Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
K
k3s
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Jacklull
k3s
Commits
144e7a77
Commit
144e7a77
authored
Mar 10, 2019
by
Adam Liddell
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Update README for correct VXLAN port
parent
dc91c485
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
3 additions
and
3 deletions
+3
-3
README.md
README.md
+3
-3
No files found.
README.md
View file @
144e7a77
...
@@ -163,14 +163,14 @@ Open ports / Network security
...
@@ -163,14 +163,14 @@ Open ports / Network security
---------------------------
---------------------------
The server needs port 6443 to be accessible by the nodes. The nodes need to be able to reach
The server needs port 6443 to be accessible by the nodes. The nodes need to be able to reach
other nodes over UDP port
4789
. This is used for flannel VXLAN. If you don't use flannel
other nodes over UDP port
8472
. This is used for flannel VXLAN. If you don't use flannel
and provide your own custom CNI, then
4789
is not needed by k3s. The node should not listen
and provide your own custom CNI, then
8472
is not needed by k3s. The node should not listen
on any other port. k3s uses reverse tunneling such that the nodes make outbound connections
on any other port. k3s uses reverse tunneling such that the nodes make outbound connections
to the server and all kubelet traffic runs through that tunnel.
to the server and all kubelet traffic runs through that tunnel.
IMPORTANT. The VXLAN port on nodes should not be exposed to the world, it opens up your
IMPORTANT. The VXLAN port on nodes should not be exposed to the world, it opens up your
cluster network to accessed by anyone. Run your nodes behind a firewall/security group that
cluster network to accessed by anyone. Run your nodes behind a firewall/security group that
disables access to port
4789
.
disables access to port
8472
.
Server HA
Server HA
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment