2/16/2023 0 Comments What is kubernetes port![]() Outbound Rules for Rancher Nodes ProtocolĪny node IP from a node created using Node Driver any source that needs to be able to use the Rancher UI or API.Rancher UI/API when external SSL termination is used Load balancer/proxy that does external SSL termination The following tables break down the port requirements for inbound and outbound traffic: Inbound Rules for Rancher Server Nodes Protocol Run your nodes behind a firewall/security group that disables access to port 8472. Important: The VXLAN port on nodes should not be exposed to the world as it opens up your cluster network to be accessed by anyone. If you wish to utilize the metrics server, you will need to open port 10250 on each node. ![]() However, if you do not use Flannel and provide your own custom CNI, then port 8472 is not needed by K3s. K3s uses reverse tunneling such that the nodes make outbound connections to the server and all kubelet traffic runs through that tunnel. The node should not listen on any other port. The nodes need to be able to reach other nodes over UDP port 8472 when Flannel VXLAN is used. The K3s server needs port 6443 to be accessible by the nodes. For firewalls, traffic may need to be enabled within the cluster and pod CIDR.Kubernetes recommends TCP 30000-32767 for node port services.Rancher nodes may also require additional outbound access for any external authentication provider which is configured (LDAP for example).For other Kubernetes distributions, refer to the distribution’s documentation for the port requirements for cluster nodes. For Rancher installs on a K3s, RKE, or RKE2 Kubernetes cluster, refer to the tabs below. ![]() The port requirements differ based on the Rancher server architecture.Īs of Rancher v2.5, Rancher can be installed on any Kubernetes cluster. The following table lists the ports that need to be open to and from nodes that are running the Rancher server.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |