OOM NodePort List

Please fill in the protocol (http/https/ws... to determine if it will cross the ingress port) and the reason for the port being open (hybrid deployment needs access?, external access client (kibana/gui...)) in the table below in prep of removing some nodeports in the run up to using an Ingress controller

Sync with /wiki/spaces/SV/pages/16090715

TODO: add protocol to each port - to determine suitability for HTTP/HTTPS or multi-protocol proxy for ingress

NodePorts are used to allow client applications, that run outside of Kubernetes, access to ONAP components deployed by OOM.

A NodePort maps an externally reachable port to an internal port of an ONAP microservice.

It should be noted that the use of NodePorts is temporary. An alternative solution is currently being scoped for the Dublin Release.

But for now, this page is used to track NodePort assignments.

All ONAP project teams that have microservices that need to provide external access for clients, must update this wiki page to reserve NodePorts and prevent ONAP deployment failures due to NodePort conflicts.

If a service is only accessed by other services within the same kubernetes deployment (ie. databases, backend services with no external northbound APIs) then please DO NOT reserve

a NodePort as they are a very limited resource. The service name and its Internal Port (<service name>.port) should be used instead (ie. vid.8443)

To reserve a NodePort search the table below for the text "FREE_PORT".

If it is determined that an existing reservation is no longer required, please add the text "FREE_PORT" to indicate its availability.

Developer Checklist

Verify unused nodeports

Before using a particular nodeport - verify there is no conflict by deploying the entire system and checking services or the tables below.

Get the nodeport of a particular service

# human readable list
kubectl get services --all-namespaces | grep robot
# machine readable number
kubectl get --namespace onap -o jsonpath="{.spec.ports[0].nodePort}" services robot)

Node Port Reservations 302 prefix

Component (sortable)	Pod	Service name	Protocol http/https/ws...	Node Port	Internal Port	Reason for exposure outside of the internal DNS service name access
vid		vid		30200	8443
FREE_PORT				30201	8843
sdnc / ccsdk		ccsdk/oran/a1-policy-management-service	http https	30093 30094	9080 9081	Used ito access A1 Policy Managment service API - used in different ONAP & OSC deployments - including external rApp/client/portal access See ONAP/3GPP & ORAN Alignment: A1 Adapter extensions (Guilin)
sdnc		sdnc		~~30202~~	8282	http port, removed in El Alto. Instead, users should use https node port 30267
sdnc		sdnc-dgbuilder		30203	3000
sdc		sdc-be		30204	8443
sdc		sdc-be		30205	8080
sdc		sdc-fe		30206	8181
sdc		sdc-fe		30207	9443
appc		appc		~~30208~~	8282	removed in Frankfurt
robot		robot		30209	88	u:p test:test
aai		aai-modelloader		30210	8080
appc		appc		30211	9090
portal		portal-sdk		30212	8443
portal		portal-app		30225	8443
policy		policy brmsgw		30216	9989
policy		drools (dup?)		30217	6969
policy		pap		30218	9091
policy		pap		30219	8443
aai		aai-sparky-be		30220	9517
policy		drools (dup?)		30221	9696
dcae	DCAEGEN2	hv-ves xdcae-hv-ves-collector		30222	6061
dcae		DCAEGEN2		30223		Reserved for future DCAEapp (12/30 - dcae-datafile-collector usage on this port is removed since El-Alto)
so		so-monitor		30224	9091
portal		portal-app (ssl)		30225	8443	https://gerrit.onap.org/r/#/c/69859/ OOM-1455 - Getting issue details... STATUS
dmaap		message-router		30226	3905
dmaap		message-router		30227	3904
appc		appc-dgbuilder		30228	3000	CAUTION2: There might me blanks in following data.
aai		aai-modelloader		30229	8443	CAUTION2: There might me blanks in following data.
appc		appc		30230	8443
appc		appc		30231	1830
aai		aai		30232	8080
aai		aai		30233	8443
pomba		pomba-kibana	https	30234	5601
dcae		xdcae-ves-collector		30235	8080
policy		nexus		30236	8081
policy		policy-apex-pdp		30237	12345
aai		aai-graphgraph		30238	8453	AAI-2596 - Getting issue details... STATUS
aai		aai-spike		30239	9518
pomba		pomba-context-builder		30240	9530
dmaap		dmaap-bc		30241	8080
dmaap		dmaap-bc		30242	8443
aaf		aaf-sms		30243	10443
aaf		aaf-sms-db		30244	8200	CAUTION2: There might me blanks in following data.
sdnc		sdnc		30246	8280	Appears to be no longer needed - investigating
dcae		dcae datafile collector		30245	8100
aaf		aaf-service		30247	8100
oof		oof-osdf		30248	8698
pomba		pomba-data-router		30249	9502
appc		appc-cds		30250	80
aaf		aaf-gui		30251	8200
so		so-mariadb		30252	3306
log		log-kibana	http	30253	5601	external access from client application
log		log-es	http	30254	9200	external ELK stack for hybrid deployment
log		log-ls	http	30255	5044	external ELK stack for hybrid deployment
sdc		sdc-wfd-fe		30256	8080
sdc		sdc-wfd-be		30257	8080
policy		clamp		30258	2443
dmaap		dmaap-dr-prov	http	30259	8080	external access for multi-site/cluster comms
cli		cli		30260	8080
multicloud		multicloud-azure		30261	9008	https://gerrit.onap.org/r/#/c/68647/
dcae		dcae datafile collector		30262	8433
sdc		sdc-dcae-fe		30263	8183
sdc		sdc-dcae-fe		30264	9444
sdc		sdc-dcae-dt		30265	8186
sdc		sdc-dcae-dt		30266	9446
sdnc		sdnc		30267	8443	https port, used for access to OpenDaylight REST interface
aai		aai-crud-service (gizmo)		30268	9520
dmaap		dmaap-dr-prov	https	30269	8443	external access for multi-site/cluster comms
consul		consul-server-ui		30270	8500
cli		cli		30271	9090
sdnc		SDNC GEO (mysql)		30272
sdnc		SDNC GEO (mysql)		30273
nbi		nbi		30274	8443
oof		oof-has-api		30275	8091
oof		oof-has-music		30276	8080
so		so		30277	8080	see also https://gerrit.onap.org/r/#/c/72433/2
aai		aai-champ		30278	9522
aai		aai-babel		30279	9516
msb		msb-iag		30280	80
msb		msb-discovery		30281	10081
msb		msb-eag		30282	80
msb		msb-iag		30283	443
msb		msb-eag		30284	443
msb		msb-consul		30285	8500
dcae		dcae-redis		30286	6379
dcae		dcae-redis		30287	16379
sniro		sniro-emulator		30288	80	pnda has a conflict here - DCAEGEN2-1012 - Getting issue details... STATUS
appc		appc-cdt		30289	18080
clamp		cdash-kibana		30290	5601
multicloud		multicloud		30291	9001	No more such nodePort for multicloud
holmes		holmes-rule-mgmt		30292
holmes		holmes-rule-mgmt		30293
multicloud		multicloud-windriver		30294	9005	No more such nodePort for multicloud
clamp		clamp		30295	8080
multicloud		multicloud-pike		30296	9007	No more such nodePort for multicloud
vnfsdk		refrepo		30297	8702
log		LOG demo target		30298	8080	taken from UUI - they are using the 303 prefix OOM-1531 - Getting issue details... STATUS
pomba		pomba-networkdiscovery	REST	30299	8080	taken from UUI - they are using the 303 prefix SDNC-533 - Getting issue details... STATUS https://gerrit.onap.org/r/#/c/73980/2
vvp		vvp		?	?	OOM-1534 - Getting issue details... STATUS
uui		uui		30398	8080	may be a typo with 30298 - currently using 398 as of 20181125
uui		uui-server		30399	8082	OOM-1531 - Getting issue details... STATUS may be a typo with 30298 - currently using 399 as of 20181125
		There		is	Room above:	There is ROOM Above 31100

modeling		modeling-etsicatalog		30301	8806
music		music-api		30304	8443	music-api
		IF POSSIBLE		Leave	31104-31109	open
aaf		aaf-service	https/REST(json\|xml)	31110	8100	AAF Main Service
aaf		aaf-locator	https/REST(json\|xml)	31111	8095	AAF Locator
aaf		aaf-oauth	https/REST(json\|xml)	31112	8140	AAF OAuth2 access
aaf		aaf-gui	https/REST(json\|xml)	31113	8200	AAF GUI
aaf		aaf-cm	https/REST(json\|xml)	31114	8150	AAF Certificate Manager
aaf		aaf-fs	http (Note: Fileserver for CRLs, etc)	31115	8096	AAF File Server
aaf		aaf	HOLD for Future	31116 31117 31118		Future AAF Services
aaf		aaf-hello	https/REST(json\|xml)	31119	8130	AAF Hello Sample
appc		appc	HOLD for Future	31200 31201 31202 31203
oof		optf-model-api	https/REST(json)	31204	8698	optf model, execution engine.
cps		cps	https/REST(json)	31205	8080	CPS RESTService \| Only from Honolulu Release
cps-xNf		cps-xNf	https/REST(json)	31206	8080	CPS xNF RESTService \| Only from Honolulu Release

Node Port Reservations (304 node port prefix range)

This table is for documenting node ports that are reserved outside of a typical ONAP deployment.

Even though the ports listed below may appear in ONAP Helm Charts, they are not used at runtime unless enabled through configuration.

For example, there may be a need to reserve node ports (even temporarily) for use in POC or for demo code, that currently exists in the ONAP codebase.

Component (sortable)	POD	Service name	Protocol (rest/multi-protocol)	Node Port	Internal Port
dcae		dcae-pnda-mirror (node the boostrap pod np is named mirror)		30400	80	A PNDA deployment (outside the Kubernetes cluster) needs to download its components from the PNDA mirror (inside the Kubernetes cluster) DCAEGEN2-1012 - Getting issue details... STATUS
vfc		vfc-nslcm		30403	8403	vfc-nslcm-port
vfc		vfc-vnflcm		30411	8801	vfc-vnflcm-port
vfc		vfc-generic-vnfm-driver		30480	8484	vfc-generic-vnfm-driver
vfc		vfc-redis		30481	8804	vfc-redis-http-port1
vfc		vfc-redis		30482	6379	vfc-redis-http-port2
vfc		vfc-db		30483	3306	vfc-db-port
so		so-bpmn-infra		30404	8081	so-bpmn-port
so		so-bpmn-infra		30405	5005	so-bpmn-debug
so		so-vnfm-adapter		30406	9092
dcae	DCAEGEN2	xdcae-tca-analytics		30410	11011	switch from 32010 DCAEGEN2-998 - Getting issue details... STATUS
dcae		DCAEGEN2		30413	8100	DCAE BBE-ep
dcae		DCAEGEN2		30414	10443	DCAE Config Binding Service (https)
dcae		DCAEGEN2		30415	10000	DCAE Config Binding Service (http)
dcae		DCAEGEN2		30416	8080/8687	DCAE RESTConf collector Service
dcae		DCAEGEN2		30417	8443	DCAE VESCollector - Https
dcae		DCAEGEN2		30418	8080	DCAE Dashboard (http)
dcae		DCAEGEN2		30419	8443	DCAE Dashboard (https)
?		Netbox UI		30420	8080
sdc		sdc-wfd-fe		30431	8443	https://gerrit.onap.org/r/#/c/87116/
policy		policy-api		30440	6969	https://gerrit.onap.org/r/#/c/79318/
policy		policy-xacml-pdp		30441	6969	https://gerrit.onap.org/r/#/c/81977/
policy		policy-pap		30442	6969
log		log-demonode0		30453	8080
log		log-demonode1		30454	8080
log		log-demonode2		30455	8080
log		log-es SSL		30456	20181016 LOG-748 - Getting issue details... STATUS
log		log-kb SSL		30457	20181016 LOG-748 - Getting issue details... STATUS
log		log-ls SSL		30458	20181016 LOG-748 - Getting issue details... STATUS
sdnc		SDNC GEO		30461
sdnc		SDNC GEO		30462
sdnc		SDNC GEO		30463
sdnc		SDNC GEO		30464
sdnc		SDNC GEO		30465
sdnc		SDNC GEO		30466
dcae		DCAEGEN2		30470	162	Snmptrap (test purpose)
dcae		DCAEGEN2		30471		Reserved
dcae		DCAEGEN2		30472		Reserved
dcae		DCAEGEN2		30473	8080	DCAE MOD UI (HTTP) for Frankfurt release
dcae		DCAEGEN2		30474	8443	Reserved for DCAE MOD UI (HTTPs) post Frankfurt release
dcae		MUSIC		30475
dcae		MUSIC		30476	8080
dcae		MUSIC		30477
dcae		Datalake-admin-ui		30479	80	Datalake configuration protal.
dcae		Datalake-feeder		30408	1680	Datalake control and exposure APIs.
multicloud		multicloud-starlingx		30485	9009
multicloud		multicloud-thinkcloud		30486	9010
multicloud		multicloud-fcaps		30487	9011
multicloud		multicloud-artifactbroker		30488	9014
multicloud		multicloud-tentative		30489
multicloud		multicloud-k8s		30498	9015
dmaap		DMaap tentative		30490		https://lists.onap.org/g/onap-discuss/topic/new_nodeports_for_the_dmaap/29582628?p=,,,20,0,0,0::recentpostdate%2Fsticky,,,20,2,0,29582628
dmaap		DMaap tentative		30491
dmaap		DMaap tentative		30492
dmaap		dmaap-dr-node	http	30493	8080	external access for multi-site/cluster comms
dmaap		dmaap-dr-node	https	30494	8443	external access for multi-site/cluster comms
multicloud		multicloud-service-assurance		30495	9009	Only from Dublin Release
multicloud		multicloud-service-assurance (tentative)		30496	9010	Only from Dublin Release
cds		cds-ui		30497	3000	Dublin onwards.
cds		blueprint-processor		30499	8080	Dublin onwards.
awx		awx-web		30478	80	Dublin onwards.

This port does not seem to be configurable from a Helm Chart.

Mike Elliott will raise issue to see if it can be made configurable within either the 302 or 304 ranges.

Service name

Node Port

Internal Port

xdcae-tca-analytics

32010

use 30410

11011

DCAEGEN2-998 - Getting issue details... STATUS