From c7451016fd323620ecc8b2d935369c3f83ef89ff Mon Sep 17 00:00:00 2001 From: Vishal Thapar <5137689+vthapar@users.noreply.github.com> Date: Thu, 27 Oct 2022 09:27:21 +0530 Subject: [PATCH] Cloud prepare doesn't open metrics ports As part of metrics proxy redesign, we no longer need to open ports 8080 and 8081 in the firewall as part of cloud prepare. Refer https://github.com/submariner-io/enhancements/pull/128 Signed-off-by: Vishal Thapar <5137689+vthapar@users.noreply.github.com> --- src/content/getting-started/_index.en.md | 3 --- src/content/operations/deployment/subctl/_index.en.md | 4 ---- src/content/operations/usage/_index.en.md | 1 + 3 files changed, 1 insertion(+), 7 deletions(-) diff --git a/src/content/getting-started/_index.en.md b/src/content/getting-started/_index.en.md index 968a8a70a..9220f72ad 100644 --- a/src/content/getting-started/_index.en.md +++ b/src/content/getting-started/_index.en.md @@ -44,9 +44,6 @@ For clusters behind corporate firewalls that block the default ports, Submariner * Submariner uses UDP port 4800 to encapsulate Pod traffic from worker and master nodes to the Gateway nodes. This is required in order to preserve the source IP addresses of the Pods. Ensure that firewall configuration allows 4800/UDP across all nodes in the cluster in both directions. This is not a requirement when using OVN-Kubernetes CNI. -* Submariner uses TCP port 8080 to export metrics on the Gateway nodes. Ensure that firewall configuration allows ingress 8080/TCP on -the Gateway nodes so that other nodes in the cluster can access it. Also, no other workload on the Gateway nodes should be listening on TCP -port 8080. * Worker node IPs on all connected clusters must be outside of the Pod/Service CIDR ranges. * Submariner can be deployed on x86-64 and ARM64 nodes. (Submariner components are deployed on _all_ nodes in the cluster, diff --git a/src/content/operations/deployment/subctl/_index.en.md b/src/content/operations/deployment/subctl/_index.en.md index b8bc5aa49..2507c8e2b 100644 --- a/src/content/operations/deployment/subctl/_index.en.md +++ b/src/content/operations/deployment/subctl/_index.en.md @@ -295,7 +295,6 @@ Below is a list of available sub-commands: | `kube-proxy-mode [flags]` | checks if the kube-proxy mode is supported by Submariner | `--namespace` `` | `cni` | checks if the detected CNI network plugin is supported by Submariner | `firewall intra-cluster [flags]` | checks if the firewall configuration allows traffic via intra-cluster Submariner VXLAN interface | `--validation-timeout` `` , `--verbose`, `--namespace` `` -| `firewall metrics [flags]` | checks if the firewall configuration allows metrics to be accessed from the Gateway nodes | `--validation-timeout` `` , `--verbose`, `--namespace` `` | `firewall inter-cluster [flags]` | checks if the firewall configuration allows tunnels to be configured on the Gateway nodes | `--validation-timeout` ``, `--verbose`, `--namespace` `` | `all` | runs all diagnostic checks (except those requiring two kubecontexts) | @@ -387,7 +386,6 @@ This command prepares an OpenShift installer-provisioned infrastructure (IPI) on | `--ocp-metadata` `` | OCP metadata.json file (or directory containing it) to read AWS infra ID and region from | `--profile` `` | AWS profile to use for credentials | `--region` `` | AWS region -| `--metrics-ports` `` | Metrics ports, comma-separated (default 8080,8081) | `--nat-discovery-port` `` | NAT discovery port (default 4490) | `--natt-port` `` | IPsec NAT Traversal port (default 4500) | `--vxlan-port` `` | Internal VXLAN port (default 4800). Not required when using OVN-Kubernetes CNI @@ -408,7 +406,6 @@ This command prepares an OpenShift installer-provisioned infrastructure (IPI) on | `--ocp-metadata` `` | OCP metadata.json file (or directory containing it) to read GCP infra ID and region from | `--project-id` `` | GCP project ID | `--region` `` | GCP region -| `--metrics-ports` `` | Metrics ports, comma-separated (default 8080,8081) | `--nat-discovery-port` `` | NAT discovery port (default 4490) | `--natt-port` `` | IPsec NAT Traversal port (default 4500) | `--vxlan-port` `` | Internal VXLAN port (default 4800). Not required when using OVN-Kubernetes CNI @@ -429,7 +426,6 @@ This command prepares an OpenShift installer-provisioned infrastructure (IPI) on | `--ocp-metadata` `` | OCP metadata.json file (or directory containing it) to read OpenStack infra ID and region from | `--project-id` `` | OpenStack project ID | `--region` `` | OpenStack region -| `--metrics-ports` `` | Metrics ports, comma-separated (default 8080,8081) | `--nat-discovery-port` `` | NAT discovery port (default 4490) | `--natt-port` `` | IPsec NAT Traversal port (default 4500) | `--vxlan-port` `` | Internal VXLAN port (default 4800). Not required when using OVN-Kubernetes CNI diff --git a/src/content/operations/usage/_index.en.md b/src/content/operations/usage/_index.en.md index 979b80b33..0fa079485 100644 --- a/src/content/operations/usage/_index.en.md +++ b/src/content/operations/usage/_index.en.md @@ -79,6 +79,7 @@ Pods, you can specify the `--watch` flag with the command: $ kubectl -n submariner-operator get pods NAME READY STATUS RESTARTS AGE submariner-gateway-btzrq 1/1 Running 0 76s +submariner-metrics-proxy-sznnc 1/1 Running 0 76s submariner-lighthouse-agent-586cf4899-wn747 1/1 Running 0 75s submariner-lighthouse-coredns-c88f64f5-h77kw 1/1 Running 0 73s submariner-lighthouse-coredns-c88f64f5-qlw4x 1/1 Running 0 73s