Difference between revisions of "Kubernetes"
Jump to navigation
Jump to search
Line 130: | Line 130: | ||
containerd /run/containerd/containerd.sock | containerd /run/containerd/containerd.sock | ||
</source> | </source> | ||
;References | |||
* [https://www.ianlewis.org/en/container-runtimes-part-1-introduction-container-r container runtimes] Fascinating reading, published in 2017 | |||
[[Category:kubernetes]] | [[Category:kubernetes]] |
Revision as of 00:36, 16 July 2020
- Kubernetes/Amazon EKS
- Kubernetes/ArgoCD
- Kubernetes/ConfigMap and Secrets
- Kubernetes/Container Runtimes OCI
- Kubernetes/DNS
- Kubernetes/Deployment, ReplicaSet and Pod
- Kubernetes/Echoserver
- Kubernetes/Google GKE
- Kubernetes/Helm
- Kubernetes/Ingress controller
- Kubernetes/Install Master and nodes
- Kubernetes/Istio
- Kubernetes/Istio-logs-default-install
- Kubernetes/Istio/Observability
- Kubernetes/Jobs,CronJob
- Kubernetes/Kind
- Kubernetes/Kubelet
- Kubernetes/Kustomize
- Kubernetes/Monitoring
- Kubernetes/Networking
- Kubernetes/Progressive Delivery Flux and Flagger
- Kubernetes/Rancher
- Kubernetes/Requests and Limits, units
- Kubernetes/Resources,Objects and API
- Kubernetes/Resources and Limits
- Kubernetes/SAN-Storage
- Kubernetes/Scheduling
- Kubernetes/Security and RBAC
- Kubernetes/Storage
- Kubernetes/Tilt
- Kubernetes/Tools
- Kubernetes/external-dns
- Kubernetes/minikube
Common ports
- Docker
TCP :2375 - docker.d http TCP :2376 - docker.d https
- Kubernetes
Control-plane node(s)
Protocol | Direction | Port | Purpose | UsedBy |
---|---|---|---|---|
TCP | Inbound | 443 | Kubernetes API Server (or 8080 if TLS is disabled) | Worker nodes, API requests and End-Users |
TCP | Inbound | 6443* | Kubernetes API Server (or 8080 if TLS is disabled) | All |
TCP | Inbound | 2379-2380 | etcd server client API | kube-apiserver, etcd |
TCP | Inbound | 10250 | Kubelet TLS secure API, accepts connections from the API server (master) | Self, Control plane |
TCP | Inbound | 10251 | kube-scheduler | Self |
TCP | Inbound | 10252 | kube-controller-manager | Self |
TCP | 10255 | Read-Only (non-secure) Kubelet API, *disabled on EKS |
Worker node(s)
Protocol | Direction | Port | Purpose | UsedBy |
---|---|---|---|---|
TCP | Inbound | 10250 | Kubelet API | Self, Control plane |
TCP | Inbound | 30000-32767 | NodePort Services (defaults) | All |
UDP | Inbound | 8285 | flannel overlay network - udp backend (default) | |
UDP | Inbound | 8472 | flannel overlay network, vxlan backend | |
TCP | Inbound | 179 | Calico BGP network - BGP backend | |
TCP | Inbound | 2379-2380 | etcd server client API only if using flannel or Calico |
Others
127.0.0.1:45039 - CRI (Container Runtime Interface)streaming server port, used by kubectl exec/attach/port-forward shim is build in into kublet
Kubernetes curls:
curl localhost:<port>/metrics /healthz /api
Containers runtime
Since v1.6.0, Kubernetes has enabled the use of CRI, Container Runtime Interface, by default.
Docker /var/run/docker.sock CRI-O /var/run/crio/crio.sock containerd /run/containerd/containerd.sock
- References
- container runtimes Fascinating reading, published in 2017