Skip to content

Kubernetes Firewall

Setting up the Firewall Rules

Check the official docs

check here

According to Oracle

Make sure that all required ports are open. The ports required for a Kubernetes deployment are:

  • 2379/tcp: Kubernetes etcd server client API (on master nodes in multi-master deployments)

  • 2380/tcp: Kubernetes etcd server client API (on master nodes in multi-master deployments)

  • 6443/tcp: Kubernetes API server (master nodes)

  • 8090/tcp: Platform Agent (master and worker nodes)

  • 8091/tcp: Platform API Server (operator node)

  • 8472/udp: Flannel overlay network, VxLAN backend (master and worker nodes)

  • 10250/tcp: Kubernetes kubelet API server (master and worker nodes)

  • 10251/tcp: Kubernetes kube-scheduler (on master nodes in multi-master deployments)

  • 10252/tcp: Kubernetes kube-controller-manager (on master nodes in multi-master deployments)

  • 10255/tcp: Kubernetes kubelet API server for read-only access with no authentication (master and worker nodes)

The commands to open the ports and to set up the firewall rules are provided below.

Single Master Firewall Rules

For a single master deployment, the following ports are required to be open in the firewall.

Operator Node

open 8091/tcp

Worker Nodes

On the Kubernetes worker nodes

8090/tcp

10250/tcp

10255/tcp

8472/udp

6443/tcp

On the Kubernetes master nodes