Difference between revisions of "Kubernetes"
Jump to navigation
Jump to search
Line 3: | Line 3: | ||
= Common ports = | = Common ports = | ||
Docker | ;Docker | ||
<source> | <source lang=bash> | ||
:2375 - docker.d http | TCP :2375 - docker.d http | ||
:2376 - docker.d https | TCP :2376 - docker.d https | ||
</source> | </source> | ||
Kubernetes | |||
;Kubernetes | |||
Control-plane node(s) | |||
{| class="wikitable" | |||
! Protocol | |||
! Direction | |||
! Port | |||
! Purpose | |||
! UsedBy | |||
|- | |||
| TCP | |||
| Inbound | |||
| 6443* | |||
| Kubernetes API Server (or 8080 if TLS is disabled) | |||
| All | |||
|- | |||
| TCP | |||
| Inbound | |||
| 2379-2380 | |||
| etcd server client API | |||
| kube-apiserver, etcd | |||
|- | |||
| TCP | |||
| Inbound | |||
| 10250 | |||
| Kubelet TLS secure API, accepts connections from the API server (master) | |||
| Self, Control plane | |||
|- | |||
| TCP | |||
| Inbound | |||
| 10251 | |||
| kube-scheduler | |||
| Self | |||
|- | |||
| TCP | |||
| Inbound | |||
| 10252 | |||
| kube-controller-manager | |||
| Self | |||
|- | |||
| TCP | |||
| | |||
| 10255 | |||
| Read-Only (non-secure) Kubelet API, *disabled on EKS | |||
| | |||
|} | |||
Worker node(s) | |||
{| class="wikitable" | |||
! Protocol | |||
! Direction | |||
! Port | |||
! Purpose | |||
! UsedBy | |||
|- | |||
| TCP | |||
| Inbound | |||
| 10250 | |||
| Kubelet API | |||
| Self, Control plane | |||
|- | |||
| TCP | |||
| Inbound | |||
| 30000-32767 | |||
| NodePort Services (defaults) | |||
| All | |||
|} | |||
Others | |||
<source lang=bash> | |||
127.0.0.1:45039 - CRI (Container Runtime Interface)streaming server port, used by kubectl exec/attach/port-forward | 127.0.0.1:45039 - CRI (Container Runtime Interface)streaming server port, used by kubectl exec/attach/port-forward | ||
shim is build in into kublet | shim is build in into kublet | ||
</source> | </source> | ||
Revision as of 11:13, 5 October 2019
- Kubernetes/Amazon EKS
- Kubernetes/ArgoCD
- Kubernetes/ConfigMap and Secrets
- Kubernetes/Container Runtimes OCI
- Kubernetes/DNS
- Kubernetes/Deployment, ReplicaSet and Pod
- Kubernetes/Echoserver
- Kubernetes/Google GKE
- Kubernetes/Helm
- Kubernetes/Ingress controller
- Kubernetes/Install Master and nodes
- Kubernetes/Istio
- Kubernetes/Istio-logs-default-install
- Kubernetes/Istio/Observability
- Kubernetes/Jobs,CronJob
- Kubernetes/Kind
- Kubernetes/Kubelet
- Kubernetes/Kustomize
- Kubernetes/Monitoring
- Kubernetes/Networking
- Kubernetes/Progressive Delivery Flux and Flagger
- Kubernetes/Rancher
- Kubernetes/Requests and Limits, units
- Kubernetes/Resources,Objects and API
- Kubernetes/Resources and Limits
- Kubernetes/SAN-Storage
- Kubernetes/Scheduling
- Kubernetes/Security and RBAC
- Kubernetes/Storage
- Kubernetes/Tilt
- Kubernetes/Tools
- Kubernetes/external-dns
- Kubernetes/minikube
Common ports
- Docker
TCP :2375 - docker.d http TCP :2376 - docker.d https
- Kubernetes
Control-plane node(s)
Protocol | Direction | Port | Purpose | UsedBy |
---|---|---|---|---|
TCP | Inbound | 6443* | Kubernetes API Server (or 8080 if TLS is disabled) | All |
TCP | Inbound | 2379-2380 | etcd server client API | kube-apiserver, etcd |
TCP | Inbound | 10250 | Kubelet TLS secure API, accepts connections from the API server (master) | Self, Control plane |
TCP | Inbound | 10251 | kube-scheduler | Self |
TCP | Inbound | 10252 | kube-controller-manager | Self |
TCP | 10255 | Read-Only (non-secure) Kubelet API, *disabled on EKS |
Worker node(s)
Protocol | Direction | Port | Purpose | UsedBy |
---|---|---|---|---|
TCP | Inbound | 10250 | Kubelet API | Self, Control plane |
TCP | Inbound | 30000-32767 | NodePort Services (defaults) | All |
Others
127.0.0.1:45039 - CRI (Container Runtime Interface)streaming server port, used by kubectl exec/attach/port-forward shim is build in into kublet
Kubernetes curls:
curl localhost:<port>/metrics /healthz /api