5432 | mgmt | postgres | allowed(serving port) | Not used between System Controller and Subclouds | | postgres db serving port |
@ -77,6 +95,8 @@ function correctly.
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 5492 | mgmt | patching-api | allowed(service admin endpoint) | System Controller | Subclouds |patching-api admin endpoint,https enabled|
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 5492 | mgmt | patching-api | allowed(service admin endpoint) | Subclouds | System Controller |patching-api admin endpoint,https enabled|
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 15491 | oam | patching-api | allowed(service public endpoint) | Not used between System Controller and Subclouds | | patching-api public endpoint |
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 6385 | oam | sysinv-api | allowed(service public endpoint) | Not used between System Controller and Subclouds | | |
@ -85,6 +105,8 @@ function correctly.
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 6386 | mgmt | sysinv-api | allowed(service public endpoint) | System Controller | Subclouds | https enabled |
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 6386 | mgmt | sysinv-api | allowed(service public endpoint) | Subclouds | System Controller | https enabled |
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 6443 | oam | K8s API server | allowed | allowed | Not used between System Controller and Subclouds | System Controller | https enabled |
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 6443 | mgmt | K8s API server | allowed | allowed | System Controller | System Controller | https enabled |
@ -115,6 +137,8 @@ function correctly.
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 8080 | mgmt | horizon http | allowed | allowed | System Controller | Subclouds | Not required if using https |
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 8080 | mgmt | horizon http | allowed | allowed | Subclouds | System Controller | Not required if using https |
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 8119 | oam | stx-distcloud | allowed(service | NA | Not used between System Controller and Subclouds | | dcmanager-api |
| | | | | public endpoint) | | | | |
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
@ -128,15 +152,29 @@ function correctly.
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 8220 | mgmt | dcdbsync-api | allowed(service admin endpoint) | System Controller | Subclouds | https enabled |
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 8220 | mgmt | dcdbsync-api | allowed(service admin endpoint) | Subclouds | System Controller | https enabled |
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 8443 | oam | horizon https | allowed | blocked(by gnp) | Not used between System Controller and Subclouds | | |
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 8443 | mgmt | horizon https | allowed | allowed | System Controller | Subclouds | |
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 9001 | oam | Docker registry | allowed(serving port) | Not used between System Controller and Subclouds | | https enabled |
| tcp | 8443 | mgmt | horizon https | allowed | allowed | Subclouds | System Controller | |
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 9001 | oam | Docker registry | allowed(serving port) | System Controller | Subclouds | https enabled |
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 9001 | oam | Docker registry | allowed(serving port) | Subclouds | System Controller | https enabled |
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 9001 | mgmt | Docker registry | allowed(serving port) | System Controller | Subclouds | https enabled |
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 9001 | mgmt | Docker registry | allowed(serving port) | Subclouds | System Controller | https enabled |
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 9002 | oam | Registry token | allowed(serving port) | Not used between System Controller and Subclouds | | https enabled |
| tcp | 9002 | oam | Registry token | allowed(serving port) | System Controller | Subclouds | https enabled |
| | | | server | | | | |
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 9002 | oam | Registry token | allowed(serving port) | Subclouds | System Controller | https enabled |
| | | | server | | | | |
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 9002 | mgmt | Registry token | allowed(serving port) | System Controller | Subclouds | https enabled |
| | | | server | | | | |
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 9002 | mgmt | Registry token | allowed(serving port) | Subclouds | System Controller | https enabled |
@ -148,6 +186,8 @@ function correctly.
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 9312 | mgmt | barbican-api | allowed(service admin endpoint) | System Controller |Subclouds | https enabled |
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 9312 | mgmt | barbican-api | allowed(service admin endpoint) | Subclouds |System Controller | https enabled |
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 11211 | mgmt | memcached | allowed(keystone cache backend) | Not used between System Controller and Subclouds | | keystone cache backend |
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 18002 | oam | stx-fault | allowed(service public endpoint) | Not used between System Controller and Subclouds | | |
@ -156,6 +196,8 @@ function correctly.
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 18003 | mgmt | stx-fault | allowed(service admin endpoint) | System Controller | Subclouds | https enabled |
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 18003 | mgmt | stx-fault | allowed(service admin endpoint) | Subclouds | System Controller | https enabled |
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| icmp | NA | oam | icmp | allowed | allowed | Not used between System Controller and Subclouds | | |
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| icmp | NA | mgmt | icmp | allowed | allowed | Not used between System Controller and Subclouds | | |
@ -180,7 +222,13 @@ function correctly.
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 30556 | mgmt | DEX OIDC Provider| allowed(serving port) | Not used between System Controller and Subclouds | | Only when OIDC app is applied |
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 31001 | oam | Elastic Dashboard| allowed(NodePort)| NA | Not used between System Controller and Subclouds | | Only when Analytics is applied, https |
| tcp | 31001 | oam | Elastic Dashboard| allowed(NodePort)| NA | System Controller | Subclouds | Only when Analytics is applied, https |
| | | | and API | | | | | enabled |
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 31001 | oam | Elastic Dashboard| allowed(NodePort)| NA | Subclouds | System Controller | Only when Analytics is applied, https |
| | | | and API | | | | | enabled |
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 31001 | mgmt | Elastic Dashboard| allowed(NodePort)| NA | System Controller | Subclouds | Only when Analytics is applied, https |
| | | | and API | | | | | enabled |
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
| tcp | 31001 | mgmt | Elastic Dashboard| allowed(NodePort)| NA | Subclouds | System Controller | Only when Analytics is applied, https |