Getting Started
Prerequisites

Network configuration & Firewall

3min

If your network configuration uses an firewall, you must ensure infrastructure components can communicate with each other through specific ports that act as communication endpoints for certain processes or services

Network Prerequisites

The following network prerequisites are necessary to ensure proper operation of the system:

  1. Operating System: A compatible operating system must be installed on all nodes in the network. Please refer to the Software requirements page
  2. SSH Access: Secure Shell (SSH) access must be enabled on all nodes in the network to allow for secure remote communication and management.
  3. Time Synchronization (NTP): Accurate time synchronization via Network Time Protocol (NTP) must be established on all nodes in the network to prevent issues with time-sensitive operations.
  4. DNS: To prevent potential DNS issues in the cluster, it is essential to ensure that the DNS address in /etc/resolv.conf is reachable.
  5. Firewall: It is required to configure the correct ports to allow communication between infrastructure components if your network is protected by a Firewall or Security Group. You can either disable the firewall or adhere to the recommended setting instructions.
  6. Microsoft Azure environment tested with the following security-group :

Services

Protocol

Action

Start Port

End Port

Comment

VXLAN traffic

UDP

allow

4789



calico

ssh

TCP

allow

22





rpcbind

TCP

allow

111



use NFS

nodeport

TCP

allow

30000

32767



metric server

UDP

allow

8443



prometheus metric service

master

TCP

allow

10250

10258



local-registry

TCP

allow

5000



offline environment

local-apt

TCP

allow

5080



offline environment

ipip

IPENCAP / IPIP

allow





calico needs to allow the ipip protocol

https

TCP

allow

443





etcd

TCP

allow

2379

2380



dns

TCP

allow

53





dns

UDP

allow

53





ceph monitor

Any

allow

3300





ceph monitor

UDP

allow

6789





ceph daemons

Any

allow

6800

7300



calico

TCP

allow

9099

9100



calico

TCP

allow

5473



calico networking with Typha enabled 

bgp

TCP

allow

179





apiserver

TCP

allow

6443





The KubeCLI tool allows for the simultaneous installation of both Kubernetes and Kubeark. For versions of Kubernetes starting from 1.18, it is necessary to install certain prerequisites prior to installation. Please refer to the following list to ensure that all necessary dependencies are installed on your node before proceeding with the installation.

socat

required

conntrack

required

ebtables

Optional but recommended

ipset

Optional but recommended

ipvsadm

Optional but recommended