Communication Matrix
Kubernetes Related Communication Matrix
| Source Device | Source IP | Source Port | Destination Device | Destination IP | Destination Port (Listening) | Protocol | Port Description | Listening Port Changeable | Authentication Method | Encryption Method | Belonging Plane | Version | Belonging Service/Microservice | Remarks |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ALL | ALL | ALL | openFuyao server | Cluster IP | 6443 | TCP | Used for third-party systems to obtain aggregation service capabilities provided by openFuyao through this port, is kube-apiserver listening port, this port is SSL encrypted port. | Yes | Token authentication and one-way certificate authentication | TLS1.3(default)/TLS1.2 | Management plane | - | kube-apiserver | - |
| ALL | ALL | ALL | openFuyao server | Cluster IP | 443 | TCP | Used for third-party systems to obtain aggregation service capabilities provided by openFuyao through this port, is kube-apiserver listening port, this port is SSL encrypted port. | No | Token authentication or one-way certificate authentication | TLS1.3(default)/TLS1.2 | Management plane | - | kube-apiserver | - |
| ALL | ALL | ALL | openFuyao server | Loopback address | 10257 | TCP | Used to access kube-controller-manager HTTPS service, is kube-controller-manager listening port, this port is SSL encrypted port. | Yes | Two-way certificate authentication | TLS1.3(default)/TLS1.2 | Management plane | - | kube-controller-manager | - |
| ALL | ALL | ALL | openFuyao server | Loopback address | 10259 | TCP | Used to access kube-scheduler HTTPS service, is kube-scheduler listening port, this port is SSL encrypted port. | Yes | Two-way certificate authentication | TLS1.3(default)/TLS1.2 | Management plane | - | kube-scheduler | - |
| ALL | ALL | ALL | openFuyao server | Cluster IP | 53 | TCP/UDP | Used for service domain name resolution, is coredns listening port, only used for domain name resolution. | No | None, adopts TCP standard protocol | None | Management plane | - | coredns | - |
| ALL | ALL | ALL | openFuyao server | Cluster IP | 9153 | TCP | Used to collect coredns monitoring metrics. | Yes | None, adopts TCP standard protocol | TLS1.3(default)/TLS1.2 | Management plane | - | coredns | - |
| ALL | ALL | ALL | openFuyao server | Cluster IP | 8080 | TCP | Used to check coredns health status. | Yes | None, adopts TCP standard protocol | TLS1.3(default)/TLS1.2 | Management plane | - | coredns | - |
| ALL | ALL | ALL | openFuyao server | Cluster IP | 2379 | TCP | etcd provides service through this port, this port is SSL encrypted port. | Yes | Two-way certificate authentication | TLS1.3(default)/TLS1.2 | Management plane | - | etcd | - |
| ALL | ALL | ALL | openFuyao server | Cluster IP | 2380 | TCP | Used for communication between etcd cluster members, this port is SSL encrypted port. | Yes | Two-way certificate authentication | TLS1.3(default)/TLS1.2 | Management plane | - | etcd | - |
| ALL | ALL | ALL | openFuyao server | Cluster IP | 2381 | TCP | Used to collect monitoring metrics provided by etcd cluster externally. | Yes | None, adopts TCP standard protocol | TLS1.3(default)/TLS1.2 | Management plane | - | etcd | - |
| ALL | ALL | ALL | openFuyao server | Loopback address | 9099 | HTTP | Used to provide service liveness status check function. | Yes | None, adopts TCP standard protocol | None | Management plane and business plane | - | calico-node | - |
| ALL | ALL | ALL | openFuyao server | Cluster IP | 179 | TCP | calico component bird BGP protocol listening port, used for synchronizing routing between nodes. | Yes | Token authentication | None | Management plane and business plane | - | calico-node | - |
| ALL | ALL | ALL | openFuyao server | Loopback address | 10248 | TCP | Used to check kubelet health status. | Yes | None, adopts TCP standard protocol | None | Management plane and business plane | - | kubelet | - |
| ALL | ALL | ALL | openFuyao server | Cluster IP | 10250 | TCP | Used to communicate with kube-apiserver, this port is SSL encrypted port. | Yes | Token authentication and certificate authentication | TLS1.3(default)/TLS1.2 | Management plane and business plane | - | kubelet | - |
| ALL | ALL | ALL | openFuyao server | Loopback address | 10249 | TCP | Used to collect monitoring metrics. | Yes | None, adopts TCP standard protocol | None | Management plane and business plane | - | kube-proxy | - |
| ALL | ALL | ALL | openFuyao server | Loopback address | 10256 | TCP | Used for health status check. | Yes | None, adopts TCP standard protocol | None | Management plane and business plane | - | kube-proxy | - |
Note:
For Kubernetes official documentation, please refer to Ports and Protocols.
openFuyao Application Component Related Communication Matrix
| Source Device | Source IP | Source Port | Destination Device | Destination IP | Destination Port (Listening) | Protocol | Port Description | Listening Port Changeable | Authentication Method | Encryption Method | Belonging Plane | Version | Belonging Service/Microservice | Remarks |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ALL | ALL | ALL | openFuyao server | PodIP | 443 | TCP | ingress-nginx-controller service port | No | Username and password authentication | TLS1.3(default)/TLS1.2 | Business plane | - | ingress-nginx-controller | - |
| ALL | ALL | ALL | openFuyao server | Cluster IP | 443 | TCP | ingress-nginx-controller service port | No | Username and password authentication | TLS1.3(default)/TLS1.2 | Business plane | - | ingress-nginx-controller | - |
| ALL | ALL | ALL | openFuyao server | IngressIP | 30010 | TCP | Import node management interface external access port | No | Username and password authentication | TLS1.3(default)/TLS1.2 | Business plane | - | ingress-nginx-controller | - |
| ALL | ALL | ALL | openFuyao server | IngressIP | 31616 | TCP | Business cluster & management cluster management interface external access port | No | Username and password authentication | TLS1.3(default)/TLS1.2 | Business plane | - | ingress-nginx-controller | - |
| ALL | ALL | ALL | openFuyao server | Cluster IP | 9072 | TCP | web-terminal-service backend Pod access port | Yes | token authentication | TLS1.3(default)/TLS1.2 | Business plane | - | web-terminal-service | - |
| ALL | ALL | ALL | openFuyao server | PodIP | 9072 | TCP | web-terminal-service backend Service access port | Yes | token authentication | TLS1.3(default)/TLS1.2 | Business plane | - | web-terminal-service | - |
| ALL | ALL | ALL | openFuyao server | PodIP | 80 | TCP | monitoring-service backend Pod access port | Yes | None, adopts TCP standard protocol | None | Business plane | - | monitoring-service | - |
| ALL | ALL | ALL | openFuyao server | PodIP | 9096 | TCP | Internal authentication server Pod access port | Yes | Two-way certificate authentication | TLS1.3 | Business plane | - | oauth-server | - |
| ALL | ALL | ALL | openFuyao server | Cluster IP | 9096 | TCP | Internal authentication server Service access port | Yes | Two-way certificate authentication | TLS1.3 | Business plane | - | oauth-server | - |
| ALL | ALL | ALL | openFuyao server | PodIP | 9095 | TCP | Authentication webhook Pod access port | Yes | Two-way certificate authentication | TLS1.3 | Business plane | - | oauth-webhook | - |
| ALL | ALL | ALL | openFuyao server | Cluster IP | 9095 | TCP | Authentication webhook Service access port | Yes | Two-way certificate authentication | TLS1.3 | Business plane | - | oauth-webhook | - |
| ALL | ALL | ALL | openFuyao server | PodIP | 9175 | TCP | User management service Pod access port | Yes | None, adopts TCP standard protocol | None | Business plane | - | user-management-operator | - |
| ALL | ALL | ALL | openFuyao server | Cluster IP | 80 | TCP | User management service Service access port | Yes | None, adopts TCP standard protocol | None | Business plane | - | user-management-operator | - |
| ALL | ALL | ALL | openFuyao server | PodIP | 9093 | TCP | Application management service backend Pod access port | Yes | None, adopts TCP standard protocol | None | Business plane | - | application-management-service | - |
| ALL | ALL | ALL | openFuyao server | Cluster IP | 80 | TCP | Application management service backend Service access port | Yes | None, adopts TCP standard protocol | None | Business plane | - | application-management-service | - |
| ALL | ALL | ALL | openFuyao server | PodIP | 9093 | TCP | Application marketplace service backend Pod access port | Yes | None, adopts TCP standard protocol | None | Business plane | - | marketplace-service | - |
| ALL | ALL | ALL | openFuyao server | Cluster IP | 80 | TCP | Application marketplace service backend Service access port | Yes | None, adopts TCP standard protocol | None | Business plane | - | marketplace-service | - |
| ALL | ALL | ALL | Import node | PodIP | 8080 | TCP | Cluster lifecycle management frontend Pod access port | Yes | None, adopts TCP standard protocol | None | Management plane | - | installer-website | - |
| ALL | ALL | ALL | Import node | Cluster IP | 80 | TCP | Cluster lifecycle management frontend Service access port | Yes | None, adopts TCP standard protocol | None | Management plane | - | installer-website | - |
| ALL | ALL | ALL | Import node | PodIP | 9210 | TCP | Cluster lifecycle management backend Pod access port | Yes | None, adopts TCP standard protocol | None | Management plane | - | installer-service | - |
| ALL | ALL | ALL | Import node | Cluster IP | 80 | TCP | Cluster lifecycle management backend Service access port | Yes | None, adopts TCP standard protocol | None | Management plane | - | installer-service | - |
| ALL | ALL | ALL | Import node | PodIP | 8080 | TCP | Import node external provided console frontend Pod access port | Yes | None, adopts TCP standard protocol | None | Business plane | - | bke-console-website | - |
| ALL | ALL | ALL | Import node | Cluster IP | 80 | TCP | Import node external provided console frontend Service access port | Yes | None, adopts TCP standard protocol | None | Business plane | - | bke-console-website | - |
| ALL | ALL | ALL | Import node | PodIP | 9037 | TCP | Import node external provided console backend Pod access port | Yes | None, adopts TCP standard protocol | None | Business plane | - | bke-console-website | - |
| ALL | ALL | ALL | Import node | Cluster IP | 80 | TCP | Import node external provided console backend Service access port | Yes | None, adopts TCP standard protocol | None | Business plane | - | bke-console-website | - |
| ALL | ALL | ALL | openFuyao server | PodIP | 9093 | TCP | Extension component management backend Pod access port | Yes | None, adopts TCP standard protocol | None | Business plane | - | plugin-management-service | - |
| ALL | ALL | ALL | openFuyao server | Cluster IP | 80 | TCP | Extension component management backend Service access port | Yes | None, adopts TCP standard protocol | None | Business plane | - | plugin-management-service | - |
| ALL | ALL | ALL | openFuyao server | Cluster IP | 9100 | TCP | Node Exporter Service access port | Yes | None, adopts TCP standard protocol | None | Business plane | - | node-exporter | - |
| ALL | ALL | ALL | Import node | Container IP | 2049 | TCP | Import node external provided nfsserver mount service port | No | None, adopts TCP standard protocol | None | Business plane | - | bocloud_nfs_registry | - |
| ALL | ALL | ALL | Import node | Container IP | 36443 | HTTPS | Import node external K8s API port | No | Token authentication and one-way certificate authentication | TLS1.3(default)/TLS1.2 | Business plane | - | kubernetes | - |
| ALL | ALL | ALL | Import node | Container IP | 38080 | HTTP | Import node external provided charts service port | No | None, adopts TCP standard protocol | None | Business plane | - | bocloud_chart_registry | - |
| ALL | ALL | ALL | Import node | Container IP | 40080 | HTTP | Import node external provided yum source service port | No | None, adopts TCP standard protocol | None | Business plane | - | bocloud_yum_registry | - |
| ALL | ALL | ALL | Import node | Container IP | 40443 | HTTPS | Import node external provided image source service port | No | One-way certificate authentication | TLS1.3(default)/TLS1.2 | Business plane | - | bocloud_image_registry | - |
| ALL | ALL | ALL | openFuyao server | Cluster IP | 8443 | HTTPS | Health check probe port | Yes | One-way certificate authentication | TLS1.3(default)/TLS1.2 | Business plane | - | bbkeagent-deployer | - |
| ALL | ALL | ALL | openFuyao server | Loopback address | 58080 | HTTP | System service listening port | Yes | None, adopts TCP standard protocol w | None | Business plane | - | bkeagent | - |
For communication port information of components installed through application marketplace, please understand from relevant component provider.
Licensed under the MulanPSL2
Copyright © 2026 openFuyao. All rights reserved.ICP Record Number: YueA2-20044005-306
YueGongWangAnBei No.44030002007300
YueGongWangAnBei No.44030002007300Licensed underthe MulanPSL2
Copyright © 2026 openFuyao. All rights reserved.