From d4796a1ae8154d51fd3c41cbb9c7bef9f9786419 Mon Sep 17 00:00:00 2001 From: Marty Hernandez Avedon Date: Tue, 21 May 2024 11:42:33 -0400 Subject: [PATCH] #999 Clarify support and stipulations for use of firewall in documentation (#1292) * 999 Clarify support and stipulations for use of firewall in documentation added scarier warning about firewalld usage * revised language slightly * Update docs/how-to-guides/advanced-user-guides/open-ports-with-firewalld.md Co-authored-by: Sunil Singh * versioning, updated link, & abbreviated warning for v2.0-2.4 --------- Co-authored-by: Sunil Singh --- .../open-ports-with-firewalld.md | 12 +++++++++++- .../advanced-use-cases/open-ports-with-firewalld.md | 8 +++++++- .../advanced-use-cases/open-ports-with-firewalld.md | 12 +++++++++++- .../open-ports-with-firewalld.md | 12 +++++++++++- .../open-ports-with-firewalld.md | 12 +++++++++++- .../open-ports-with-firewalld.md | 12 +++++++++++- 6 files changed, 62 insertions(+), 6 deletions(-) diff --git a/docs/how-to-guides/advanced-user-guides/open-ports-with-firewalld.md b/docs/how-to-guides/advanced-user-guides/open-ports-with-firewalld.md index 2369abe3948..b4554167411 100644 --- a/docs/how-to-guides/advanced-user-guides/open-ports-with-firewalld.md +++ b/docs/how-to-guides/advanced-user-guides/open-ports-with-firewalld.md @@ -6,7 +6,17 @@ title: Opening Ports with firewalld -> We recommend disabling firewalld. For Kubernetes 1.19.x and higher, firewalld must be turned off. +:::danger + +Enabling firewalld can cause serious network communication problems. + +For proper network function, firewalld must be disabled on systems running RKE2. [Firewalld conflicts with Canal](https://docs.rke2.io/known_issues#firewalld-conflicts-with-default-networking), RKE2's default networking stack. + +Firewalld must also be disabled on systems running Kubernetes 1.19 and later. + +If you enable firewalld on systems running Kubernetes 1.18 or earlier, understand that this may cause networking issues. CNIs in Kubernetes dynamically update iptables and networking rules independently of any external firewalls, such as firewalld. This can cause unexpected behavior when the CNI and the external firewall conflict. + +::: Some distributions of Linux [derived from RHEL,](https://en.wikipedia.org/wiki/Red_Hat_Enterprise_Linux#Rebuilds) including Oracle Linux, may have default firewall rules that block communication with Helm. diff --git a/versioned_docs/version-2.0-2.4/getting-started/installation-and-upgrade/advanced-options/advanced-use-cases/open-ports-with-firewalld.md b/versioned_docs/version-2.0-2.4/getting-started/installation-and-upgrade/advanced-options/advanced-use-cases/open-ports-with-firewalld.md index a3ffcb2a1a5..b23d8392a90 100644 --- a/versioned_docs/version-2.0-2.4/getting-started/installation-and-upgrade/advanced-options/advanced-use-cases/open-ports-with-firewalld.md +++ b/versioned_docs/version-2.0-2.4/getting-started/installation-and-upgrade/advanced-options/advanced-use-cases/open-ports-with-firewalld.md @@ -2,7 +2,13 @@ title: Opening Ports with firewalld --- -> We recommend disabling firewalld. For Kubernetes 1.19.x and higher, firewalld must be turned off. +:::danger + +Enabling firewalld can cause serious network communication problems. + +CNIs in Kubernetes dynamically update iptables and networking rules independently of any external firewalls, such as firewalld. This can cause unexpected behavior when the CNI and the external firewall conflict. + +::: Some distributions of Linux [derived from RHEL,](https://en.wikipedia.org/wiki/Red_Hat_Enterprise_Linux#Rebuilds) including Oracle Linux, may have default firewall rules that block communication with Helm. diff --git a/versioned_docs/version-2.5/getting-started/installation-and-upgrade/advanced-options/advanced-use-cases/open-ports-with-firewalld.md b/versioned_docs/version-2.5/getting-started/installation-and-upgrade/advanced-options/advanced-use-cases/open-ports-with-firewalld.md index a3ffcb2a1a5..80e454affa6 100644 --- a/versioned_docs/version-2.5/getting-started/installation-and-upgrade/advanced-options/advanced-use-cases/open-ports-with-firewalld.md +++ b/versioned_docs/version-2.5/getting-started/installation-and-upgrade/advanced-options/advanced-use-cases/open-ports-with-firewalld.md @@ -2,7 +2,17 @@ title: Opening Ports with firewalld --- -> We recommend disabling firewalld. For Kubernetes 1.19.x and higher, firewalld must be turned off. +:::danger + +Enabling firewalld can cause serious network communication problems. + +For proper network function, firewalld must be disabled on systems running RKE2. [Firewalld conflicts with Canal](https://docs.rke2.io/known_issues#firewalld-conflicts-with-default-networking), RKE2's default networking stack. + +Firewalld must also be disabled on systems running Kubernetes 1.19 and later. + +If you enable firewalld on systems running Kubernetes 1.18 or earlier, understand that this may cause networking issues. CNIs in Kubernetes dynamically update iptables and networking rules independently of any external firewalls, such as firewalld. This can cause unexpected behavior when the CNI and the external firewall conflict. + +::: Some distributions of Linux [derived from RHEL,](https://en.wikipedia.org/wiki/Red_Hat_Enterprise_Linux#Rebuilds) including Oracle Linux, may have default firewall rules that block communication with Helm. diff --git a/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/open-ports-with-firewalld.md b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/open-ports-with-firewalld.md index 2369abe3948..b4554167411 100644 --- a/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/open-ports-with-firewalld.md +++ b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/open-ports-with-firewalld.md @@ -6,7 +6,17 @@ title: Opening Ports with firewalld -> We recommend disabling firewalld. For Kubernetes 1.19.x and higher, firewalld must be turned off. +:::danger + +Enabling firewalld can cause serious network communication problems. + +For proper network function, firewalld must be disabled on systems running RKE2. [Firewalld conflicts with Canal](https://docs.rke2.io/known_issues#firewalld-conflicts-with-default-networking), RKE2's default networking stack. + +Firewalld must also be disabled on systems running Kubernetes 1.19 and later. + +If you enable firewalld on systems running Kubernetes 1.18 or earlier, understand that this may cause networking issues. CNIs in Kubernetes dynamically update iptables and networking rules independently of any external firewalls, such as firewalld. This can cause unexpected behavior when the CNI and the external firewall conflict. + +::: Some distributions of Linux [derived from RHEL,](https://en.wikipedia.org/wiki/Red_Hat_Enterprise_Linux#Rebuilds) including Oracle Linux, may have default firewall rules that block communication with Helm. diff --git a/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/open-ports-with-firewalld.md b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/open-ports-with-firewalld.md index 2369abe3948..b4554167411 100644 --- a/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/open-ports-with-firewalld.md +++ b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/open-ports-with-firewalld.md @@ -6,7 +6,17 @@ title: Opening Ports with firewalld -> We recommend disabling firewalld. For Kubernetes 1.19.x and higher, firewalld must be turned off. +:::danger + +Enabling firewalld can cause serious network communication problems. + +For proper network function, firewalld must be disabled on systems running RKE2. [Firewalld conflicts with Canal](https://docs.rke2.io/known_issues#firewalld-conflicts-with-default-networking), RKE2's default networking stack. + +Firewalld must also be disabled on systems running Kubernetes 1.19 and later. + +If you enable firewalld on systems running Kubernetes 1.18 or earlier, understand that this may cause networking issues. CNIs in Kubernetes dynamically update iptables and networking rules independently of any external firewalls, such as firewalld. This can cause unexpected behavior when the CNI and the external firewall conflict. + +::: Some distributions of Linux [derived from RHEL,](https://en.wikipedia.org/wiki/Red_Hat_Enterprise_Linux#Rebuilds) including Oracle Linux, may have default firewall rules that block communication with Helm. diff --git a/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/open-ports-with-firewalld.md b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/open-ports-with-firewalld.md index 2369abe3948..b4554167411 100644 --- a/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/open-ports-with-firewalld.md +++ b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/open-ports-with-firewalld.md @@ -6,7 +6,17 @@ title: Opening Ports with firewalld -> We recommend disabling firewalld. For Kubernetes 1.19.x and higher, firewalld must be turned off. +:::danger + +Enabling firewalld can cause serious network communication problems. + +For proper network function, firewalld must be disabled on systems running RKE2. [Firewalld conflicts with Canal](https://docs.rke2.io/known_issues#firewalld-conflicts-with-default-networking), RKE2's default networking stack. + +Firewalld must also be disabled on systems running Kubernetes 1.19 and later. + +If you enable firewalld on systems running Kubernetes 1.18 or earlier, understand that this may cause networking issues. CNIs in Kubernetes dynamically update iptables and networking rules independently of any external firewalls, such as firewalld. This can cause unexpected behavior when the CNI and the external firewall conflict. + +::: Some distributions of Linux [derived from RHEL,](https://en.wikipedia.org/wiki/Red_Hat_Enterprise_Linux#Rebuilds) including Oracle Linux, may have default firewall rules that block communication with Helm.