Merge pull request #100177 from xenolinux/open-53-hcp

JoeAldinger · web-flow · commit a23aeeb44175 · 2025-10-08T12:10:10.000-04:00
OSDOCS#16434: Open the firewall port 53 on TCP for HCP
diff --git a/hosted_control_planes/hcp-prepare/hcp-requirements.adoc b/hosted_control_planes/hcp-prepare/hcp-requirements.adoc
@@ -14,6 +14,8 @@ The following requirements apply to {hcp}:
 
 * In order to run the HyperShift Operator, your management cluster needs at least three worker nodes.
 
+* You must open the firewall port `53` on Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) to allow the Domain Name Service (DNS) protocol to work as expected.
+
 * You can run both the management cluster and the worker nodes on-premise, such as on a bare-metal platform or on {VirtProductName}. In addition, you can run both the management cluster and the worker nodes on cloud infrastructure, such as {aws-first}.
 
 * If you use a mixed infrastructure, such as running the management cluster on {aws-short} and your worker nodes on-premise, or running your worker nodes on {aws-short} and your management cluster on-premise, you must use the `PublicAndPrivate` publishing strategy and follow the latency requirements in the support matrix.
diff --git a/modules/hcp-proxy-cp-workloads.adoc b/modules/hcp-proxy-cp-workloads.adoc
@@ -16,9 +16,11 @@ Operators that run in the control plane need to access external services through
 
 * The Ingress Operator needs access to validate external canary routes.
 
-In a hosted cluster, you must send traffic that originates from the Control Plane Operator, Ingress Operator, OAuth server, and OpenShift API server pods through the data plane to the configured proxy and then to its final destination. 
+* You must open the firewall port `53` on Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) to allow the Domain Name Service (DNS) protocol to work as expected.
+
+In a hosted cluster, you must send traffic that originates from the Control Plane Operator, Ingress Operator, OAuth server, and OpenShift API server pods through the data plane to the configured proxy and then to its final destination.
 
 [NOTE]
 ====
 Some operations are not possible when a hosted cluster is reduced to zero compute nodes; for example, when you import OpenShift image streams from a registry that requires proxy access.
-====
+====
