Difference between revisions of "Kubernetes"
Jump to navigation
Jump to search
| Line 18: | Line 18: | ||
! Purpose | ! Purpose | ||
! UsedBy | ! UsedBy | ||
|- | |||
| TCP | |||
| Inbound | |||
| 443 | |||
| Kubernetes API Server (or 8080 if TLS is disabled) | |||
| Worker nodes, API requests and End-Users | |||
|- | |- | ||
| TCP | | TCP | ||
| Line 53: | Line 59: | ||
| 10255 | | 10255 | ||
| Read-Only (non-secure) Kubelet API, *disabled on EKS | | Read-Only (non-secure) Kubelet API, *disabled on EKS | ||
| | |||
|- | |||
| TCP | |||
| Inbound | |||
| 2379-2380 | |||
| etcd server client API | |||
| | | | ||
|} | |} | ||
| Line 76: | Line 88: | ||
| NodePort Services (defaults) | | NodePort Services (defaults) | ||
| All | | All | ||
|- | |||
| UDP | |||
| Inbound | |||
| 8285 | |||
| flannel overlay network - udp backend (default) | |||
| | |||
|- | |||
| UDP | |||
| Inbound | |||
| 8472 | |||
| flannel overlay network, vxlan backend | |||
| | |||
|- | |||
| TCP | |||
| Inbound | |||
| 179 | |||
| Calico BGP network - BGP backend | |||
| | |||
|- | |||
| TCP | |||
| Inbound | |||
| 2379-2380 | |||
| etcd server client API only if using flannel or Calico | |||
| | |||
|} | |} | ||
Revision as of 11:24, 5 October 2019
- Kubernetes/Amazon EKS
- Kubernetes/ArgoCD
- Kubernetes/ConfigMap and Secrets
- Kubernetes/Container Runtimes OCI
- Kubernetes/DNS
- Kubernetes/Deployment, ReplicaSet and Pod
- Kubernetes/Echoserver
- Kubernetes/Google GKE
- Kubernetes/Helm
- Kubernetes/Ingress controller
- Kubernetes/Install Master and nodes
- Kubernetes/Istio
- Kubernetes/Istio-logs-default-install
- Kubernetes/Istio/Observability
- Kubernetes/Jobs,CronJob
- Kubernetes/Kind
- Kubernetes/Kubelet
- Kubernetes/Kustomize
- Kubernetes/Monitoring
- Kubernetes/Networking
- Kubernetes/Progressive Delivery Flux and Flagger
- Kubernetes/Rancher
- Kubernetes/Requests and Limits, units
- Kubernetes/Resources,Objects and API
- Kubernetes/Resources and Limits
- Kubernetes/SAN-Storage
- Kubernetes/Scheduling
- Kubernetes/Security and RBAC
- Kubernetes/Storage
- Kubernetes/Tilt
- Kubernetes/Tools
- Kubernetes/external-dns
- Kubernetes/minikube
Common ports
- Docker
TCP :2375 - docker.d http TCP :2376 - docker.d https
- Kubernetes
Control-plane node(s)
| Protocol | Direction | Port | Purpose | UsedBy |
|---|---|---|---|---|
| TCP | Inbound | 443 | Kubernetes API Server (or 8080 if TLS is disabled) | Worker nodes, API requests and End-Users |
| TCP | Inbound | 6443* | Kubernetes API Server (or 8080 if TLS is disabled) | All |
| TCP | Inbound | 2379-2380 | etcd server client API | kube-apiserver, etcd |
| TCP | Inbound | 10250 | Kubelet TLS secure API, accepts connections from the API server (master) | Self, Control plane |
| TCP | Inbound | 10251 | kube-scheduler | Self |
| TCP | Inbound | 10252 | kube-controller-manager | Self |
| TCP | 10255 | Read-Only (non-secure) Kubelet API, *disabled on EKS | ||
| TCP | Inbound | 2379-2380 | etcd server client API |
Worker node(s)
| Protocol | Direction | Port | Purpose | UsedBy |
|---|---|---|---|---|
| TCP | Inbound | 10250 | Kubelet API | Self, Control plane |
| TCP | Inbound | 30000-32767 | NodePort Services (defaults) | All |
| UDP | Inbound | 8285 | flannel overlay network - udp backend (default) | |
| UDP | Inbound | 8472 | flannel overlay network, vxlan backend | |
| TCP | Inbound | 179 | Calico BGP network - BGP backend | |
| TCP | Inbound | 2379-2380 | etcd server client API only if using flannel or Calico |
Others
127.0.0.1:45039 - CRI (Container Runtime Interface)streaming server port, used by kubectl exec/attach/port-forward
shim is build in into kublet
Kubernetes curls:
curl localhost:<port>/metrics
/healthz
/api
Containers runtime
Since v1.6.0, Kubernetes has enabled the use of CRI, Container Runtime Interface, by default.
Docker /var/run/docker.sock CRI-O /var/run/crio/crio.sock containerd /run/containerd/containerd.sock