You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
HCIDCOS-348: Added requirement for upstream DNS to accept UDP and TCP connections from cluster nodes. Incorporated a few Vale suggestions and fixed Vale errors..
Copy file name to clipboardExpand all lines: modules/ipi-install-network-requirements.adoc
+10-8Lines changed: 10 additions & 8 deletions
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@
6
6
[id="network-requirements_{context}"]
7
7
= Network requirements
8
8
9
-
Installer-provisioned installation of {product-title} involves several network requirements. First, installer-provisioned installation involves an optional non-routable `provisioning` network for provisioning the operating system on each baremetal node. Second, installer-provisioned installation involves a routable `baremetal` network.
9
+
Installer-provisioned installation of {product-title} involves multiple network requirements. First, installer-provisioned installation involves an optional non-routable `provisioning` network for provisioning the operating system on each bare-metal node. Second, installer-provisioned installation involves a routable `baremetal` network.
@@ -28,23 +28,23 @@ Certain ports must be open between cluster nodes for installer-provisioned insta
28
28
29
29
| `123` | The cluster nodes must access the NTP server on port `123` using the `baremetal` machine network.
30
30
31
-
|`5050`| The Ironic Inspector API runs on the control plane nodes and listens on port `5050`. The Inspector API is responsible for hardware introspection, which collects information about the hardware characteristics of the baremetal nodes.
31
+
|`5050`| The Ironic Inspector API runs on the control plane nodes and listens on port `5050`. The Inspector API is responsible for hardware introspection, which collects information about the hardware characteristics of the bare-metal nodes.
32
32
33
33
|`5051`| Port `5050` uses port `5051` as a proxy.
34
34
35
35
|`6180`| When deploying with virtual media and not using TLS, the provisioner node and the control plane nodes must have port `6180` open on the `baremetal` machine network interface so that the baseboard management controller (BMC) of the worker nodes can access the {op-system} image. Starting with {product-title} 4.13, the default HTTP port is `6180`.
36
36
37
37
|`6183`| When deploying with virtual media and using TLS, the provisioner node and the control plane nodes must have port `6183` open on the `baremetal` machine network interface so that the BMC of the worker nodes can access the {op-system} image.
38
38
39
-
|`6385`| The Ironic API server runs initially on the bootstrap VM and later on the control plane nodes and listens on port `6385`. The Ironic API allows clients to interact with Ironic for baremetal node provisioning and management, including operations like enrolling new nodes, managing their power state, deploying images, and cleaning the hardware.
39
+
|`6385`| The Ironic API server runs initially on the bootstrap VM and later on the control plane nodes and listens on port `6385`. The Ironic API allows clients to interact with Ironic for bare-metal node provisioning and management, including operations such as enrolling new nodes, managing their power state, deploying images, and cleaning the hardware.
40
40
41
41
|`6388`| Port `6385` uses port `6388` as a proxy.
42
42
43
43
|`8080`| When using image caching without TLS, port `8080` must be open on the provisioner node and accessible by the BMC interfaces of the cluster nodes.
44
44
45
45
|`8083`| When using the image caching option with TLS, port `8083` must be open on the provisioner node and accessible by the BMC interfaces of the cluster nodes.
46
46
47
-
|`9999`| By default, the Ironic Python Agent (IPA) listens on TCP port `9999` for API calls from the Ironic conductor service. This port is used for communication between the baremetal node where IPA is running and the Ironic conductor service.
47
+
|`9999`| By default, the Ironic Python Agent (IPA) listens on TCP port `9999` for API calls from the Ironic conductor service. Communication between the bare-metal node where IPA is running and the Ironic conductor service uses this port.
48
48
49
49
|====
50
50
@@ -90,6 +90,8 @@ test-cluster.example.com
90
90
91
91
{product-title} includes functionality that uses cluster membership information to generate A/AAAA records. This resolves the node names to their IP addresses. After the nodes are registered with the API, the cluster can disperse node information without using CoreDNS-mDNS. This eliminates the network traffic associated with multicast DNS.
92
92
93
+
CoreDNS requires both TCP and UDP connections to the upstream DNS server to function correctly. Ensure the upstream DNS server can receive both TCP and UDP connections from {product-title} cluster nodes.
94
+
93
95
In {product-title} deployments, DNS name resolution is required for the following components:
94
96
95
97
* The Kubernetes API
@@ -134,7 +136,7 @@ Network administrators must reserve IP addresses for each node in the {product-t
== Reserving IP addresses for nodes with the DHCP server
136
138
137
-
For the `baremetal` network, a network administrator must reserve a number of IP addresses, including:
139
+
For the `baremetal` network, a network administrator must reserve several IP addresses, including:
138
140
139
141
. Two unique virtual IP addresses.
140
142
+
@@ -162,7 +164,7 @@ External load balancing services and the control plane nodes must run on the sam
162
164
The storage interface requires a DHCP reservation or a static IP.
163
165
====
164
166
165
-
The following table provides an exemplary embodiment of fully qualified domain names. The API and Nameserver addresses begin with canonical name extensions. The hostnames of the control plane and worker nodes are exemplary, so you can use any host naming convention you prefer.
167
+
The following table provides an exemplary embodiment of fully qualified domain names. The API and name server addresses begin with canonical name extensions. The hostnames of the control plane and worker nodes are exemplary, so you can use any host naming convention you prefer.
166
168
167
169
[width="100%", cols="3,5,2", options="header"]
168
170
|=====
@@ -180,7 +182,7 @@ The following table provides an exemplary embodiment of fully qualified domain n
180
182
181
183
[NOTE]
182
184
====
183
-
If you do not create DHCP reservations, the installer requires reverse DNS resolution to set the hostnames for the Kubernetes API node, the provisioner node, the control plane nodes, and the worker nodes.
185
+
If you do not create DHCP reservations, the installation program requires reverse DNS resolution to set the hostnames for the Kubernetes API node, the provisioner node, the control plane nodes, and the worker nodes.
184
186
====
185
187
186
188
[id="network-requirements-provisioner_{context}"]
@@ -193,7 +195,7 @@ The provisioner node requires layer 2 connectivity for network booting, DHCP and
193
195
[id="network-requirements-ntp_{context}"]
194
196
== Network Time Protocol (NTP)
195
197
196
-
Each {product-title} node in the cluster must have access to an NTP server. {product-title} nodes use NTP to synchronize their clocks. For example, cluster nodes use SSL certificates that require validation, which might fail if the date and time between the nodes are not in sync.
198
+
Each {product-title} node in the cluster must have access to an NTP server. {product-title} nodes use NTP to synchronize their clocks. For example, cluster nodes use SSL/TLS certificates that require validation, which might fail if the date and time between the nodes are not in sync.
0 commit comments