Networking

Networking Requirements

K3s Cluster Networking

The following table describes the required ports which must be open between the various nodes in the Kubernetes cluster. In this table “Servers” represents the primary node(s) in the cluster, and “Agents” represents any additional worker nodes which have joined the cluster. For more information see the Official K3s Networking Documentation.

ProtocolPortSourceDestinationDescription
TCP2379-2380ServersServersRequired only for HA with embedded etcd
TCP6443AgentsServersK3s supervisor and Kubernetes API Server
UDP8472All nodesAll nodesRequired only for Flannel VXLAN
TCP10250All nodesAll nodesKubelet metrics
UDP51820All nodesAll nodesRequired only for Flannel Wireguard with IPv4
UDP51821All nodesAll nodesRequired only for Flannel Wireguard with IPv6
TCP5001All nodesAll nodesRequired only for embedded distributed registry (Spegel)
TCP6443All nodesAll nodesShared with Kubernetes API Server; used for embedded distributed registry (Spegel)

Note: Port 6443 is used for both the Kubernetes API Server and the embedded distributed registry (Spegel). Ensure that your network configuration accounts for this dual use to avoid conflicts.