我的书签
添加书签
移除书签3 - 端口需求
要保证Rancher正常运行,需要主机或者安全策略打开以下端口。使用云服务创建集群(如Amazon EC2或DigitalOcean),Rancher会自动打开这些端口。下图显示了Rancher的基本端口要求。如果需要了解更多,请查阅下表。
The following table lists the ports that need to be open to and from nodes that are running the Rancher server container for single node installs or pods for .
The ports required to be open for cluster nodes changes depending on how the cluster was launched. Each of the tabs below list the ports that need to be opened for different cluster creation options.
The following table depicts the port requirements for with nodes created in an Infrastructure Provider.
| From / To | Rancher Nodes | etcd Plane Nodes | Control Plane Nodes | Worker Plane Nodes | External Load Balancer | Internet |
|---|---|---|---|---|---|---|
| Rancher Nodes (1) | 22 TCP | git.rancher.io (2):35.160.43.145:3235.167.242.46:3252.33.59.17:32 | ||||
| 2376 TCP | ||||||
| etcd Plane Nodes | 443 TCP (3) | 2379 TCP | 443 TCP | |||
| 2380 TCP | ||||||
| 6443 TCP | ||||||
| 8472 UDP | ||||||
| 9099 TCP (4) | ||||||
| Control Plane Nodes | 443 TCP (3) | 2379 TCP | 443 TCP | |||
| 2380 TCP | ||||||
| 6443 TCP | ||||||
| 8472 UDP | ||||||
| 10250 TCP | ||||||
| 9099 TCP (4) | ||||||
| 10254 TCP (4) | ||||||
| Worker Plane Nodes | 443 TCP (3) | 6443 TCP | 443 TCP | |||
| 8472 UDP | ||||||
| 9099 TCP (4) | ||||||
| 10254 TCP (4) | ||||||
| External Load Balancer (5) | 80 TCP | |||||
| 443 TCP (6) | ||||||
| API / UI Clients | 80 TCP (3) | 80 TCP | ||||
| 443 TCP (3) | 443 TCP | |||||
| Workload Clients | 30000-32767 TCP / UDP(nodeport) | |||||
| 80 TCP (Ingress) | ||||||
| 443 TCP (Ingress) | ||||||
| Notes:1. Nodes running standalone server or Rancher HA deployment.2. Required to fetch Rancher chart library.3. Only without external load balancer.4. Local traffic to the node itself (not across nodes).5. Load balancer / proxy that handles tragging to the Rancher UI / API.6. Only if SSL is not terminated at external load balancer. | ||||||
The following table depicts the port requirements for with Custom Nodes.
| From / To | Rancher Nodes | Hosted / Imported Cluster | External Load Balancer | Internet |
|---|---|---|---|---|
| Rancher Nodes (1) | Kubernetes API Endpoint Port (2) | git.rancher.io (3):35.160.43.145:3235.167.242.46:3252.33.59.17:32 | ||
| Hosted / Imported Cluster | 443 TCP (4)(5) | 443 TCP (5) | ||
| External Load Balancer (5) | 80 TCP443 TCP (6) | |||
| API / UI Clients | 80 TCP (4)443 TCP (4) | 80 TCP443 TCP | ||
| Workload Client | Cluster / Provider Specific (7) | |||
| Notes:1. Nodes running standalone server or Rancher HA deployment.2. Only for hosted clusters.3. Required to fetch Rancher chart library.4. Only without external load balancer.5. From worker nodes.6. Only if SSL is not terminated at external load balancer.7. Usually Ingress backed by infrastructure load balancer and/or nodeport. | ||||
The following table depicts the port requirements for .
这些端口通常需要在Kubernetes节点上打开,而不管它是什么类型的集群。
| Protocol | Port | Description |
|---|---|---|
| TCP | 22 | Node driver SSH provisioning |
| TCP | 2376 | Node driver Docker daemon TLS port |
| TCP | 2379 | etcd client requests |
| TCP | 2380 | etcd peer communication |
| UDP | 8472 | Canal/Flannel VXLAN overlay networking |
| TCP | 9099 | Canal/Flannel livenessProbe/readinessProbe |
| TCP | 10250 | kubelet API |
| TCP | 10254 | Ingress controller livenessProbe/readinessProbe |
| TCP/UDP | 30000-32767 | NodePort port range |
标记为的端口(即在上述要求中,Kubernetes healthchecking ( and)使用。这些healthcheck是在节点本身上执行的。在大多数云环境中,默认情况下允许本地通信。
然而,当以下情况出现时,该流量可能会被阻塞:
- 节点上应用了严格的主机防火墙策略。
- 节点具有多个接口(multihomed)。在这些情况下,您必须在您的主机防火墙中允许这类流量,或者在您的安全组配置中,在公共/私有云托管主机(如AWS或OpenStack)中允许这类流量。
