List of Ports Used for Cluster Work

Ports used by Kubernetes for operation of fault-tolerant cluster main cluster nodes are displayed in the table:

Protocol Search direction Range of ports Purpose Use

TCP

inbound

6443 Kubernetes API server all

TCP

inbound

2379-2380 etcd server client API kube-apiserver, etcd

TCP

inbound

10250 kubelet API self, control plane

TCP

inbound

10251 kube-scheduler self

TCP

inbound

10252 kube-controller-manager self

Ports used by Kubernetes for cluster work nodes functioning are displayed in the table:

Protocol Search direction Range of ports Purpose Use

TCP

inbound

10250

kubelet API

self, control plane

TCP

inbound

30000-32767

nodePort Services

all

The ports used by the RKE (Rancher Kubernetes Engine) node for outgoing connections are given in the table:

Protocol Source Range of ports Purpose

Description

TCP

RKE node

22

all nodes specified in cluster configuration file

setup of node via SSH executed by RKE

TCP

RKE node

6443

controlling nodes

Kubernetes API server

NOTE. In this article, roles of main nodes and etcd nodes are combined.

Ports for incoming connections of controlling nodes are displayed in the table:

Protocol Source Range of ports

Description

TCP

any that consumes Ingress services 80 ingress controller (HTTP)

TCP

any that consumes Ingress services 443 ingress controller (HTTPS)

TCP

rancher nodes 2376 Docker daemon TLS port used by Docker Machine
(only needed when using Node Driver/Templates)

TCP

etcd nodes;
control plane nodes; worker nodes
6443 Kubernetes API server

UDP

etcd nodes;
controlplane nodes;
worker nodes

8472 canal/flannel VXLAN overlay networking

TCP

control plane node itself (local traffic, not across nodes) 9099 canal/flannel livenessProbe/readinessProbe

TCP

control plane nodes 10250 kubelet

TCP

control plane node itself (local traffic, not across nodes) 10254 ingress controller livenessProbe/readinessProbe

TCP/UDP

any source that consumes NodePort services 30000-32767 NodePort port range

Ports for incoming connections of controlling nodes are displayed in the table:

Protocol Purpose Range of ports

Description

TCP

rancher nodes 443 rancher agent

TCP

etcd nodes 2379 etcd client requests

TCP

etcd nodes 2380 etcd peer communication

UDP

etcd nodes;
control plane nodes;
worker nodes
8472 canal/flannel VXLAN overlay networking

TCP

control plane node itself (local traffic, not across nodes) 9099 canal/flannel livenessProbe/readinessProbe

TCP

etcd nodes;
control plane nodes;
worker nodes
10250 kubelet

TCP

control plane node itself (local traffic, not across nodes) 10254 ingress controller livenessProbe/readinessProbe

Ports for incoming connections of work nodes are displayed in the table:

Protocol Source Range of ports

Description

TCP

any network that you want to be able to remotely access this node from

22 remote access over SSH

TCP

any that consumes Ingress services 80 ingress controller (HTTP)

TCP

any that consumes Ingress services 443 ingress controller (HTTPS)

TCP

rancher nodes 2376 Docker daemon TLS port used by Docker Machine
(only needed when using Node Driver/Templates)

UDP

etcd nodes;
control plane nodes;
worker nodes

8472 canal/flannel VXLAN overlay networking

TCP

worker node itself (local traffic, not across nodes) 9099 canal/flannel livenessProbe/readinessProbe

TCP

control plane nodes 10250 kubelet

TCP

worker node itself (local traffic, not across nodes) 10254 ingress controller livenessProbe/readinessProbe

TCP/UDP

any source that consumes NodePort services 30000-32767 NodePort port range

Ports for incoming connections of work nodes are displayed in the table:

Protocol Purpose Range of ports

Description

TCP

rancher nodes 443 rancher agent

TCP

control plane nodes

6443

Kubernetes API server

UDP

etcd nodes;
control plane nodes;
worker nodes

8472

canal/flannel VXLAN overlay networking

TCP

worker node itself (local traffic, not across nodes)

9099

canal/flannel livenessProbe/readinessProbe

TCP

worker node itself (local traffic, not across nodes)

10254

ingress controller livenessProbe/readinessProbe

See also:

Preparation and Deployment of Fault-Tolerant Cluster | Preparing Kubernetes Cluster