| Please fill in the protocol (http/https/ws... to determine if it will cross the ingress port) and the reason for the port being open (hybrid deployment needs access?, external access client (kibana/gui...)) in the table below in prep of removing some nodeports in the run up to using an Ingress controller |
Sync with Casablanca Unprotected Interfaces
TODO: add protocol to each port - to determine suitability for HTTP/HTTPS or multi-protocol proxy for ingress
NodePorts are used to allow client applications, that run outside of Kubernetes, access to ONAP components deployed by OOM.
A NodePort maps an externally reachable port to an internal port of an ONAP microservice.
It should be noted that the use of NodePorts is temporary. An alternative solution is currently being scoped for the Dublin Release.
But for now, this page is used to track NodePort assignments.
All ONAP project teams that have microservices that need to provide external access for clients, must update this wiki page to reserve NodePorts and prevent ONAP deployment failures due to NodePort conflicts.
If a service is only accessed by other services within the same kubernetes deployment (ie. databases, backend services with no external northbound APIs) then please DO NOT reserve
a NodePort as they are a very limited resource. The service name and its Internal Port (<service name>.port) should be used instead (ie. vid.8443)
To reserve a NodePort search the table below for the text "FREE_PORT".
If it is determined that an existing reservation is no longer required, please add the text "FREE_PORT" to indicate its availability.
Developer Checklist
Verify unused nodeports
Before using a particular nodeport - verify there is no conflict by deploying the entire system and checking services or the tables below.
Get the nodeport of a particular service
| Code Block | ||
|---|---|---|
| ||
# human readable list
kubectl get services --all-namespaces | grep robot
# machine readable number
kubectl get --namespace onap -o jsonpath="{.spec.ports[0].nodePort}" services robot) |
Node Port Reservations 302 prefix
Component (sortable) | Pod | Service name | Protocol http/https/ws... | Node Port | Internal Port | Reason for exposure outside of the internal DNS service name access | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| vid | vid | 30200 | 8443 | |||||||||||||
| FREE_PORT | 30201 | 8843 | ||||||||||||||
| sdnc / ccsdk | ccsdk/oran/a1-policy-management-service | http https | 30093 30094 | 9080 9081 | Used ito access A1 Policy Managment service API - used in different ONAP & OSC deployments - including external rApp/client/portal access See ONAP/3GPP & ORAN Alignment: A1 Adapter extensions (Guilin) | |||||||||||
| sdnc | sdnc | 8282 | http port, removed in El Alto. Instead, users should use https node port 30267 | |||||||||||||
| sdnc | sdnc-dgbuilder | 30203 | 3000 | |||||||||||||
| sdc | sdc-be | 30204 | 8443 | |||||||||||||
| sdc | sdc-be | 30205 | 8080 | |||||||||||||
| sdc | sdc-fe | 30206 | 8181 | |||||||||||||
| sdc | sdc-fe | 30207 | 9443 | |||||||||||||
| appc | appc | 8282 | removed in Frankfurt | |||||||||||||
| robot | robot | 30209 | 88 | u:p test:test | ||||||||||||
| aai | aai-modelloader | 30210 | 8080 | |||||||||||||
| appc | appc | 30211 | 9090 | |||||||||||||
| portal | portal-sdk | 30212 | 8443 | |||||||||||||
| portal | portal-app | 30225 | 8443 | |||||||||||||
| policy | policy brmsgw | 30216 | 9989 | |||||||||||||
| policy | drools (dup?) | 30217 | 6969 | |||||||||||||
| policy | pap | 30218 | 9091 | |||||||||||||
| policy | pap | 30219 | 8443 | |||||||||||||
| aai | aai-sparky-be | 30220 | 9517 | |||||||||||||
| policy | drools (dup?) | 30221 | 9696 | |||||||||||||
| dcae | DCAEGEN2 | hv-ves xdcae-hv-ves-collector | 30222 | 6061 | ||||||||||||
| dcae | DCAEGEN2 | 30223 | Reserved for future DCAEapp (12/30 - dcae-datafile-collector usage on this port is removed since El-Alto) | |||||||||||||
| so | so-monitor | 30224 | 9091 | |||||||||||||
| portal | portal-app (ssl) | 30225 | 8443 | https://gerrit.onap.org/r/#/c/69859/
| ||||||||||||
| dmaap | message-router | 30226 | 3905 | |||||||||||||
| dmaap | message-router | 30227 | 3904 | |||||||||||||
| appc | appc-dgbuilder | 30228 | 3000 | CAUTION2: There might me blanks in following data. | ||||||||||||
| aai | aai-modelloader | 30229 | 8443 | CAUTION2: There might me blanks in following data. | ||||||||||||
| appc | appc | 30230 | 8443 | |||||||||||||
| appc | appc | 30231 | 1830 | |||||||||||||
| aai | aai | 30232 | 8080 | |||||||||||||
| aai | aai | 30233 | 8443 | |||||||||||||
| pomba | pomba-kibana | https | 30234 | 5601 | ||||||||||||
| dcae | xdcae-ves-collector | 30235 | 8080 | |||||||||||||
| policy | nexus | 30236 | 8081 | |||||||||||||
| policy | policy-apex-pdp | 30237 | 12345 | |||||||||||||
| aai | aai-graphgraph | 30238 | 8453 |
| ||||||||||||
| aai | aai-spike | 30239 | 9518 | |||||||||||||
| pomba | pomba-context-builder | 30240 | 9530 | |||||||||||||
| dmaap | dmaap-bc | 30241 | 8080 | |||||||||||||
| dmaap | dmaap-bc | 30242 | 8443 | |||||||||||||
| aaf | aaf-sms | 30243 | 10443 | |||||||||||||
| aaf | aaf-sms-db | 30244 | 8200 | CAUTION2: There might me blanks in following data. | ||||||||||||
| sdnc | sdnc | 30246 | 8280 | Appears to be no longer needed - investigating | ||||||||||||
| dcae | dcae datafile collector | 30245 | 8100 | |||||||||||||
| aaf | aaf-service | 30247 | 8100 | |||||||||||||
| oof | oof-osdf | 30248 | 8698 | |||||||||||||
| pomba | pomba-data-router | 30249 | 9502 | |||||||||||||
| appc | appc-cds | 30250 | 80 | |||||||||||||
| aaf | aaf-gui | 30251 | 8200 | |||||||||||||
| so | so-mariadb | 30252 | 3306 | |||||||||||||
| log | log-kibana | http | 30253 | 5601 | external access from client application | |||||||||||
| log | log-es | http | 30254 | 9200 | external ELK stack for hybrid deployment | |||||||||||
| log | log-ls | http | 30255 | 5044 | external ELK stack for hybrid deployment | |||||||||||
| sdc | sdc-wfd-fe | 30256 | 8080 | |||||||||||||
| sdc | sdc-wfd-be | 30257 | 8080 | |||||||||||||
| policy | clamp | 30258 | 2443 | |||||||||||||
| dmaap | dmaap-dr-prov | http | 30259 | 8080 | external access for multi-site/cluster comms | |||||||||||
| cli | cli | 30260 | 8080 | |||||||||||||
| multicloud | multicloud-azure | 30261 | 9008 | https://gerrit.onap.org/r/#/c/68647/ | ||||||||||||
| dcae | dcae datafile collector | 30262 | 8433 | |||||||||||||
| sdc | sdc-dcae-fe | 30263 | 8183 | |||||||||||||
| sdc | sdc-dcae-fe | 30264 | 9444 | |||||||||||||
| sdc | sdc-dcae-dt | 30265 | 8186 | |||||||||||||
| sdc | sdc-dcae-dt | 30266 | 9446 | |||||||||||||
| sdnc | sdnc | 30267 | 8443 | https port, used for access to OpenDaylight REST interface | ||||||||||||
| aai | aai-crud-service (gizmo) | 30268 | 9520 | |||||||||||||
| dmaap | dmaap-dr-prov | https | 30269 | 8443 | external access for multi-site/cluster comms | |||||||||||
| consul | consul-server-ui | 30270 | 8500 | |||||||||||||
| cli | cli | 30271 | 9090 | |||||||||||||
| sdnc | SDNC GEO (mysql) | 30272 | ||||||||||||||
| sdnc | SDNC GEO (mysql) | 30273 | ||||||||||||||
| nbi | nbi | 30274 | 8443 | |||||||||||||
| oof | oof-has-api | 30275 | 8091 | |||||||||||||
| oof | oof-has-music | 30276 | 8080 | |||||||||||||
| so | so | 30277 | 8080 | see also https://gerrit.onap.org/r/#/c/72433/2 | ||||||||||||
| aai | aai-champ | 30278 | 9522 | |||||||||||||
| aai | aai-babel | 30279 | 9516 | |||||||||||||
| msb | msb-iag | 30280 | 80 | |||||||||||||
| msb | msb-discovery | 30281 | 10081 | |||||||||||||
| msb | msb-eag | 30282 | 80 | |||||||||||||
| msb | msb-iag | 30283 | 443 | |||||||||||||
| msb | msb-eag | 30284 | 443 | |||||||||||||
| msb | msb-consul | 30285 | 8500 | |||||||||||||
| dcae | dcae-redis | 30286 | 6379 | |||||||||||||
| dcae | dcae-redis | 30287 | 16379 | |||||||||||||
| sniro | sniro-emulator | 30288 | 80 | pnda has a conflict here -
| ||||||||||||
| appc | appc-cdt | 30289 | 18080 | |||||||||||||
| clamp | cdash-kibana | 30290 | 5601 | |||||||||||||
| multicloud | multicloud | 30291 | 9001 | No more such nodePort for multicloud | ||||||||||||
| holmes | holmes-rule-mgmt | 30292 | ||||||||||||||
| holmes | holmes-rule-mgmt | 30293 | ||||||||||||||
| multicloud | multicloud-windriver | 30294 | 9005 | No more such nodePort for multicloud | ||||||||||||
| clamp | clamp | 30295 | 8080 | |||||||||||||
| multicloud | multicloud-pike | 30296 | 9007 | No more such nodePort for multicloud | ||||||||||||
| vnfsdk | refrepo | 30297 | 8702 | |||||||||||||
| log | LOG demo target | 30298 | 8080 | taken from UUI - they are using the 303 prefix
| ||||||||||||
| pomba | pomba-networkdiscovery | REST | 30299 | 8080 | taken from UUI - they are using the 303 prefix
| |||||||||||
| vvp | vvp | ? | ? |
| ||||||||||||
| uui | uui | 30398 | 8080 | may be a typo with 30298 - currently using 398 as of 20181125 | ||||||||||||
| uui | uui-server | 30399 | 8082 |
may be a typo with 30298 - currently using 399 as of 20181125 | ||||||||||||
| There | is | Room above: | There is ROOM Above 31100 | |||||||||||||
| modeling | modeling-etsicatalog | 30301 | 8806 | |||||||||||||
| music | music-api | 30304 | 8443 | music-api | ||||||||||||
| IF POSSIBLE | Leave | 31104-31109 | open | |||||||||||||
| aaf | aaf-service | https/REST(json|xml) | 31110 | 8100 | AAF Main Service | |||||||||||
| aaf | aaf-locator | https/REST(json|xml) | 31111 | 8095 | AAF Locator | |||||||||||
| aaf | aaf-oauth | https/REST(json|xml) | 31112 | 8140 | AAF OAuth2 access | |||||||||||
| aaf | aaf-gui | https/REST(json|xml) | 31113 | 8200 | AAF GUI | |||||||||||
| aaf | aaf-cm | https/REST(json|xml) | 31114 | 8150 | AAF Certificate Manager | |||||||||||
| aaf | aaf-fs | http (Note: Fileserver for CRLs, etc) | 31115 | 8096 | AAF File Server | |||||||||||
| aaf | aaf | HOLD for Future | 31116 31117 31118 | Future AAF Services | ||||||||||||
| aaf | aaf-hello | https/REST(json|xml) | 31119 | 8130 | AAF Hello Sample | |||||||||||
| appc | appc | HOLD for Future | 31200 31201 31202 31203 | |||||||||||||
| oof | optf-model-api | https/REST(json) | 31204 | 8698 | optf model, execution engine. | |||||||||||
| cps | cps | https/REST(json) | 31205 | 8080 | CPS RESTService | Only from Honolulu Release | |||||||||||
| cps-xNf | cps-xNf | https/REST(json) | 31206 | 8080 | CPS xNF RESTService | Only from Honolulu Release |
Node Port Reservations (304 node port prefix range)
This table is for documenting node ports that are reserved outside of a typical ONAP deployment.
Even though the ports listed below may appear in ONAP Helm Charts, they are not used at runtime unless enabled through configuration.
For example, there may be a need to reserve node ports (even temporarily) for use in POC or for demo code, that currently exists in the ONAP codebase.
Component (sortable) | POD | Service name | Protocol (rest/multi-protocol) | Node Port | Internal Port | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| dcae | dcae-pnda-mirror (node the boostrap pod np is named mirror) | 30400 | 80 | A PNDA deployment (outside the Kubernetes
| |||||||||||
| vfc | vfc-nslcm | 30403 | 8403 | vfc-nslcm-port | |||||||||||
| vfc | vfc-vnflcm | 30411 | 8801 | vfc-vnflcm-port | |||||||||||
| vfc | vfc-generic-vnfm-driver | 30480 | 8484 | vfc-generic-vnfm-driver | |||||||||||
| vfc | vfc-redis | 30481 | 8804 | vfc-redis-http-port1 | |||||||||||
| vfc | vfc-redis | 30482 | 6379 | vfc-redis-http-port2 | |||||||||||
| vfc | vfc-db | 30483 | 3306 | vfc-db-port | |||||||||||
| so | so-bpmn-infra | 30404 | 8081 | so-bpmn-port | |||||||||||
| so | so-bpmn-infra | 30405 | 5005 | so-bpmn-debug | |||||||||||
| so | so-vnfm-adapter | 30406 | 9092 | ||||||||||||
| dcae | DCAEGEN2 | xdcae-tca-analytics | 30410 | 11011 | switch from 32010
| ||||||||||
| dcae | DCAEGEN2 | 30413 | 8100 | DCAE BBE-ep | |||||||||||
| dcae | DCAEGEN2 | 30414 | 10443 | DCAE Config Binding Service (https) | |||||||||||
| dcae | DCAEGEN2 | 30415 | 10000 | DCAE Config Binding Service (http) | |||||||||||
| dcae | DCAEGEN2 | 30416 | 8080/8687 | DCAE RESTConf collector Service | |||||||||||
| dcae | DCAEGEN2 | 30417 | 8443 | DCAE VESCollector - Https | |||||||||||
| dcae | DCAEGEN2 | 30418 | 8080 | DCAE Dashboard (http) | |||||||||||
| dcae | DCAEGEN2 | 30419 | 8443 | DCAE Dashboard (https) | |||||||||||
| ? | Netbox UI | 30420 | 8080 | ||||||||||||
| sdc | sdc-wfd-fe | 30431 | 8443 | https://gerrit.onap.org/r/#/c/87116/ | |||||||||||
| policy | policy-api | 30440 | 6969 | https://gerrit.onap.org/r/#/c/79318/ | |||||||||||
| policy | policy-xacml-pdp | 30441 | 6969 | https://gerrit.onap.org/r/#/c/81977/ | |||||||||||
| policy | policy-pap | 30442 | 6969 | ||||||||||||
| log | log-demonode0 | 30453 | 8080 | ||||||||||||
| log | log-demonode1 | 30454 | 8080 | ||||||||||||
| log | log-demonode2 | 30455 | 8080 | ||||||||||||
| log | log-es SSL | 30456 | 20181016
| ||||||||||||
| log | log-kb SSL | 30457 | 20181016
| ||||||||||||
| log | log-ls SSL | 30458 | 20181016
| ||||||||||||
| sdnc | SDNC GEO | 30461 | |||||||||||||
| sdnc | SDNC GEO | 30462 | |||||||||||||
| sdnc | SDNC GEO | 30463 | |||||||||||||
| sdnc | SDNC GEO | 30464 | |||||||||||||
| sdnc | SDNC GEO | 30465 | |||||||||||||
| sdnc | SDNC GEO | 30466 | |||||||||||||
| dcae | DCAEGEN2 | 30470 | 162 | Snmptrap (test purpose) | |||||||||||
| dcae | DCAEGEN2 | 30471 | Reserved | ||||||||||||
| dcae | DCAEGEN2 | 30472 | Reserved | ||||||||||||
| dcae | DCAEGEN2 | 30473 | 8080 | DCAE MOD UI (HTTP) for Frankfurt release | |||||||||||
| dcae | DCAEGEN2 | 30474 | 8443 | Reserved for DCAE MOD UI (HTTPs) post Frankfurt release | |||||||||||
| dcae | MUSIC | 30475 | |||||||||||||
| dcae | MUSIC | 30476 | 8080 | ||||||||||||
| dcae | MUSIC | 30477 | |||||||||||||
| dcae | Datalake-admin-ui | 30479 | 80 | Datalake configuration protal. | |||||||||||
| dcae | Datalake-feeder | 30408 | 1680 | Datalake control and exposure APIs. | |||||||||||
| multicloud | multicloud-starlingx | 30485 | 9009 | ||||||||||||
| multicloud | multicloud-thinkcloud | 30486 | 9010 | ||||||||||||
| multicloud | multicloud-fcaps | 30487 | 9011 | ||||||||||||
| multicloud | multicloud-artifactbroker | 30488 | 9014 | ||||||||||||
| multicloud | multicloud-tentative | 30489 | |||||||||||||
| multicloud | multicloud-k8s | 30498 | 9015 | ||||||||||||
| dmaap | DMaap tentative | 30490 | https://lists.onap.org/g/onap-discuss/topic/new_nodeports_for_the_dmaap/29582628?p=,,,20,0,0,0::recentpostdate%2Fsticky,,,20,2,0,29582628 | ||||||||||||
| dmaap | DMaap tentative | 30491 | |||||||||||||
| dmaap | DMaap tentative | 30492 | |||||||||||||
| dmaap | dmaap-dr-node | http | 30493 | 8080 | external access for multi-site/cluster comms | ||||||||||
| dmaap | dmaap-dr-node | https | 30494 | 8443 | external access for multi-site/cluster comms | ||||||||||
| multicloud | multicloud-service-assurance | 30495 | 9009 | Only from Dublin Release | |||||||||||
| multicloud | multicloud-service-assurance (tentative) | 30496 | 9010 | Only from Dublin Release | |||||||||||
| cds | cds-ui | 30497 | 3000 | Dublin onwards. | |||||||||||
| cds | blueprint-processor | 30499 | 8080 | Dublin onwards. | |||||||||||
| awx | awx-web | 30478 | 80 | Dublin onwards. |
This port does not seem to be configurable from a Helm Chart.
Mike Elliott will raise issue to see if it can be made configurable within either the 302 or 304 ranges.
| Service name | Node Port | Internal Port | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| xdcae-tca-analytics | 32010 use 30410 | 11011
|
| Table of Contents |
|---|
Overview:
20180719: 2 ports left in 302 =
30259
30269
The purpose of this document is to keep track of which node ports are currently being used by various containers with the intent to make node port allocation of new services easier until we move to dynamic ports for most of the components
These are a list of externally exposed ports in OOM - there are also extensive lists of all internal ports below.
SDC API (older June 2017)
see ONAP on Kubernetes#ListofContainers
| Code Block |
|---|
kubectl get svc --all-namespaces -o go-template='{{range .items}}{{range.spec.ports}}{{if .nodePort}}{{.name}} | {{.port}} | {{.nodePort}}{{"\n"}}{{end}}{{end}}{{end}}' |
Raw output (Not updated)
...
logdemonode
(logging-analtyics project)
...
| Code Block | ||
|---|---|---|
| ||
get svc --all-namespaces -o go-template='{{range .items}}{{range.spec.ports}}{{if .nodePort}}{{.nodePort}} | {{.name}} | {{.port}}{{"\n"}}{{end}}{{end}}{{end}}' | sort |
Updated
...
As of 20171109 - filtered to include only containers that expose ports
...
model-loader-service
...
30210
...
30229
...
30232
...
aai-ssl
...
30233
...
APPC
...
appc-9090
...
dgbuilder
...
30228
...
clamp
...
8080
...
30295
...
30254
...
logdemonode
(optional RI example)
...
30280
...
30282
...
30208
...
| Code Block |
|---|
kubectl get services --all-namespaces | grep nodes |
see ONAP on Kubernetes#ListofContainers
...
PREFIX 300
...
PREFIX 302
...
30256 (SDC)
30257 (SDC)
30208 (SDNC)
...
30261 (SDNC)
30262 (SDNC)
30263 (SDNC)
30264 (SDNC)
30265 (SDNC)
30266 (SDNC)
...
30241 (BUSCONTROLLER - http)
30242 (BUSCONTROLLER - https)
...
30246(AAI/ESR)
30247(AAI/ESR)
...
30255 (LOG)
30258 (LOG) logdemonode
...
30275 (OOF-OSDF)
30276 (OOF-HAS-API)
30277 (OOF-HAS-2)
30278 (OOF-HAS-3)
30279 (OOF-HAS-4)
30280 (OOF-HAS-5)
30281 (OOF-HAS-MUSIC)
30284 (CLAMP-DASH-KIBANA)
...
30272 (MYSQL)
30273 (MYSQL)
30234 (POMBA)
30249 (POMBA)
30259 unused
30269 unused
PREFIX 304
...
PREFIX 308
...