This article provides information regarding network ports that are used for different internal services of the Kasten K10 application
The following information of K10 services and network ports associated with them will help with port mapping and rules in a firewall VM environment or service mesh configuration
Service |
Inbound |
Outbound |
aggregatedapis-svc |
443 |
10250 |
auth-svc |
8000 |
8000 |
catalog-svc |
8000 |
8000 |
controllermanager-svc |
8000,18000 |
8000,18000 |
crypto-svc |
8000 |
8000 |
bloblifecyclemanager-svc (co-located in crypto-svc pod) |
8001 |
8001 |
events-svc (co-located in crypto-svc pod) |
8002 |
8002 |
garbagecollector-svc (co-located in crypto-svc pod) |
8003 |
8003 |
dashboardbff-svc |
8000 |
8000 |
dex |
8000 |
8000, 636 (secure LDAP), 389 (insecure LDAP) |
executor-svc |
8000 |
8000 |
frontend-svc |
8000 |
8000 |
gateway |
8000 |
8000 |
gateway-admin |
8877 |
8877 |
gateway-ext |
80 |
8000 |
jobs-svc |
8000 |
8000 |
kanister-svc |
8000 |
8000 |
logging-svc |
8000,24224,24225 |
24225, 24224, 8000 |
metering-svc |
8000 |
8000 |
prometheus-server |
80 |
9090 |
prometheus-server-exp |
80 |
9090 |
k10-grafana |
80 |
80 |
state-svc |
8000 |
8000 |
admin-svc (co-located in state-svc pod) |
8001 |
8001 |
K10 Multi-cluster | 6443 | * |
The following ports should be additionally allowed for k10 instances integrated with Veeam Backup and Replication product.
Service |
Inbound |
Outbound |
vbrintegrationapi-svc |
8001 |
8000 |
datamover (is not a service but run in a pod on demand for upload (VBR backup), download (VBR restore) and retirement (VBR deletion) operations) |
10006 (vmb api port)* 2500 - 3300 (vmb agent port)* 51515 |
|
|
9419 (VBR RestAPI port)* 8000 |
*default values; can be changed by VBR users.
TKGs needs port 902 to be enabled between worker nodes and ESX Hosts for a successful export
Source |
Destination |
Port |
Worker Nodes |
ESX Hosts |
902 |