Networking
Networking Requirements
K3s Cluster Networking
The following table describes the required ports which must be open between the various nodes in the Kubernetes cluster. In this table “Servers” represents the primary node(s) in the cluster, and “Agents” represents any additional worker nodes which have joined the cluster. For more information see the Official K3s Networking Documentation.
| Protocol | Port | Source | Destination | Description |
|---|---|---|---|---|
| TCP | 2379-2380 | Servers | Servers | Required only for HA with embedded etcd |
| TCP | 6443 | Agents | Servers | K3s supervisor and Kubernetes API Server |
| UDP | 8472 | All nodes | All nodes | Required only for Flannel VXLAN |
| TCP | 10250 | All nodes | All nodes | Kubelet metrics |
| UDP | 51820 | All nodes | All nodes | Required only for Flannel Wireguard with IPv4 |
| UDP | 51821 | All nodes | All nodes | Required only for Flannel Wireguard with IPv6 |
| TCP | 5001 | All nodes | All nodes | Required only for embedded distributed registry (Spegel) |
| TCP | 6443 | All nodes | All nodes | Shared with Kubernetes API Server; used for embedded distributed registry (Spegel) |
Note: Port 6443 is used for both the Kubernetes API Server and the embedded distributed registry (Spegel). Ensure that your network configuration accounts for this dual use to avoid conflicts.