Oracle Cloud Infrastructure Documentation

Workload Cluster Network Ports

Learn about the required ports for OKE on Compute Cloud@Customer.

The following table lists ports that are used by workload clusters. These ports must be available to configure workload cluster networking. You might need to open additional ports for other purposes.

All protocols are TCP. All port states are Stateful. Port 6443 is the port used for Kubernetes API and is also known as kubernetes_api_port in this guide.

See also the table in Network Port and Protocol Matrix.

Source IP Address

Destination IP Address

Port

Description

bastion host: vcn_cidr

Worker nodes subnet: worker_cidr

22

Outbound connections from the bastion host to the worker CIDR.

bastion host: vcn_cidr

Control plane subnet: kmi_cidr

22

Outbound connections from the bastion host to the control plane nodes.

Worker nodes subnet: worker_cidr

yum repository

80

Outbound connections from the worker CIDR to external applications.

Worker nodes subnet: worker_cidr

Secure yum repository

443

Secure outbound traffic from the worker CIDR to external applications.

Worker nodes subnet: worker_cidr

Container registry

5000

Outbound connections from the worker CIDR to the container registry.

Worker nodes subnet: worker_cidr

Control plane subnet: kmi_cidr

6443

Outbound connections from the worker CIDR to the Kubernetes API. This is necessary to allow nodes to join through either a public IP address on one of the nodes or the load balancer public IP address.

Worker nodes subnet: worker_cidr

Control plane load balancer

6443

Inbound connections from the worker CIDR to the Kubernetes API.

CIDR for clients: kube_client_cidr

Control plane load balancer

6443

Inbound connections from clients to the Kubernetes API server.

Worker nodes subnet: worker_cidr

Control plane subnet: kmi_cidr

6443

Private outbound connections from the worker CIDR to kubeapi on the control plane subnet.

kube_client_cidr

Worker nodes subnet: worker_cidr

 30000-32767

Inbound traffic for applications from Kubernetes clients.

Next Step:

Review the example CIDR ranges used in this documentation to configure network resources. See Workload Cluster Network CIDR Ranges.