In OpenShift 3.x we opened 9000-9999 for TCP for all internal connections
between masters, infra, and workers so that we could have a range that
host level services inside the cluster could coordinate on. This range
is analogous to node ports, except unlike node ports it is only available
on the inside. The most common consumers are node network metrics ports
(node exporter, cluster version operator, network operator, sdn, node
proxy) that need to be reachable from prometheus without magic tricks.
A second set is internal secured services that want to connect but must
be host network, like gluster, storage services, or other cluster level
proxies.
Open the range 9000-9999 by default so that new services don't require
either a reinstall or manual management. Future changes in the platform
may autoallocate from this range, but for now teams must reserve.
This reverts commit 725af9ec07.
Whenever a new security group is created in OpenStack, an egress rule is
added as well by default.
The rules here are not necessary and they break the deployment. When
Terraform attemts to create the egress rules, it recieves a 409 response
from Neutron and errors out.
This commit includes support for OpenStack as a target deployment
platform. There are still some things to implement, such as DNS and
destroy support, that will come in future PRs.
Contributors (in alphabetical order) include:
Co-authored-by: Flavio Percoco <flavio@redhat.com>
Co-authored-by: Jeremiah Stuever <jstuever@redhat.com>
Co-authored-by: Russell Bryant <rbryant@redhat.com>
Co-authored-by: Steven Hardy <shardy@redhat.com>
Co-authored-by: Tomas Sedovic <tsedovic@redhat.com>
Co-authored-by: W. Trevor King <wking@tremily.us>
