rleap-m · October 3, 2024 21:15
diff --git a/mke3_ports_not_used_by_mke4.ps1 b/mke3_ports_not_used_by_mke4.ps1
 $mke4WarnPortsMsg = 'WRN The following MKE3 ports are no longer used by MKE4 and (unless otherwise needed) may be made unavailable on all nodes: [2377,6444,7946,12376,12378,12381,12382,12383,12384,12385,12386,12387,12388,12389,12391,12392,179,12390,2376,443]'
 $mke4PortsNotUsed = [regex]::matches($mke4WarnPortsMsg, '(?<=\[)[^\]]+(?=\])').Value -split ',' | ForEach-Object { [int] $_ } | Sort-Object


 $mke3PortList = @"
 [
  {
    "Role":["manager","worker"],
    "Port": "179",
    "Protocol": "TCP",
    "Configurable": "false",
    "Scope": "internal",
    "Plane": "n/a",
    "Purpose": "K8s - BGP peers"
  },
  {
    "Role": "manager",
    "Port": "443",
    "Protocol": "TCP",
    "Configurable": "true",
    "Scope":["external","internal"],
    "Plane": "n/a",
    "Purpose": "MKE - UI and API"
  },
  {
    "Role": "manager",
    "Port": "2376",
    "Protocol": "TCP",
    "Configurable": "true",
    "Scope": "internal",
    "Plane": "mgmt",
    "Purpose": "Swarm - Backwards compatibility"
  },
  {
    "Role": "manager",
    "Port": "2377",
    "Protocol": "TCP",
    "Configurable": "true",
    "Scope": "internal",
    "Plane": "mgmt",
    "Purpose": "Swarm - Communication between nodes"
  },
  {
    "Role":["manager","worker"],
    "Port": "4789",
    "Protocol": "UDP",
    "Configurable": "false",
    "Scope": "internal",
    "Plane": "data",
    "Purpose": "VXLAN (overlay networking)"
  },
  {
    "Role": "manager",
    "Port": "6443",
    "Protocol": "TCP",
    "Configurable": "true",
    "Scope":["external","internal"],
    "Plane": "mgmt",
    "Purpose": "K8s - API server endpoint"
  },
  {
    "Role": ["manager","worker"],
    "Port": "6444",
    "Protocol": "TCP",
    "Configurable": "false",
    "Scope": "self",
    "Plane": "n/a",
    "Purpose": "K8s - API reverse proxy"
  },
  {
    "Role": ["manager","worker"],
    "Port": "7946",
    "Protocol": ["TCP","UDP"],
    "Configurable": "false",
    "Scope": "internal",
    "Plane": "n/a",
    "Purpose": "Swarm - Gossip-based clustering"
  },
  {
    "Role": "manager",
    "Port": "9055",
    "Protocol": "TCP",
    "Configurable": "false",
    "Scope": "internal",
    "Plane": "n/a",
    "Purpose": "ucp-rethinkdb-exporter metrics"
  },
  {
    "Role": ["manager","worker"],
    "Port": "9091",
    "Protocol": "TCP",
    "Configurable": "false",
    "Scope": "internal",
    "Plane": "n/a",
    "Purpose": "Felix Prometheus calico-node metrics"
  },
  {
    "Role": "manager",
    "Port": "9094",
    "Protocol": "TCP",
    "Configurable": "false",
    "Scope": "self",
    "Plane": "n/a",
    "Purpose": "Felix Prometheus kube-controller metrics"
  },
  {
    "Role": ["manager","worker"],
    "Port": "9099",
    "Protocol": "TCP",
    "Configurable": "false",
    "Scope": "self",
    "Plane": "n/a",
    "Purpose": "K8s - Calico health check"
  },
  {
    "Role": ["manager","worker"],
    "Port": "9100",
    "Protocol": "TCP",
    "Configurable": "false",
    "Scope": "internal",
    "Plane": "n/a",
    "Purpose": "ucp-node-exporter metrics"
  },
  {
    "Role": ["manager","worker"],
    "Port": "10248",
    "Protocol": "TCP",
    "Configurable": "false",
    "Scope": "self",
    "Plane": "n/a",
    "Purpose": "K8s - Kubelet health check"
  },
  {
    "Role": ["manager","worker"],
    "Port": "10250",
    "Protocol": "TCP",
    "Configurable": "false",
    "Scope": "internal",
    "Plane": "n/a",
    "Purpose": "K8s - Kubelet"
  },
  {
    "Role": ["manager","worker"],
    "Port": "12376",
    "Protocol": "TCP",
    "Configurable": "false",
    "Scope": "internal",
    "Plane": "n/a",
    "Purpose": "Swarm - TLS Auth Proxy for MCR"
  },
  {
    "Role": ["manager","worker"],
    "Port": "12378",
    "Protocol": "TCP",
    "Configurable": "false",
    "Scope": "self",
    "Plane": "n/a",
    "Purpose": "MKE - Etcd reverse proxy"
  },
  {
    "Role": "manager",
    "Port": "12379",
    "Protocol": "TCP",
    "Configurable": "false",
    "Scope": "internal",
    "Plane": "n/a",
    "Purpose": "MKE - Etcd Control API"
  },
  {
    "Role": "manager",
    "Port": "12380",
    "Protocol": "TCP",
    "Configurable": "false",
    "Scope": "internal",
    "Plane": "n/a",
    "Purpose": "MKE - Etcd Peer API"
  },
  {
    "Role": "manager",
    "Port": "12381",
    "Protocol": "TCP",
    "Configurable": "false",
    "Scope": "internal",
    "Plane": "n/a",
    "Purpose": "MKE - Cluster Cert Authority"
  },
  {
    "Role": "manager",
    "Port": "12382",
    "Protocol": "TCP",
    "Configurable": "false",
    "Scope": "internal",
    "Plane": "n/a",
    "Purpose": "MKE - Client Cert Authority"
  },
  {
    "Role": "manager",
    "Port": "12383",
    "Protocol": "TCP",
    "Configurable": "false",
    "Scope": "internal",
    "Plane": "n/a",
    "Purpose": "MKE - Authentication storage backend"
  },
  {
    "Role": "manager",
    "Port": "12384",
    "Protocol": "TCP",
    "Configurable": "false",
    "Scope": "internal",
    "Plane": "n/a",
    "Purpose": "MKE - Authentication storage backend repl"
  },
  {
    "Role": "manager",
    "Port": "12385",
    "Protocol": "TCP",
    "Configurable": "false",
    "Scope": "internal",
    "Plane": "n/a",
    "Purpose": "MKE - Authentication service API"
  },
  {
    "Role": "manager",
    "Port": "12386",
    "Protocol": "TCP",
    "Configurable": "false",
    "Scope": "internal",
    "Plane": "n/a",
    "Purpose": "MKE - Authentication worker"
  },
  {
    "Role": "manager",
    "Port": "12387",
    "Protocol": "TCP",
    "Configurable": "false",
    "Scope": "internal",
    "Plane": "n/a",
    "Purpose": "Prometheus server"
  },
  {
    "Role": "manager",
    "Port": "12388",
    "Protocol": "TCP",
    "Configurable": "false",
    "Scope": "internal",
    "Plane": "n/a",
    "Purpose": "K8s - API Server"
  },
  {
    "Role": ["manager","worker"],
    "Port": "12389",
    "Protocol": "TCP",
    "Configurable": "false",
    "Scope": "self",
    "Plane": "n/a",
    "Purpose": "Hardware Discovery API"
  },
  {
    "Role": "manager",
    "Port": "12390",
    "Protocol": "TCP",
    "Configurable": "false",
    "Scope": "internal",
    "Plane": "n/a",
    "Purpose": "OpsCare (Salesforce Notifier)"
  },
  {
    "Role": "manager",
    "Port": "12391",
    "Protocol": "TCP",
    "Configurable": "false",
    "Scope": "internal",
    "Plane": "n/a",
    "Purpose": "ucp-kube-controller-manager metrics"
  },
  {
    "Role": "manager",
    "Port": "12392",
    "Protocol": "TCP",
    "Configurable": "false",
    "Scope": "internal",
    "Plane": "n/a",
    "Purpose": "MKE etcd certificate authority"
  }
 ]
 "@

 $mke3PortsMke4Warn = foreach ($mke3Port in ($mke3PortList | ConvertFrom-Json)) {
    if ($mke3Port.Port -in $mke4PortsNotUsed) {
        $mke3Port | Add-Member -MemberType NoteProperty -Name 'MKE4_Unused' -Value $true -PassThru
    }
    else {
        $mke3Port | Add-Member -MemberType NoteProperty -Name 'MKE4_Unused' -Value $false -PassThru
    }
 }

 $mke3PortsMke4Warn | Select-Object -Property Port,MKE4_Unused,Protocol,Role,Configurable,Scope,Purpose
	$mke4WarnPortsMsg = 'WRN The following MKE3 ports are no longer used by MKE4 and (unless otherwise needed) may be made unavailable on all nodes: [2377,6444,7946,12376,12378,12381,12382,12383,12384,12385,12386,12387,12388,12389,12391,12392,179,12390,2376,443]'
	$mke4PortsNotUsed = [regex]::matches($mke4WarnPortsMsg, '(?<=\[)[^\]]+(?=\])').Value -split ',' \| ForEach-Object { [int] $_ } \| Sort-Object


	$mke3PortList = @"
	[
	{
	"Role":["manager","worker"],
	"Port": "179",
	"Protocol": "TCP",
	"Configurable": "false",
	"Scope": "internal",
	"Plane": "n/a",
	"Purpose": "K8s - BGP peers"
	},
	{
	"Role": "manager",
	"Port": "443",
	"Protocol": "TCP",
	"Configurable": "true",
	"Scope":["external","internal"],
	"Plane": "n/a",
	"Purpose": "MKE - UI and API"
	},
	{
	"Role": "manager",
	"Port": "2376",
	"Protocol": "TCP",
	"Configurable": "true",
	"Scope": "internal",
	"Plane": "mgmt",
	"Purpose": "Swarm - Backwards compatibility"
	},
	{
	"Role": "manager",
	"Port": "2377",
	"Protocol": "TCP",
	"Configurable": "true",
	"Scope": "internal",
	"Plane": "mgmt",
	"Purpose": "Swarm - Communication between nodes"
	},
	{
	"Role":["manager","worker"],
	"Port": "4789",
	"Protocol": "UDP",
	"Configurable": "false",
	"Scope": "internal",
	"Plane": "data",
	"Purpose": "VXLAN (overlay networking)"
	},
	{
	"Role": "manager",
	"Port": "6443",
	"Protocol": "TCP",
	"Configurable": "true",
	"Scope":["external","internal"],
	"Plane": "mgmt",
	"Purpose": "K8s - API server endpoint"
	},
	{
	"Role": ["manager","worker"],
	"Port": "6444",
	"Protocol": "TCP",
	"Configurable": "false",
	"Scope": "self",
	"Plane": "n/a",
	"Purpose": "K8s - API reverse proxy"
	},
	{
	"Role": ["manager","worker"],
	"Port": "7946",
	"Protocol": ["TCP","UDP"],
	"Configurable": "false",
	"Scope": "internal",
	"Plane": "n/a",
	"Purpose": "Swarm - Gossip-based clustering"
	},
	{
	"Role": "manager",
	"Port": "9055",
	"Protocol": "TCP",
	"Configurable": "false",
	"Scope": "internal",
	"Plane": "n/a",
	"Purpose": "ucp-rethinkdb-exporter metrics"
	},
	{
	"Role": ["manager","worker"],
	"Port": "9091",
	"Protocol": "TCP",
	"Configurable": "false",
	"Scope": "internal",
	"Plane": "n/a",
	"Purpose": "Felix Prometheus calico-node metrics"
	},
	{
	"Role": "manager",
	"Port": "9094",
	"Protocol": "TCP",
	"Configurable": "false",
	"Scope": "self",
	"Plane": "n/a",
	"Purpose": "Felix Prometheus kube-controller metrics"
	},
	{
	"Role": ["manager","worker"],
	"Port": "9099",
	"Protocol": "TCP",
	"Configurable": "false",
	"Scope": "self",
	"Plane": "n/a",
	"Purpose": "K8s - Calico health check"
	},
	{
	"Role": ["manager","worker"],
	"Port": "9100",
	"Protocol": "TCP",
	"Configurable": "false",
	"Scope": "internal",
	"Plane": "n/a",
	"Purpose": "ucp-node-exporter metrics"
	},
	{
	"Role": ["manager","worker"],
	"Port": "10248",
	"Protocol": "TCP",
	"Configurable": "false",
	"Scope": "self",
	"Plane": "n/a",
	"Purpose": "K8s - Kubelet health check"
	},
	{
	"Role": ["manager","worker"],
	"Port": "10250",
	"Protocol": "TCP",
	"Configurable": "false",
	"Scope": "internal",
	"Plane": "n/a",
	"Purpose": "K8s - Kubelet"
	},
	{
	"Role": ["manager","worker"],
	"Port": "12376",
	"Protocol": "TCP",
	"Configurable": "false",
	"Scope": "internal",
	"Plane": "n/a",
	"Purpose": "Swarm - TLS Auth Proxy for MCR"
	},
	{
	"Role": ["manager","worker"],
	"Port": "12378",
	"Protocol": "TCP",
	"Configurable": "false",
	"Scope": "self",
	"Plane": "n/a",
	"Purpose": "MKE - Etcd reverse proxy"
	},
	{
	"Role": "manager",
	"Port": "12379",
	"Protocol": "TCP",
	"Configurable": "false",
	"Scope": "internal",
	"Plane": "n/a",
	"Purpose": "MKE - Etcd Control API"
	},
	{
	"Role": "manager",
	"Port": "12380",
	"Protocol": "TCP",
	"Configurable": "false",
	"Scope": "internal",
	"Plane": "n/a",
	"Purpose": "MKE - Etcd Peer API"
	},
	{
	"Role": "manager",
	"Port": "12381",
	"Protocol": "TCP",
	"Configurable": "false",
	"Scope": "internal",
	"Plane": "n/a",
	"Purpose": "MKE - Cluster Cert Authority"
	},
	{
	"Role": "manager",
	"Port": "12382",
	"Protocol": "TCP",
	"Configurable": "false",
	"Scope": "internal",
	"Plane": "n/a",
	"Purpose": "MKE - Client Cert Authority"
	},
	{
	"Role": "manager",
	"Port": "12383",
	"Protocol": "TCP",
	"Configurable": "false",
	"Scope": "internal",
	"Plane": "n/a",
	"Purpose": "MKE - Authentication storage backend"
	},
	{
	"Role": "manager",
	"Port": "12384",
	"Protocol": "TCP",
	"Configurable": "false",
	"Scope": "internal",
	"Plane": "n/a",
	"Purpose": "MKE - Authentication storage backend repl"
	},
	{
	"Role": "manager",
	"Port": "12385",
	"Protocol": "TCP",
	"Configurable": "false",
	"Scope": "internal",
	"Plane": "n/a",
	"Purpose": "MKE - Authentication service API"
	},
	{
	"Role": "manager",
	"Port": "12386",
	"Protocol": "TCP",
	"Configurable": "false",
	"Scope": "internal",
	"Plane": "n/a",
	"Purpose": "MKE - Authentication worker"
	},
	{
	"Role": "manager",
	"Port": "12387",
	"Protocol": "TCP",
	"Configurable": "false",
	"Scope": "internal",
	"Plane": "n/a",
	"Purpose": "Prometheus server"
	},
	{
	"Role": "manager",
	"Port": "12388",
	"Protocol": "TCP",
	"Configurable": "false",
	"Scope": "internal",
	"Plane": "n/a",
	"Purpose": "K8s - API Server"
	},
	{
	"Role": ["manager","worker"],
	"Port": "12389",
	"Protocol": "TCP",
	"Configurable": "false",
	"Scope": "self",
	"Plane": "n/a",
	"Purpose": "Hardware Discovery API"
	},
	{
	"Role": "manager",
	"Port": "12390",
	"Protocol": "TCP",
	"Configurable": "false",
	"Scope": "internal",
	"Plane": "n/a",
	"Purpose": "OpsCare (Salesforce Notifier)"
	},
	{
	"Role": "manager",
	"Port": "12391",
	"Protocol": "TCP",
	"Configurable": "false",
	"Scope": "internal",
	"Plane": "n/a",
	"Purpose": "ucp-kube-controller-manager metrics"
	},
	{
	"Role": "manager",
	"Port": "12392",
	"Protocol": "TCP",
	"Configurable": "false",
	"Scope": "internal",
	"Plane": "n/a",
	"Purpose": "MKE etcd certificate authority"
	}
	]
	"@

	$mke3PortsMke4Warn = foreach ($mke3Port in ($mke3PortList \| ConvertFrom-Json)) {
	if ($mke3Port.Port -in $mke4PortsNotUsed) {
	$mke3Port \| Add-Member -MemberType NoteProperty -Name 'MKE4_Unused' -Value $true -PassThru
	}
	else {
	$mke3Port \| Add-Member -MemberType NoteProperty -Name 'MKE4_Unused' -Value $false -PassThru
	}
	}

	$mke3PortsMke4Warn \| Select-Object -Property Port,MKE4_Unused,Protocol,Role,Configurable,Scope,Purpose