The root cause of why we need to enable 6080 in OAM firewall is novncproxy using hostNetwork.
in deployment-novncproxy.yaml, it set hostNetwork to true.
In iptables, we can see oam:30680 go to 192.168.204.3:6080 without forward. then it will be filtered if we do not enable 6080 port in oam firewall.
So, there are 2 solutions.
1) No need to expose 30680 node port, just need enable 6080 in oam firewall and connect to oam:6080 directly.
2) Submit a patch for openstack-helm to set hostNetwork to false. Then it will forward to cluster network instead of host network, then it can work as we expected before.
Hi all,
The root cause of why we need to enable 6080 in OAM firewall is novncproxy using hostNetwork. novncproxy. yaml, it set hostNetwork to true.
in deployment-
In iptables, we can see oam:30680 go to 192.168.204.3:6080 without forward. then it will be filtered if we do not enable 6080 port in oam firewall.
So, there are 2 solutions.
1) No need to expose 30680 node port, just need enable 6080 in oam firewall and connect to oam:6080 directly.
2) Submit a patch for openstack-helm to set hostNetwork to false. Then it will forward to cluster network instead of host network, then it can work as we expected before.
I already verified both solutions
Any comment?
Thanks!
Zhipeng