Network configuration & Firewall

if your network configuration uses an firewall, you must ensure infrastructure components can communicate with each other through specific ports that act as communication endpoints for certain processes or services network prerequisites the following network prerequisites are necessary to ensure proper operation of the system operating system a compatible operating system must be installed on all nodes in the network please refer to the software requirements page ssh access secure shell (ssh) access must be enabled on all nodes in the network to allow for secure remote communication and management time synchronization (ntp) accurate time synchronization via network time protocol (ntp) must be established on all nodes in the network to prevent issues with time sensitive operations dns to prevent potential dns issues in the cluster, it is essential to ensure that the dns address in /etc/resolv conf is reachable firewall it is required to configure the correct ports to allow communication between infrastructure components if your network is protected by a firewall or security group you can either disable the firewall or adhere to the recommended setting instructions microsoft azure environment tested with the following security group services protocol action start port end port comment vxlan traffic udp allow 4789 calico ssh tcp allow 22 rpcbind tcp allow 111 use nfs nodeport tcp allow 30000 32767 metric server udp allow 8443 prometheus metric service master tcp allow 10250 10258 local registry tcp allow 5000 offline environment local apt tcp allow 5080 offline environment ipip ipencap / ipip allow calico needs to allow the ipip protocol https tcp allow 443 etcd tcp allow 2379 2380 dns tcp allow 53 dns udp allow 53 ceph monitor any allow 3300 ceph monitor udp allow 6789 ceph daemons any allow 6800 7300 calico tcp allow 9099 9100 calico tcp allow 5473 calico networking with typha enabled bgp tcp allow 179 apiserver tcp allow 6443 the kubecli tool allows for the simultaneous installation of both kubernetes and kubeark for versions of kubernetes starting from 1 18, it is necessary to install certain prerequisites prior to installation please refer to the following list to ensure that all necessary dependencies are installed on your node before proceeding with the installation socat required conntrack required ebtables optional but recommended ipset optional but recommended ipvsadm optional but recommended