Port 5000 for image-registry is not firewall/proxy friendly
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Calico Charm |
Fix Released
|
Undecided
|
Nobuto Murata | ||
Canal Charm |
Fix Released
|
Undecided
|
Nobuto Murata | ||
Kubernetes Control Plane Charm |
Fix Released
|
Undecided
|
Nobuto Murata |
Bug Description
At this moment, kubernetes-master charm uses image-registry.
https:/
The port 5000 is not firewall/proxy friendly since the common rule for egress is usually port 80 for HTTP and port 443 for HTTPS only, then outgoing 5000 tends to be blocked in enterprise environments.
Now that image-registry.
https:/
The migration strategy would need a careful review as some might have explicit whitelist of the pairs of destination host and port, so
1. call out the change in the release/upgrade notes clearly, or
2. some sort of mechanisms not to touch existing deployment and apply the new value to fresh deployments only
would be nice to have.
summary: |
- Port 5000 is not firewall/proxy friendly + Port 5000 for image-registry is not firewall/proxy friendly |
Changed in charm-kubernetes-master: | |
status: | In Progress → Fix Committed |
Changed in charm-canal: | |
status: | In Progress → Fix Committed |
Changed in charm-calico: | |
status: | In Progress → Fix Committed |
Changed in charm-kubernetes-master: | |
milestone: | none → 1.16 |
Changed in charm-canal: | |
milestone: | none → 1.16 |
Changed in charm-calico: | |
milestone: | none → 1.16 |
Changed in charm-calico: | |
status: | Fix Committed → Fix Released |
Changed in charm-canal: | |
status: | Fix Committed → Fix Released |
Changed in charm-kubernetes-master: | |
status: | Fix Committed → Fix Released |
Added calico and canal since they also have charm configs that reference image-registry. canonical. com:5000.