This page lists the TCP and UDP ports that the GKE on AWS control plane and node pools use and their purpose.
Control plane ports
| TCP or UDP | Port | Component or process | Description |
|---|---|---|---|
|
TCP
|
22 | sshd | SSH server |
|
TCP
|
53 | systemd-resolve | DNS stub listener |
|
UDP
|
53 | systemd-resolve | DNS stub listener |
|
UDP
|
68 | systemd-network | DHCP client |
|
TCP
|
10250 | kubelet | port |
|
TCP
|
10255 | kubelet | readOnlyPort |
|
TCP
|
10248 | kubelet | healthzPort |
|
TCP
|
10251 | kube-scheduler | |
|
TCP
|
10252 | kube-scheduler | |
|
TCP
|
10257 | kube-controller | --secure-port
|
|
TCP
|
10259 | kube-scheduler | --secure-port
|
|
TCP
|
8132 | proxy-server | Konnectivity server (agent connection) |
|
TCP
|
8133 | proxy-server | Konnectivity server (health) |
|
TCP
|
8134 | proxy-server | Konnectivity server (admin/metrics) |
|
TCP
|
11872 | healthchecker | Internal health checker for control plane |
|
TCP
|
2381 | etcd | server-to-server communication |
|
TCP
|
2380 | etcd | peer communication |
|
TCP
|
4002 | etcd | client requests |
|
TCP
|
2379 | etcd | client requests |
|
TCP
|
21362 | ais | |
|
TCP
|
29999 | ais | |
|
TCP
|
29997 | ais | |
|
TCP
|
443 | kube-apiserver | Kubernetes API server |
|
TCP
|
22012 | csi-attacher | |
|
TCP
|
22013 | csi-resizer | |
|
TCP
|
22014 | csi-snapshotter | |
|
TCP
|
22011 | csi-provisioner | |
|
TCP
|
23011 | snapshot-validation-webhook | |
|
TCP
|
8090 | aws-encryption-provider | |
|
TCP
|
29001 | gke-aws-controller-manager | |
|
TCP
|
8085 | cluster-autoscaler | Health check |
Node pool ports
| Port | Component or process | Description | |
|---|---|---|---|
|
TCP
|
22 | sshd | SSH server |
|
TCP
|
53 | systemd-resolve | DNS stub listener |
|
UDP
|
53 | systemd-resolve | DNS stub listener |
|
UDP
|
68 | systemd-network | DHCP client |
|
TCP
|
10250 | kubelet | port |
|
TCP
|
10255 | kubelet | readOnlyPort |
|
TCP
|
10248 | kubelet | healthzPort |
|
TCP
|
9890 | cilium | cilium-agent gops server |
|
TCP
|
9891 | cilium | operator gops server |
|
TCP
|
4240 | cilium | cluster health checks |
|
TCP
|
9876 | cilium | cilium-agent health status API |
|
TCP
|
9990 | cilium | Prometheus metrics |
|
TCP
|
9234 | cilium | / healthz |
|
TCP
|
6942 | cilium | operator Prometheus metrics |
|
UDP
|
6081 | cilium | cilium's Geneve tunneling |
