NationTech/harmony
5
0
Fork 2
Code Issues 40 Pull Requests 13 Actions Packages Projects Releases Wiki Activity
Files
chore/leftover-adr
harmony/adr/014-infrastructure-network-ports.md

125 lines
5.7 KiB
Markdown
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# ADR014 · Port Allocation Policy
**Date:**20251103
**Status:**Proposed
**Authors:**Infrastructure Team / NationTech Harmony Core
---
## 1·Context
Harmony orchestrates heterogeneous clusters — from developer laptops to multitenant production environments — through a single, typed Rust codebase.
To enable deterministic, automatable service exposure across clusters, we need a **stable, conflictfree range of TCP/UDP ports** reserved for Harmonymanaged workloads and hostnetwork services.
Today, various manual operations (e.g. CephRGW on hostnetwork) occasionally use adhoc local ports such as`80`or`8080`. This leads to unpredictable overlaps with NodePorts, ephemeral ports, or other daemons.
Since Harmony aims to unify *manual* and *automated* infrastructure under a single declarative model, we formalize a **reserved port block** that should be used consistently — even for outofband operations — so everything remains alignmentready for future orchestration.
---
## 2·Problem Statement
We must select a contiguous range of approximately1000ports that:
1. Avoids conflict with:
- System/wellknown ports(`01023`)
- Common registered application ports(`102449151`)
- KubernetesNodePortdefaultrange(`3000032767`)
- Ephemeral port ranges (typically`3276860999`onLinux)
2. Feels deterministic and maintainable for longterm automation.
3. Can be mirrored across multiple clusters and baremetal hosts.
---
## 3·Decision
We designate:
> **Harmony Reserved Port Range:**`2500025999`
### Rationale
| Criterion | Reasoning |
|------------|------------|
| **Safety** | Lies below the default ephemeral port start(`32768`)and above NodePort(`3000032767`). |
| **Conflicts** | Very few historical IANA registrations in this span, practically unused in modern systems. |
| **Predictability** | Easy to recognize and communicate (`25kblock`for Harmony). |
| **Ergonomics** | Mirrors production service conventions(`25080` for HTTPlike, `25443` for HTTPSlike, etc.). |
| **Crosscluster consistency** | Portable across OKD,K3D,baremetal allows static firewall rules. |
This range is *registered* (per IANA definition102449151) but not *occupied*. Choosing such a midregistered band is intentional: it guarantees good interplatform compatibility without interfering with OSmanaged ephemeral allocations.
---
## 4·Integration inHarmony
Harmonys topology and orchestration layers should expose a builtin **`PortAllocator`** resource:
```rust
let orchestrator_ports = harmony::network::PortAllocator::new(25_000, 25_999);
let rados_gateway_port = orchestrator_ports.allocate("ceph-rgw")?;
```
In TOML configuration:
```toml
[harmony.network.defaults]
orchestrator_port_range = "25000-25999"
```
All `Score`/`Interpret` modules that deploy hostnetwork or externally visible services should use this allocator to pick ports deterministically.
---
## 5·Operational Guidance
- **Manual Operations:**Even manually configured hostnetwork services on clusters we manage (e.g. CephRGW,ntfy,reverseproxytests) should adopt ports within`2500025999`.
- **Automation Alignment:**Any such ports are considered *Harmonymanageable* and may be introspected later by the orchestrator.
- **Firewall Rules:**Cluster and site firewalls may prewhitelist this block as “HarmonyInfraPorts”.
---
## 6·Initial Allocation Table
| Service / Component | Port | Notes |
|----------------------|------|-------|
| **CephRADOSGateway** |**25080**| Replacement for`:80`; publicHTTPfrontendviaRGW(hostnetwork). |
| **InternalHTTPSServices** |25443 | Equivalent of`:443`for secure endpoints. |
| **Prometheus/MetricsEndpoints** |2509025099 | Internal observability. |
| **HarmonyControlPlane(gRPC)** |2550025519 | Interprocess messaging, API,TUIbackend. |
| **ReservedforFutureScores** |2555025599 | Dedicated expansion slots. |
These values shall be managed centrally in a `harmony.network.ports` registry file (YAML/TOML) within the repository.
---
## 7·Consequences
### Positive
- Eliminates accidental collisions with NodePorts and ephemeral connections.
- Provides a memorable, humanreadable convention suitable for documentation and automation.
- Enables Harmony to treat hostnetwork configuration as firstclass code.
### Negative / Tradeoffs
- Occupies part of the IANA “registered” band (must remain consistent across environments).
- Requires operators to adapt legacy services away from lower ports(`80`,`443`)for compliance with this policy.
---
## 8·Future Work
- Extend HarmonyCLI to display currently allocated ports and detect conflicts.
- Expose a compiletime capability check ensuring clusters in a topology do not reuse the same port twice.
- Consider parallel UDP range reservation when we start exposing datagram services.
---
## 9·References
- [IANAServiceName and TransportProtocol PortNumber Registry](https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml)
- [KubernetesNodePortdefaultrange documentation](https://kubernetes.io/docs/concepts/services-networking/service/)
- HarmonyADR001·WhyRust
- HarmonyADR003·InfrastructureAbstractions
---
*Made with🦀by theNationTechHarmonyteam — ensuring your infrastructure behaves like code.*
Reference in New Issue View Git Blame Copy Permalink