![]() K3s supports different databases including MySQL, PostgreSQL, MariaDB, and etcd. You can do that by passing the -cluster-cidr option to K3s server upon starting. You should consider increasing the subnet size for the cluster CIDR so that you don't run out of IPs for the pods. On cloud providers, you will also want to use the minimum size that allows the maximum IOPS. To ensure optimal speed, we recommend always using SSD disks to back your K3s cluster. ![]() The cluster performance depends on database performance. The following are the minimum CPU and memory requirements for nodes in a high-availability K3s server: Deployment Size The following options are recommended for the external database in production: When you set up your server, some ports are automatically opened to make your server work. The best practice is to start with all the ports closed and then only open the ones you need. Having extra ports open leaves your server vulnerable. For production and large clusters, we recommend using a high-availability setup with an external database. where in your network is your router SMB cannot be effectively opened to the outside world (the clients wouldn't work, its not a port-based networking issue, but the way the protocol functions). Its important to have the ports open that you need, but also to not leave extra ports open. Hardware requirements are based on the size of your K3s cluster. Typically, all outbound traffic is allowed.Īdditional changes to the firewall may be required depending on the OS used. Required only for Flannel Wireguard with IPv6 Required only for Flannel Wireguard with IPv4 Inbound Rules for K3s Server Nodes Protocol Therefore, as documented in the Kubernetes docs, please set a restricted profile that disables NET_RAW on non-trustable pods. Open the port to enable communication from your computers to the SolarWinds Platform Web Console. World Wide Web Publishing Service: Inbound: Default Additional polling engine port. Rogue pods with NET_RAW capabilities can abuse that L2 network to launch attacks such as ARP spoofing. Port Protocol Service/Process Direction Description 80. If you plan on achieving high availability with embedded etcd, server nodes must be accessible to each other on ports 23.įlannel relies on the Bridge CNI plugin to create a L2 network that switches traffic. If you wish to utilize the metrics server, all nodes must be accessible to each other on port 10250. However, if you do not use Flannel and provide your own custom CNI, then the ports needed by Flannel are not needed by K3s. K3s uses reverse tunneling such that the nodes make outbound connections to the server and all kubelet traffic runs through that tunnel. The node should not listen on any other port. The nodes need to be able to reach other nodes over UDP port 8472 when using the Flannel VXLAN backend, or over UDP port 51820 (and 51821 if IPv6 is used) when using the Flannel WireGuard backend. The K3s server needs port 6443 to be accessible by all nodes. Disk performance will vary on ARM devices utilizing an SD card or eMMC. To ensure optimal speed, we recommend using an SSD when possible. K3s performance depends on the performance of the database. etcd is write intensive, and SD cards cannot handle the IO load. If deploying K3s with embedded etcd on a Raspberry Pi, it is recommended that you use an external SSD.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |