Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added destination column on networking requirements #95

Merged
merged 1 commit into from
Sep 8, 2023
Merged

Added destination column on networking requirements #95

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
53 changes: 27 additions & 26 deletions docs/install/requirements.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -90,34 +90,35 @@ If you wish to utilize the metrics server, you will need to open port 10250 on e

### Inbound Network Rules

| Protocol | Port | Source | Description
|-----|-----|----------------|---|
| TCP | 9345 | RKE2 agent nodes | Kubernetes API
| TCP | 6443 | RKE2 agent nodes | Kubernetes API
| UDP | 8472 | RKE2 server and agent nodes | Required only for Flannel VXLAN
| TCP | 10250 | RKE2 server and agent nodes | kubelet
| TCP | 2379 | RKE2 server nodes | etcd client port
| TCP | 2380 | RKE2 server nodes | etcd peer port
| TCP | 2381 | RKE2 server nodes | etcd metrics port
| TCP | 30000-32767 | RKE2 server and agent nodes | NodePort port range
| UDP | 8472 | RKE2 server and agent nodes | Cilium CNI VXLAN
| TCP | 4240 | RKE2 server and agent nodes | Cilium CNI health checks
| ICMP | 8/0 | RKE2 server and agent nodes | Cilium CNI health checks
| TCP | 179 | RKE2 server and agent nodes | Calico CNI with BGP
| UDP | 4789 | RKE2 server and agent nodes | Calico CNI with VXLAN
| TCP | 5473 | RKE2 server and agent nodes | Calico CNI with Typha
| TCP | 9098 | RKE2 server and agent nodes | Calico Typha health checks
| TCP | 9099 | RKE2 server and agent nodes | Calico health checks
| TCP | 5473 | RKE2 server and agent nodes | Calico CNI with Typha
| UDP | 8472 | RKE2 server and agent nodes | Canal CNI with VXLAN
| TCP | 9099 | RKE2 server and agent nodes | Canal CNI health checks
| UDP | 51820 | RKE2 server and agent nodes | Canal CNI with WireGuard IPv4
| UDP | 51821 | RKE2 server and agent nodes | Canal CNI with WireGuard IPv6/dual-stack
| Protocol | Port | Source | Destination | Description
|----------|-------------|-------------------|-------------------|---|
| TCP | 9345 | RKE2 agent nodes | RKE2 server nodes | RKE2 supervisor API
| TCP | 6443 | RKE2 agent nodes | RKE2 server nodes | Kubernetes API
| UDP | 8472 | All RKE2 nodes | All RKE2 nodes | Required only for Flannel VXLAN
| TCP | 10250 | All RKE2 nodes | All RKE2 nodes | kubelet metrics
| TCP | 2379 | RKE2 server nodes | RKE2 server nodes | etcd client port
| TCP | 2380 | RKE2 server nodes | RKE2 server nodes | etcd peer port
| TCP | 2381 | RKE2 server nodes | RKE2 server nodes | etcd metrics port
| TCP | 30000-32767 | All RKE2 nodes | All RKE2 nodes | NodePort port range
| UDP | 8472 | All RKE2 nodes | All RKE2 nodes | Cilium CNI VXLAN
| TCP | 4240 | All RKE2 nodes | All RKE2 nodes | Cilium CNI health checks
| ICMP | 8/0 | All RKE2 nodes | All RKE2 nodes | Cilium CNI health checks
| TCP | 179 | All RKE2 nodes | All RKE2 nodes | Calico CNI with BGP
| UDP | 4789 | All RKE2 nodes | All RKE2 nodes | Calico CNI with VXLAN
| TCP | 5473 | All RKE2 nodes | All RKE2 nodes | Calico CNI with Typha
| TCP | 9098 | All RKE2 nodes | All RKE2 nodes | Calico Typha health checks
| TCP | 9099 | All RKE2 nodes | All RKE2 nodes | Calico health checks
| TCP | 5473 | All RKE2 nodes | All RKE2 nodes | Calico CNI with Typha
| UDP | 8472 | All RKE2 nodes | All RKE2 nodes | Canal CNI with VXLAN
| TCP | 9099 | All RKE2 nodes | All RKE2 nodes | Canal CNI health checks
| UDP | 51820 | All RKE2 nodes | All RKE2 nodes | Canal CNI with WireGuard IPv4
| UDP | 51821 | All RKE2 nodes | All RKE2 nodes | Canal CNI with WireGuard IPv6/dual-stack

### Windows Specific Inbound Network Rules

| Protocol | Port | Source | Description
|-----|-----|----------------|---|
| UDP | 4789 | RKE2 server nodes | Required for Calico and Flannel VXLAN
| Protocol | Port | Source | Destination | Description
|----------|------|-------------------|-------------------|---|
| UDP | 4789 | All RKE2 nodes | All RKE2 nodes | Required for Calico and Flannel VXLAN
| TCP | 179 | All RKE2 nodes | All RKE2 nodes | Calico CNI with BGP

Typically, all outbound traffic will be allowed.