Getting Started
Prerequisites

Network configuration & Firewall

3min

If your network configuration uses an firewall, you must ensure infrastructure components can communicate with each other through specific ports that act as communication endpoints for certain processes or services

Network Prerequisites

The following network prerequisites are necessary to ensure proper operation of the system:

  1. Operating System: A compatible operating system must be installed on all nodes in the network. Please refer to theΒ Software requirementsΒ page
  2. SSH Access: Secure Shell (SSH) access must be enabled on all nodes in the network to allow for secure remote communication and management.
  3. Time Synchronization (NTP): Accurate time synchronization via Network Time Protocol (NTP) must be established on all nodes in the network to prevent issues with time-sensitive operations.
  4. DNS: To prevent potential DNS issues in the cluster, it is essential to ensure that the DNS address in /etc/resolv.conf is reachable.
  5. Firewall: It is required to configure the correct ports to allow communication between infrastructure components if your network is protected by a Firewall or Security Group. You can either disable the firewall or adhere to the recommended setting instructions.
  6. Microsoft Azure environment tested with the following security-group :

Services

Protocol

Action

Start Port

End Port

Comment

VXLAN traffic

UDP

allow

4789

ο»Ώ

calico

ssh

TCP

allow

22

ο»Ώ

ο»Ώ

rpcbind

TCP

allow

111

ο»Ώ

use NFS

nodeport

TCP

allow

30000

32767

ο»Ώ

metric server

UDP

allow

8443

ο»Ώ

prometheus metric service

master

TCP

allow

10250

10258

ο»Ώ

local-registry

TCP

allow

5000

ο»Ώ

offline environment

local-apt

TCP

allow

5080

ο»Ώ

offline environment

ipip

IPENCAP / IPIP

allow

ο»Ώ

ο»Ώ

calico needs to allow the ipip protocol

https

TCP

allow

443

ο»Ώ

ο»Ώ

etcd

TCP

allow

2379

2380

ο»Ώ

dns

TCP

allow

53

ο»Ώ

ο»Ώ

dns

UDP

allow

53

ο»Ώ

ο»Ώ

ceph monitor

Any

allow

3300

ο»Ώ

ο»Ώ

ceph monitor

UDP

allow

6789

ο»Ώ

ο»Ώ

ceph daemons

Any

allow

6800

7300

ο»Ώ

calico

TCP

allow

9099

9100

ο»Ώ

calico

TCP

allow

5473

ο»Ώ

calico networking with Typha enabledΒ 

bgp

TCP

allow

179

ο»Ώ

ο»Ώ

apiserver

TCP

allow

6443

ο»Ώ

ο»Ώ

The KubeCLI tool allows for the simultaneous installation of both Kubernetes and Kubeark. For versions of Kubernetes starting from 1.18, it is necessary to install certain prerequisites prior to installation. Please refer to the following list to ensure that all necessary dependencies are installed on your node before proceeding with the installation.

socat

required

conntrack

required

ebtables

Optional but recommended

ipset

Optional but recommended

ipvsadm

Optional but recommended