Workload Cluster Network Ports
Learn about the required ports for OKE on Compute Cloud@Customer.
The following table lists ports that are used by workload clusters. These ports must be available to configure workload cluster networking. You might need to open additional ports for other purposes.
All protocols are TCP. All port states are Stateful. Port 6443 is the port used for Kubernetes API and is also known as
kubernetes_api_port
in this guide.
See also the table in Network Port and Protocol Matrix.
Source IP Address |
Destination IP Address |
Port |
Description |
---|---|---|---|
bastion host: |
Worker nodes subnet: |
22 |
Outbound connections from the bastion host to the worker CIDR. |
bastion host: |
Control plane subnet: |
22 |
Outbound connections from the bastion host to the control plane nodes. |
Worker nodes subnet: |
yum repository |
80 |
Outbound connections from the worker CIDR to external applications. |
Worker nodes subnet: |
Secure yum repository |
443 |
Secure outbound traffic from the worker CIDR to external applications. |
Worker nodes subnet: |
Container registry |
5000 |
Outbound connections from the worker CIDR to the container registry. |
Worker nodes subnet: |
Control plane subnet: |
6443 |
Outbound connections from the worker CIDR to the Kubernetes API. This is necessary to allow nodes to join through either a public IP address on one of the nodes or the load balancer public IP address. |
Worker nodes subnet: |
Control plane load balancer |
6443 |
Inbound connections from the worker CIDR to the Kubernetes API. |
CIDR for clients: |
Control plane load balancer |
6443 |
Inbound connections from clients to the Kubernetes API server. |
Worker nodes subnet: |
Control plane subnet: |
6443 |
Private outbound connections from the worker CIDR to
|
|
Worker nodes subnet: |
30000-32767 |
Inbound traffic for applications from Kubernetes clients. |
Next Step:
Review the example CIDR ranges used in this documentation to configure network resources. See Workload Cluster Network CIDR Ranges.