IBM Cloud Docs
When I update my cluster to 4.15 or later, my nodeport app no longer works

When I update my cluster to 4.15 or later, my nodeport app no longer works

Virtual Private Cloud 4.15 and later

Requests sent to your nodeport service fail with a timeout error.

Red Hat OpenShift on IBM Cloud managed load balancer services (ALB, NLB, sdNLB) dynamically adjust the security group rules as they are added, deleted or updated. Rules are also maintained to allow traffic through the nodeports opened by these services. Whenever possible, it is recommended to use Red Hat OpenShift on IBM Cloud managed load balancer services.

If you don't use Red Hat OpenShift on IBM Cloud managed load balancer services, then any unmanaged node port services and the associated security group rules to allow traffic through these node ports are your responsibility.

Update the security group rules for your node port service.

  1. Review the VPC security group quotas.
  2. Identify the node ports that are opened by your node port service.
  3. For each node port opened, create a security group rule.
    ibmcloud is sg-rulec kube-<cluster ID> inbound <tcp/udp> --port-min <nodeport> --port-max <nodeport> --remote 0.0.0.0/0

There are quota limitations on the number of rules allowed per security group. If adding the custom nodeport rule exceeds this quota the rule is not added. In this case, consider using an Red Hat OpenShift on IBM Cloud managed load balancer service or modifying the port-min or port-max settings on your rule(s) to use a nodeport range.