From c00e329a74b7cb8d1fbe8d857aa3ab66f8b8a392 Mon Sep 17 00:00:00 2001 From: Ethan Mosbaugh Date: Wed, 19 Feb 2025 06:30:12 -0800 Subject: [PATCH 1/2] feat(ec): document firewalld configuration --- docs/partials/embedded-cluster/_port-reqs.mdx | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/docs/partials/embedded-cluster/_port-reqs.mdx b/docs/partials/embedded-cluster/_port-reqs.mdx index 7aaf2d7a46..546b76f64f 100644 --- a/docs/partials/embedded-cluster/_port-reqs.mdx +++ b/docs/partials/embedded-cluster/_port-reqs.mdx @@ -41,3 +41,33 @@ If port 30000 is occupied, you can select a different port for the Admin Console In addition to the ports above, air gap installations also require that port 50000/TCP is open and available for the Local Artifact Mirror (LAM). If port 50000 is occupied, you can select a different port for the LAM during installation. For more information, see [Embedded Cluster Install Command Options](/reference/embedded-cluster-install). + +#### Firewalld + +When Firewalld is enabled, Embedded Cluster will modify the config to allow traffic over the pod and service networks and open the required ports on the host. + +The following rule is added to Firewalld: + +```xml + + + + + + + + + + + +``` + +The following ports are opened in the default zone: + +``` + + + + + +``` From ccee8a487fa69209486274dc3057393401f7a9ea Mon Sep 17 00:00:00 2001 From: Paige Calvert Date: Wed, 19 Feb 2025 10:08:23 -0700 Subject: [PATCH 2/2] docs edits --- .../installing-embedded-requirements.mdx | 49 +++++++++++++++++++ docs/partials/embedded-cluster/_port-reqs.mdx | 32 +----------- 2 files changed, 50 insertions(+), 31 deletions(-) diff --git a/docs/enterprise/installing-embedded-requirements.mdx b/docs/enterprise/installing-embedded-requirements.mdx index a6a3e3e155..9f88244ef4 100644 --- a/docs/enterprise/installing-embedded-requirements.mdx +++ b/docs/enterprise/installing-embedded-requirements.mdx @@ -38,3 +38,52 @@ This topic lists the installation requirements for Replicated Embedded Cluster. * Required only if the application uses the [Replicated private registry](/vendor/private-images-replicated). + +## About Firewalld Configuration + +When Firewalld is enabled in the installation environment, Embedded Cluster modifies the Firewalld config to allow traffic over the pod and service networks and to open the required ports on the host. No additional configuration is required. + +The following rule is added to Firewalld: + +```xml + + + + + + + + + + + +``` + +The following ports are opened in the default zone: + + + + + + + + + + + + + + + + + + + + + + + + + + +
PortProtocol
6443TCP
10250TCP
9443TCP
2380TCP
4789UDP
\ No newline at end of file diff --git a/docs/partials/embedded-cluster/_port-reqs.mdx b/docs/partials/embedded-cluster/_port-reqs.mdx index 546b76f64f..021011ea0f 100644 --- a/docs/partials/embedded-cluster/_port-reqs.mdx +++ b/docs/partials/embedded-cluster/_port-reqs.mdx @@ -40,34 +40,4 @@ If port 30000 is occupied, you can select a different port for the Admin Console In addition to the ports above, air gap installations also require that port 50000/TCP is open and available for the Local Artifact Mirror (LAM). -If port 50000 is occupied, you can select a different port for the LAM during installation. For more information, see [Embedded Cluster Install Command Options](/reference/embedded-cluster-install). - -#### Firewalld - -When Firewalld is enabled, Embedded Cluster will modify the config to allow traffic over the pod and service networks and open the required ports on the host. - -The following rule is added to Firewalld: - -```xml - - - - - - - - - - - -``` - -The following ports are opened in the default zone: - -``` - - - - - -``` +If port 50000 is occupied, you can select a different port for the LAM during installation. For more information, see [Embedded Cluster Install Command Options](/reference/embedded-cluster-install). \ No newline at end of file