firewall_k8s.txt

gistfile1.txt

https://github.com/canonical/microk8s/issues/1546

sudo firewall-cmd --permanent --add-port=6443/tcp			# Kube API server
sudo firewall-cmd --permanent --add-port=2379-2380/tcp		# etcd
sudo firewall-cmd --permanent --add-port=10250/tcp			# kubelet
sudo firewall-cmd --permanent --add-port=10251/tcp			# kube-scheduler
sudo firewall-cmd --permanent --add-port=10252/tcp			# kube-controller-manager
sudo firewall-cmd --permanent --add-port=10255/tcp
sudo firewall-cmd --permanent --add-port=25000/tcp			# microk8s cluster
sudo firewall-cmd --permanent --add-port=19001/tcp
sudo firewall-cmd --permanent --add-port=4789/udp			# Calico with VXLAN 
sudo firewall-cmd --permanent --add-port=5473/tcp			# Calico with Typha
sudo firewall-cmd --permanent --add-port={8285,8472}/udp	# Flannel
sudo firewall-cmd --zone=trusted --add-interface=vxlan.calico --permanent
sudo firewall-cmd --permanent --add-port=30000-32767/tcp	# NodePorts on control plane IP
sudo firewall-cmd --reload

Calico:
firewall-cmd --permanent --add-port=6443/tcp --add-port=2379-2380/tcp --add-port=5473/tcp --add-port=10250-10252/tcp --add-port=10255/tcp --add-port=30000-32767/tcp --add-port=4789/udp
firewall-cmd --permanent --zone=trusted --add-interface=vxlan.calico
firewall-cmd --reload

Flannel:
firewall-cmd --permanent --add-port=6443/tcp --add-port=2379-2380/tcp --add-port=10250-10252/tcp --add-port=10255/tcp --add-port=30000-32767/tcp --add-port={8285,8472}/udp
firewall-cmd --permanent --zone=trusted --add-source=10.244.0.0/16
firewall-cmd --reload