Known Issues
OKE Missing Security List Ingress Rules
The install scripts perform a check, which attempts access through the ingress ports. If the check fails, then the install will exit and you will see error messages like this:
ERROR: Port 443 is NOT accessible on ingress(132.145.66.80)! Check that security lists include an ingress rule for the node port 31739.
On an OKE install, this may indicate that there is a missing ingress rule or rules. To verify and fix the issue, do the following:
- Get the ports for the
LoadBalancerservices.- Run
kubectl get services -A. - Note the ports for the
LoadBalancertype services. For example80:31541/TCP,443:31739/TCP.
- Run
- Check the security lists in the OCI Console.
- Go to
Networking/Virtual Cloud Networks. - Select the related VCN.
- Go to the
Security Listsfor the VCN. - Select the security list named
oke-wkr-.... - Check the ingress rules for the security list. There should be one rule for each of the destination ports named in the
LoadBalancerservices. In the above example, the destination ports are31541&31739. We would expect the ingress rule for31739to be missing because it was named in theERRORoutput. - If a rule is missing, then add it by clicking
Add Ingress Rulesand filling in the source CIDR and destination port range (missing port). Use the existing rules as a guide.
- Go to
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.