Default ports

List of default ports that must be available for installation and configuration of an IBM® Cloud Private cluster.

You open the ports before you start installing IBM Cloud Private, and the installer confirms that they are open.

Port access types

Important: IBM Cloud Private supports an optional management node. If your cluster does not include a management node, the components that load on the management node load on the master node instead. You must open the Management ports on the master node.

Table 1. Default ports
Component Default Ports Node Installation mode Access Type
Authentication manager
  • 8101
Master HA and non-HA Internal
Calico
  • 179
  • 9099
  • Master
  • Worker
  • Proxy
  • Management (if used)
HA and non-HA Internal
Docker registry
  • 8500
Master HA and non-HA Internal and External
etcd
  • 2380
  • 4001
Master HA and non-HA Internal
GlusterFS
  • 24007
  • 24008
  • 2222
  • 49152:49251
  • Master
  • Worker nodes used for GlusterFS
HA and non-HA Internal
Heapster
  • 8082
  • 8084
Master HA and non-HA Internal
Helm
  • 31031
  • 31030
Master HA and non-HA Internal
Image manager
  • 8600
Master HA and non-HA Internal
Ingress service
  • 80
  • 443
  • 8181
  • 18080
  • Master
  • Proxy
HA and non-HA Internal and External
Kubernetes
  • 10248 - 10252
  • kube_apiserver_port (8001)
  • kube_apiserver_insecure_port (8888)
  • Master
  • Worker
  • Proxy

Note: kube_apiserver_port and kube_apiserver_insecure_port need to be available on the master node only.

HA and non-HA Internal
Kubernetes 30000 - 32767
  • Master
  • Worker
  • Proxy
HA and non-HA External
management console
  • 8080
  • 8443
Master HA and non-HA Internal and External
mariaDB
  • 3306
Master HA and non-HA Internal
  • mariaDB
  • Galera
  • 4567
  • 4568
  • 4444
Master HA Internal
platform-api
  • 6969
Master HA and non-HA Internal
platform-auth-service 3100 TCP Master HA and non-HA Internal
platform-deploy
  • 4242
Master HA and non-HA Internal
Rescheduler
  • 9235
Master HA and non-HA Internal
strongSwan IPsec
  • 500 - UDP and TCP
  • 4500 - UDP
  • Master
  • Worker
  • Proxy
  • Management (if used)
HA and non-HA Internal
Tiller network policy
  • 44134 TCP
Cluster HA and non-HA Internal and External
WebSphere® Application Server Liberty profile
  • 9443
Master HA and non-HA External