From Ever changing code
Jump to navigation Jump to search

Common ports

TCP :2375 - docker.d http
TCP :2376 - docker.d https


Control-plane node(s)

Protocol Direction Port Purpose UsedBy
TCP Inbound 443 Kubernetes API Server (or 8080 if TLS is disabled) Worker nodes, API requests and End-Users
TCP Inbound 6443* Kubernetes API Server (or 8080 if TLS is disabled) All
TCP Inbound 2379-2380 etcd server client API kube-apiserver, etcd
TCP Inbound 10250 Kubelet TLS secure API, accepts connections from the API server (master) Self, Control plane
TCP Inbound 10251 kube-scheduler Self
TCP Inbound 10252 kube-controller-manager Self
TCP 10255 Read-Only (non-secure) Kubelet API, *disabled on EKS

Worker node(s)

Protocol Direction Port Purpose UsedBy
TCP Inbound 10250 Kubelet API Self, Control plane
TCP Inbound 30000-32767 NodePort Services (defaults) All
UDP Inbound 8285 flannel overlay network - udp backend (default)
UDP Inbound 8472 flannel overlay network, vxlan backend
TCP Inbound 179 Calico BGP network - BGP backend
TCP Inbound 2379-2380 etcd server client API only if using flannel or Calico

Others - CRI (Container Runtime Interface)streaming server port, used by kubectl exec/attach/port-forward
                  shim is build in into kublet

Kubernetes curls:

curl localhost:<port>/metrics

Kubernetes components

Core components

it's responsible for forwarding traffic from an overlay network to backend pods. The name is misleading as it's not a real proxy, it programs iptables to intercept traffic and ask the Linux Kernel to do its job. Iptables randomly select one of the backend pods when forwarding the traffic, perform NAT and PAT before sending a packet to the destination pod.

Containers runtime

Since v1.6.0, Kubernetes has enabled the use of CRI, Container Runtime Interface, by default.

Docker     /var/run/docker.sock
CRI-O      /var/run/crio/crio.sock
containerd /run/containerd/containerd.sock

Kubernetes Entrypoint and Cmd

Docker allows you to define an Entrypoint and Cmd which you can mix and match in a Dockerfile. Entrypoint is the executable, and Cmd are the arguments passed to the Entrypoint. The Dockerfile schema is quite lenient and allows users to set Cmd without Entrypoint, which means that the first argument in Cmd will be the executable to run.

Kubernetes uses a different naming convention for Docker Entrypoint and Cmd. In Kubernetes command is Docker Entrypoint and Kubernetes args is Docker Cmd.

Description                         Docker_field_name   Kubernetes_field_name
The command run by the container    entrypoint          command:
Arguments passed to the command     cmd                 args:

K8s overrides: tail -f /dev/null or sleep infinity


Annotations for humans