Port Requirements

KubeSphere requires certain ports for the communications among services. If your network is configured with firewall rules, you need to ensure infrastructure components can communicate with each other through specific ports that act as communication endpoints for certain processes or services.

ServiceProtocolActionStart PortEnd PortNotes
sshTCPallow22
etcdTCPallow23792380
apiserverTCPallow6443
calicoTCPallow90999100
bgpTCPallow179
nodeportTCPallow3000032767
masterTCPallow1025010258
dnsTCPallow53
dnsUDPallow53
local-registryTCPallow5000For offline environment
local-aptTCPallow5080For offline environment
rpcbindTCPallow111Required if NFS is used
ipipIPENCAP / IPIPallowCalico needs to allow the ipip protocol

Note

When you use the Calico network plugin and run your cluster in a classic network on cloud, you need to enable both IPENCAP and IPIP protocol for the source IP.