From f7e577735d173f7410208252bd05ad41b15cd28e Mon Sep 17 00:00:00 2001 From: Roberto Bonafiglia Date: Fri, 1 Sep 2023 12:44:14 +0200 Subject: [PATCH] Added destination column on networking requirements Signed-off-by: Roberto Bonafiglia --- docs/install/requirements.md | 53 ++++++++++++++++++------------------ 1 file changed, 27 insertions(+), 26 deletions(-) diff --git a/docs/install/requirements.md b/docs/install/requirements.md index 4fc3a3c8..94de9148 100644 --- a/docs/install/requirements.md +++ b/docs/install/requirements.md @@ -90,34 +90,35 @@ If you wish to utilize the metrics server, you will need to open port 10250 on e ### Inbound Network Rules -| Protocol | Port | Source | Description -|-----|-----|----------------|---| -| TCP | 9345 | RKE2 agent nodes | Kubernetes API -| TCP | 6443 | RKE2 agent nodes | Kubernetes API -| UDP | 8472 | RKE2 server and agent nodes | Required only for Flannel VXLAN -| TCP | 10250 | RKE2 server and agent nodes | kubelet -| TCP | 2379 | RKE2 server nodes | etcd client port -| TCP | 2380 | RKE2 server nodes | etcd peer port -| TCP | 2381 | RKE2 server nodes | etcd metrics port -| TCP | 30000-32767 | RKE2 server and agent nodes | NodePort port range -| UDP | 8472 | RKE2 server and agent nodes | Cilium CNI VXLAN -| TCP | 4240 | RKE2 server and agent nodes | Cilium CNI health checks -| ICMP | 8/0 | RKE2 server and agent nodes | Cilium CNI health checks -| TCP | 179 | RKE2 server and agent nodes | Calico CNI with BGP -| UDP | 4789 | RKE2 server and agent nodes | Calico CNI with VXLAN -| TCP | 5473 | RKE2 server and agent nodes | Calico CNI with Typha -| TCP | 9098 | RKE2 server and agent nodes | Calico Typha health checks -| TCP | 9099 | RKE2 server and agent nodes | Calico health checks -| TCP | 5473 | RKE2 server and agent nodes | Calico CNI with Typha -| UDP | 8472 | RKE2 server and agent nodes | Canal CNI with VXLAN -| TCP | 9099 | RKE2 server and agent nodes | Canal CNI health checks -| UDP | 51820 | RKE2 server and agent nodes | Canal CNI with WireGuard IPv4 -| UDP | 51821 | RKE2 server and agent nodes | Canal CNI with WireGuard IPv6/dual-stack +| Protocol | Port | Source | Destination | Description +|----------|-------------|-------------------|-------------------|---| +| TCP | 9345 | RKE2 agent nodes | RKE2 server nodes | RKE2 supervisor API +| TCP | 6443 | RKE2 agent nodes | RKE2 server nodes | Kubernetes API +| UDP | 8472 | All RKE2 nodes | All RKE2 nodes | Required only for Flannel VXLAN +| TCP | 10250 | All RKE2 nodes | All RKE2 nodes | kubelet metrics +| TCP | 2379 | RKE2 server nodes | RKE2 server nodes | etcd client port +| TCP | 2380 | RKE2 server nodes | RKE2 server nodes | etcd peer port +| TCP | 2381 | RKE2 server nodes | RKE2 server nodes | etcd metrics port +| TCP | 30000-32767 | All RKE2 nodes | All RKE2 nodes | NodePort port range +| UDP | 8472 | All RKE2 nodes | All RKE2 nodes | Cilium CNI VXLAN +| TCP | 4240 | All RKE2 nodes | All RKE2 nodes | Cilium CNI health checks +| ICMP | 8/0 | All RKE2 nodes | All RKE2 nodes | Cilium CNI health checks +| TCP | 179 | All RKE2 nodes | All RKE2 nodes | Calico CNI with BGP +| UDP | 4789 | All RKE2 nodes | All RKE2 nodes | Calico CNI with VXLAN +| TCP | 5473 | All RKE2 nodes | All RKE2 nodes | Calico CNI with Typha +| TCP | 9098 | All RKE2 nodes | All RKE2 nodes | Calico Typha health checks +| TCP | 9099 | All RKE2 nodes | All RKE2 nodes | Calico health checks +| TCP | 5473 | All RKE2 nodes | All RKE2 nodes | Calico CNI with Typha +| UDP | 8472 | All RKE2 nodes | All RKE2 nodes | Canal CNI with VXLAN +| TCP | 9099 | All RKE2 nodes | All RKE2 nodes | Canal CNI health checks +| UDP | 51820 | All RKE2 nodes | All RKE2 nodes | Canal CNI with WireGuard IPv4 +| UDP | 51821 | All RKE2 nodes | All RKE2 nodes | Canal CNI with WireGuard IPv6/dual-stack ### Windows Specific Inbound Network Rules -| Protocol | Port | Source | Description -|-----|-----|----------------|---| -| UDP | 4789 | RKE2 server nodes | Required for Calico and Flannel VXLAN +| Protocol | Port | Source | Destination | Description +|----------|------|-------------------|-------------------|---| +| UDP | 4789 | All RKE2 nodes | All RKE2 nodes | Required for Calico and Flannel VXLAN +| TCP | 179 | All RKE2 nodes | All RKE2 nodes | Calico CNI with BGP Typically, all outbound traffic will be allowed.