diff --git a/doc/source/dist_cloud/kubernetes/distributed-cloud-ports-reference.rst b/doc/source/dist_cloud/kubernetes/distributed-cloud-ports-reference.rst index 397023e3f..e991f6b61 100644 --- a/doc/source/dist_cloud/kubernetes/distributed-cloud-ports-reference.rst +++ b/doc/source/dist_cloud/kubernetes/distributed-cloud-ports-reference.rst @@ -19,8 +19,12 @@ function correctly. +==========+=======+=========+==================+==================+==================+==================================================+=====================================+=========================================+ | tcp | 22 | oam | ssh | allowed | allowed | System Controller | Subclouds | For admin login | +----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ + | tcp | 22 | oam | ssh | allowed | allowed | Subclouds | System Controller | For admin login | + +----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ | tcp | 22 | mgmt | ssh | allowed | allowed | System Controller | Subclouds | | +----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ + | tcp | 22 | mgmt | ssh | allowed | allowed | Subclouds | System Controller | | + +----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ | udp | 123 | oam | ntp | allowed | allowed | Not used between System Controller and Subclouds | | | +----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ | udp | 123 | mgmt | ntp | allowed | allowed | Not used between System Controller and Subclouds | | | @@ -29,6 +33,14 @@ function correctly. +----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ | udp | 161 | mgmt | snmp | allowed | allowed | Not used between System Controller and Subclouds | | | +----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ + | udp | 162 | oam | snmp trap | allowed | allowed | System Controller | Subclouds | | + +----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ + | udp | 162 | oam | snmp trap | allowed | allowed | Subclouds | System Controller | | + +----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ + | udp | 162 | mgmt | snmp trap | allowed | allowed | System Controller | Subclouds | | + +----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ + | udp | 162 | mgmt | snmp trap | allowed | allowed | Subclouds | System Controller | | + +----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ | tcp | 162 | oam | snmp trap | allowed | allowed | Not used between System Controller and Subclouds | | | +----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ | tcp | 162 | mgmt | snmp trap | allowed | allowed | Not used between System Controller and Subclouds | | | @@ -37,6 +49,8 @@ function correctly. +----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ | tcp | 389 | mgmt | openLDAP | allowed | NA | System Controller | Subclouds | LDAP service | +----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ + | tcp | 389 | mgmt | openLDAP | allowed | NA | Subclouds | System Controller | LDAP service | + +----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ | tcp | 873 | oam | rsyncd | blocked(by gnp) | blocked(by gnp) | Not used between System Controller and Subclouds | | Used for synchronizing patches among | | | | | | | | | | nodes | +----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ @@ -61,12 +75,16 @@ function correctly. +----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ | tcp | 4546 | mgmt | stx-nfv | allowed(service admin endpoint) | System Controller | Subclouds |vim-restapi admin endpoint, https enabled| +----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ + | tcp | 4546 | mgmt | stx-nfv | allowed(service admin endpoint) | Subclouds | System Controller |vim-restapi admin endpoint, https enabled| + +----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ | tcp | 5000 | oam | keystone-api | allowed(service public endpoint) | Not used between System Controller and Subclouds | | | +----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ | tcp | 5000 | mgmt | keystone-api | allowed(service internal endpoint) | Not used between System Controller and Subclouds | | | +----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ | tcp | 5001 | mgmt | keystone-api | allowed(service admin endpoint) | System Controller | Subclouds | https enabled | +----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ + | tcp | 5001 | mgmt | keystone-api | allowed(service admin endpoint) | Subclouds | System Controller | https enabled | + +----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ | tcp | 5432 | oam | postgres | blocked (by gnp) | blocked (by gnp) | Not used between System Controller and Subclouds | | postgres db serving port | +----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ | tcp | 5432 | mgmt | postgres | allowed(serving port) | Not used between System Controller and Subclouds | | postgres db serving port | @@ -77,6 +95,8 @@ function correctly. +----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ | tcp | 5492 | mgmt | patching-api | allowed(service admin endpoint) | System Controller | Subclouds |patching-api admin endpoint,https enabled| +----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ + | tcp | 5492 | mgmt | patching-api | allowed(service admin endpoint) | Subclouds | System Controller |patching-api admin endpoint,https enabled| + +----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ | tcp | 15491 | oam | patching-api | allowed(service public endpoint) | Not used between System Controller and Subclouds | | patching-api public endpoint | +----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ | tcp | 6385 | oam | sysinv-api | allowed(service public endpoint) | Not used between System Controller and Subclouds | | | @@ -85,6 +105,8 @@ function correctly. +----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ | tcp | 6386 | mgmt | sysinv-api | allowed(service public endpoint) | System Controller | Subclouds | https enabled | +----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ + | tcp | 6386 | mgmt | sysinv-api | allowed(service public endpoint) | Subclouds | System Controller | https enabled | + +----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ | tcp | 6443 | oam | K8s API server | allowed | allowed | Not used between System Controller and Subclouds | System Controller | https enabled | +----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ | tcp | 6443 | mgmt | K8s API server | allowed | allowed | System Controller | System Controller | https enabled | @@ -115,6 +137,8 @@ function correctly. +----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ | tcp | 8080 | mgmt | horizon http | allowed | allowed | System Controller | Subclouds | Not required if using https | +----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ + | tcp | 8080 | mgmt | horizon http | allowed | allowed | Subclouds | System Controller | Not required if using https | + +----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ | tcp | 8119 | oam | stx-distcloud | allowed(service | NA | Not used between System Controller and Subclouds | | dcmanager-api | | | | | | public endpoint) | | | | | +----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ @@ -128,15 +152,29 @@ function correctly. +----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ | tcp | 8220 | mgmt | dcdbsync-api | allowed(service admin endpoint) | System Controller | Subclouds | https enabled | +----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ + | tcp | 8220 | mgmt | dcdbsync-api | allowed(service admin endpoint) | Subclouds | System Controller | https enabled | + +----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ | tcp | 8443 | oam | horizon https | allowed | blocked(by gnp) | Not used between System Controller and Subclouds | | | +----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ | tcp | 8443 | mgmt | horizon https | allowed | allowed | System Controller | Subclouds | | +----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ - | tcp | 9001 | oam | Docker registry | allowed(serving port) | Not used between System Controller and Subclouds | | https enabled | + | tcp | 8443 | mgmt | horizon https | allowed | allowed | Subclouds | System Controller | | + +----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ + | tcp | 9001 | oam | Docker registry | allowed(serving port) | System Controller | Subclouds | https enabled | + +----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ + | tcp | 9001 | oam | Docker registry | allowed(serving port) | Subclouds | System Controller | https enabled | + +----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ + | tcp | 9001 | mgmt | Docker registry | allowed(serving port) | System Controller | Subclouds | https enabled | +----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ | tcp | 9001 | mgmt | Docker registry | allowed(serving port) | Subclouds | System Controller | https enabled | +----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ - | tcp | 9002 | oam | Registry token | allowed(serving port) | Not used between System Controller and Subclouds | | https enabled | + | tcp | 9002 | oam | Registry token | allowed(serving port) | System Controller | Subclouds | https enabled | + | | | | server | | | | | + +----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ + | tcp | 9002 | oam | Registry token | allowed(serving port) | Subclouds | System Controller | https enabled | + | | | | server | | | | | + +----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ + | tcp | 9002 | mgmt | Registry token | allowed(serving port) | System Controller | Subclouds | https enabled | | | | | server | | | | | +----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ | tcp | 9002 | mgmt | Registry token | allowed(serving port) | Subclouds | System Controller | https enabled | @@ -148,6 +186,8 @@ function correctly. +----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ | tcp | 9312 | mgmt | barbican-api | allowed(service admin endpoint) | System Controller |Subclouds | https enabled | +----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ + | tcp | 9312 | mgmt | barbican-api | allowed(service admin endpoint) | Subclouds |System Controller | https enabled | + +----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ | tcp | 11211 | mgmt | memcached | allowed(keystone cache backend) | Not used between System Controller and Subclouds | | keystone cache backend | +----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ | tcp | 18002 | oam | stx-fault | allowed(service public endpoint) | Not used between System Controller and Subclouds | | | @@ -156,6 +196,8 @@ function correctly. +----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ | tcp | 18003 | mgmt | stx-fault | allowed(service admin endpoint) | System Controller | Subclouds | https enabled | +----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ + | tcp | 18003 | mgmt | stx-fault | allowed(service admin endpoint) | Subclouds | System Controller | https enabled | + +----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ | icmp | NA | oam | icmp | allowed | allowed | Not used between System Controller and Subclouds | | | +----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ | icmp | NA | mgmt | icmp | allowed | allowed | Not used between System Controller and Subclouds | | | @@ -180,7 +222,13 @@ function correctly. +----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ | tcp | 30556 | mgmt | DEX OIDC Provider| allowed(serving port) | Not used between System Controller and Subclouds | | Only when OIDC app is applied | +----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ - | tcp | 31001 | oam | Elastic Dashboard| allowed(NodePort)| NA | Not used between System Controller and Subclouds | | Only when Analytics is applied, https | + | tcp | 31001 | oam | Elastic Dashboard| allowed(NodePort)| NA | System Controller | Subclouds | Only when Analytics is applied, https | + | | | | and API | | | | | enabled | + +----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ + | tcp | 31001 | oam | Elastic Dashboard| allowed(NodePort)| NA | Subclouds | System Controller | Only when Analytics is applied, https | + | | | | and API | | | | | enabled | + +----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ + | tcp | 31001 | mgmt | Elastic Dashboard| allowed(NodePort)| NA | System Controller | Subclouds | Only when Analytics is applied, https | | | | | and API | | | | | enabled | +----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+ | tcp | 31001 | mgmt | Elastic Dashboard| allowed(NodePort)| NA | Subclouds | System Controller | Only when Analytics is applied, https |