Mirror/k3s
1
0
Fork 0
mirror of https://github.com/k3s-io/k3s.git synced 2024-06-07 19:41:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update README for correct VXLAN port

Browse Source
This commit is contained in:
Adam Liddell 2019-03-10 19:55:51 +00:00
parent dc91c4850b
commit 144e7a77b4
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -163,14 +163,14 @@ Open ports / Network security
---------------------------
The server needs port 6443 to be accessible by the nodes. The nodes need to be able to reach
other nodes over UDP port 4789. This is used for flannel VXLAN. If you don't use flannel
and provide your own custom CNI, then 4789 is not needed by k3s. The node should not listen
other nodes over UDP port 8472. This is used for flannel VXLAN. If you don't use flannel
and provide your own custom CNI, then 8472 is not needed by k3s. The node should not listen
on any other port. k3s uses reverse tunneling such that the nodes make outbound connections
to the server and all kubelet traffic runs through that tunnel.
IMPORTANT. The VXLAN port on nodes should not be exposed to the world, it opens up your
cluster network to accessed by anyone. Run your nodes behind a firewall/security group that
disables access to port 4789.
disables access to port 8472.
Server HA