Networking
Required Services
meltcloud is designed to be integrated in existing enterprise networks.
To benefit from automation and flexibility, meltcloud relies on externally provided network configuration to configure the machines.
- DHCP: provides IP addresses, routes and name servers for all interfaces
- DNS: resolve the meltcloud destinations (see matrix below)
- NTP: synchronize time of machines/workers
- TFTP or HTTPBoot: a TFTP server can be used to distribute iPXE Boot Artifacts for legacy PCBIOS images
- HTTPBoot: a HTTP server can be used to distribute iPXE Boot Artifacts for newer, uefi-based servers
Machines must be able to connect to the meltcloud platform and its designated Kubernetes API endpoint, as listed below:
Port Matrix
INFO
Be aware that all connections using TLS are based on X509 client certificates which cannot be intercepted by an HTTP proxy.
| Source | Destination | Destination meltcloud.io | Ports/Protocols | Reason |
|---|---|---|---|---|
| Machine | DHCP-Server | - | DHCP | To assign network config |
| Machine | TFTP or HTTPBoot-Server | - | 69/udp (TFTP) or 80/tcp (HTTP) | Optional: To boot from TFTP/HTTPBoot if not booting from .iso |
| Machine | DNS-Server | - | 53/tcp/udp (DNS) | To resolve endpoints below |
| Machine | NTP-Server | - | 123/udp (NTP) | To synchronize time |
| Machine | meltcloud Foundry | *.meltcloud.io (34.65.208.75) | 443/tcp (TLS) & 80/tcp (crosscert mirror) | To load iPXE Boot Script and Ignition, Melt-Agent communication |
| Machine | meltcloud Package Repository | dl.meltcloud.io (various IPs, on a CDN) | 443/tcp (TLS) | To download Flatcar Linux & packages |
| Machine | meltcloud Kubernetes API Server Endpoint | 34.65.48.39 | different port per cluster, see Console (TLS) | For Kubeadm/Kubelet to reach Kubernetes API servers |