Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1686139 - Moving the API port from 6443 is currently not possible
Summary: Moving the API port from 6443 is currently not possible
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Master
Version: 4.1
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 4.2.0
Assignee: Michal Fojtik
QA Contact: Xingxing Xia
Depends On:
TreeView+ depends on / blocked
Reported: 2019-03-06 19:51 UTC by Erik M Jacobs
Modified: 2019-04-11 22:21 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2019-04-11 22:21:11 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description Erik M Jacobs 2019-03-06 19:51:05 UTC
Description of problem:
OCP3.x supported changing the API port.

Certain environments and situations (customer policy, etc) mean that any tool that doesn't talk across a standard port (80/443) may be blocked. In that case, anything that needs to access the API on 6443 would be blocked.

This would break the CLI, IDE, and any RESTful API integrations.

The web console is available over 443, and one could get access to a CLI running "inside" the OCP environment, however that still leaves IDE and API integrations broken.

Comment 6 Alex Crawford 2019-04-08 23:08:55 UTC
This looks like a duplicate of 1663453. Is there any new information that needs to be considered or can this be closed?

Comment 7 Erik M Jacobs 2019-04-09 13:10:15 UTC
This is not a dupe of 1663453

1663453 says "put the API port on 8443".
This BZ is "make the API port configurable".

Comment 8 Alex Crawford 2019-04-11 00:41:57 UTC
Okay, maybe not a dup, but it shares the same conclusion:

> We've decided to stick with 6443 for the API. We'll make a point to educate customers about the port change.

Unless there is a compelling reason to do so, we should not allow the API port to be customized.

Comment 9 Erik M Jacobs 2019-04-11 14:57:49 UTC
Not allowing for the customization of the API port means that there are some potential users who will not be able to access the API for whatever reason.

If we don't allow for moving the API port, then we likely need to document and support some type of proxy solution in front of the API.

Comment 10 Alex Crawford 2019-04-11 22:21:11 UTC
I'm not convinced. These potential users would have to be smart enough to block access to 6443 but not smart enough to provide a proxy. That seems very unlikely and since we don't have any concrete examples, I'm going to close this. We can revisit this if it proves to be problematic in the future.

Note You need to log in before you can comment on or make changes to this bug.