Discussion of "Allow service NodePorts on low ports" on the next sig-network agenda

137 views
Skip to first unread message

Manu Miu

unread,
Oct 3, 2020, 12:51:08 PM10/3/20
to kubernetes-sig-network
Hi all,

Not sure if this is the correct procedure but a lot of people in this Github issue conversation are asking to lift the default port range limitation on NodePorts services (as described in the issue description by Tim Hockin).
Even if there are good reasons not to implement that feature, we would appreciate an explanation.
I've already added this topic as suggestion in the SIG Meeting Google Sheet.

Thanks and best,
Manu

Sandor Szuecs

unread,
Oct 3, 2020, 2:59:48 PM10/3/20
to Manu Miu, kubernetes-sig-network
Hi! 
I have 2 questions.

Do we have a flag that can change the default?

If we would have it, why this would not be feasible?

Best, sandor

--


You received this message because you are subscribed to the Google Groups "kubernetes-sig-network" group.


To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-sig-ne...@googlegroups.com.


To view this discussion on the web visit https://groups.google.com/d/msgid/kubernetes-sig-network/67c35bc8-6336-4b88-86e7-713497db4917n%40googlegroups.com.


--
Sandor Szücs | 418 I'm a teapot

Antonio Ojea

unread,
Oct 4, 2020, 4:43:53 AM10/4/20
to Sandor Szuecs, Manu Miu, kubernetes-sig-network
You can specify a different NodePort range in the apiserver

--service-node-port-range portRange     Default: 30000-32767 A port range to reserve for services with NodePort visibility. Example: '30000-32767'. Inclusive at both ends of the range.


I did not try myself, but at first sight I couldn't see any place limiting the port range space, so it seems to be possible to use NodePorts on low ports

However, I do agree with Tim comments on the issue, that is opening infinite possibilities of networking going wrong, and I personally think that it should be done at the cluster admin own risk, i.e. I do not think that sig-network should triage issues related to: "I have my NodePort listening on port 443 and my cluster stopped to work", "When I configure NodePort range from 0-1024 I can not ssh into my nodes", .... ;)

To view this discussion on the web visit https://groups.google.com/d/msgid/kubernetes-sig-network/CAHNrm7%2BVvL%2BkzfYvhH1sAx6A-CPt6UU5HGOQbY5L%3DvQNaihRgg%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages