Difference between revisions of "Kubernetes"

From Ever changing code
Jump to navigation Jump to search
Line 59: Line 59:
| 10255
| 10255
| Read-Only (non-secure) Kubelet API, *disabled on EKS
| Read-Only (non-secure) Kubelet API, *disabled on EKS
|
|-
| TCP
| Inbound
| 2379-2380
| etcd server client API
|  
|  
|}
|}
Line 128: Line 122:
                     /api
                     /api
</source>
</source>
= Containers runtime =
= Containers runtime =
Since v1.6.0, Kubernetes has enabled the use of CRI, Container Runtime Interface, by default.
Since v1.6.0, Kubernetes has enabled the use of CRI, Container Runtime Interface, by default.

Revision as of 10:28, 5 October 2019


Common ports

Docker
TCP :2375 - docker.d http
TCP :2376 - docker.d https


Kubernetes

Control-plane node(s)

Protocol Direction Port Purpose UsedBy
TCP Inbound 443 Kubernetes API Server (or 8080 if TLS is disabled) Worker nodes, API requests and End-Users
TCP Inbound 6443* Kubernetes API Server (or 8080 if TLS is disabled) All
TCP Inbound 2379-2380 etcd server client API kube-apiserver, etcd
TCP Inbound 10250 Kubelet TLS secure API, accepts connections from the API server (master) Self, Control plane
TCP Inbound 10251 kube-scheduler Self
TCP Inbound 10252 kube-controller-manager Self
TCP 10255 Read-Only (non-secure) Kubelet API, *disabled on EKS


Worker node(s)

Protocol Direction Port Purpose UsedBy
TCP Inbound 10250 Kubelet API Self, Control plane
TCP Inbound 30000-32767 NodePort Services (defaults) All
UDP Inbound 8285 flannel overlay network - udp backend (default)
UDP Inbound 8472 flannel overlay network, vxlan backend
TCP Inbound 179 Calico BGP network - BGP backend
TCP Inbound 2379-2380 etcd server client API only if using flannel or Calico


Others

127.0.0.1:45039 - CRI (Container Runtime Interface)streaming server port, used by kubectl exec/attach/port-forward
                  shim is build in into kublet


Kubernetes curls:

curl localhost:<port>/metrics
                     /healthz
                     /api

Containers runtime

Since v1.6.0, Kubernetes has enabled the use of CRI, Container Runtime Interface, by default.

Docker     /var/run/docker.sock
CRI-O      /var/run/crio/crio.sock
containerd /run/containerd/containerd.sock