Workload Cluster Network Ports (VCN-Native Pod)
On Compute Cloud@Customer, the following table lists ports that are used by workload clusters when you use VCN-Native Pod Networking. These ports must be available to configure workload cluster networking. You might need to open more ports for other purposes.
All protocols are TCP. All port states are Stateful. Port 6443 is the port used for Kubernetes API and is also known as kubernetes_api_port in this guide.
See also the tables in Network Port and Protocol Matrix.
|
Source IP Address |
Destination IP Address |
Port |
Description |
|---|---|---|---|
|
bastion host: |
Worker nodes subnet: |
22 |
Outbound connections from the bastion host to the worker CIDR. |
|
bastion host: |
Control plane subnet: |
22 |
Outbound connections from the bastion host to the control plane nodes. |
|
Worker nodes subnet: |
yum repository |
80 |
Outbound connections from the worker CIDR to external applications. |
|
Worker nodes subnet: |
Control plane subnet: |
6443 |
Outbound connections from the worker CIDR to the Kubernetes API. This is necessary to allow nodes to join through either a public IP address on one of the nodes or the load balancer public IP address. |
|
Worker nodes subnet: |
Control plane load balancer |
6443 |
Inbound connections from the worker CIDR to the Kubernetes API. |
|
CIDR for clients: |
Control plane load balancer |
6443 |
Inbound connections from clients to the Kubernetes API server. |
|
Worker nodes subnet: |
Control plane subnet: |
6443 |
Private outbound connections from the worker CIDR to |
|
|
Worker nodes subnet: |
30000-32767 |
Inbound traffic for applications from Kubernetes clients. |
|
|
|
10250 |
Kubernetes API endpoint to worker node communication. |
|
|
|
10256 |
Allow load balancer or network load balancer to communicate with |
|
|
|
12250 |
Pod to Kubernetes API endpoint communication. |
|
|
|
2379-2381 |
Communication between the |
|
|
|
10257-10260 |
Inbound connection for Kubernetes components. |