Mirror/k3s
1
0
Fork 0
mirror of https://github.com/k3s-io/k3s.git synced 2024-06-07 19:41:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #209 from aaliddell/master

Browse Source 
Update README for correct VXLAN port
This commit is contained in:
Darren Shepherd 2019-03-17 13:13:25 -07:00 committed by GitHub
commit 697c6e1580
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -163,14 +163,14 @@ Open ports / Network security
--------------------------- ---------------------------
The server needs port 6443 to be accessible by the nodes. The nodes need to be able to reach The server needs port 6443 to be accessible by the nodes. The nodes need to be able to reach
other nodes over UDP port 4789. This is used for flannel VXLAN. If you don't use flannel other nodes over UDP port 8472. This is used for flannel VXLAN. If you don't use flannel
and provide your own custom CNI, then 4789 is not needed by k3s. The node should not listen and provide your own custom CNI, then 8472 is not needed by k3s. The node should not listen
on any other port. k3s uses reverse tunneling such that the nodes make outbound connections on any other port. k3s uses reverse tunneling such that the nodes make outbound connections
to the server and all kubelet traffic runs through that tunnel. to the server and all kubelet traffic runs through that tunnel.
IMPORTANT. The VXLAN port on nodes should not be exposed to the world, it opens up your IMPORTANT. The VXLAN port on nodes should not be exposed to the world, it opens up your
cluster network to accessed by anyone. Run your nodes behind a firewall/security group that cluster network to accessed by anyone. Run your nodes behind a firewall/security group that
disables access to port 4789. disables access to port 8472.
Server HA Server HA